Date: Thu, 24 Apr 2003 11:41:46 +0300 (EEST) From: land@dnepr.net To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/51341: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets Message-ID: <20030424084146.A51A7A8927@gx.dnepr.net> Resent-Message-ID: <200304240850.h3O8oFow016814@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 51341 >Category: kern >Synopsis: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Apr 24 01:50:13 PDT 2003 >Closed-Date: >Last-Modified: >Originator: land@dnepr.net >Release: FreeBSD 4.7-RELEASE >Organization: >Environment: System: FreeBSD 4.7-RELEASE i386 >Description: IPFW1 rule 'deny icmp from any to any icmptype 5' matches fragmented ICMP packets. >How-To-Repeat: ipfw add 1 deny icmp from any to any icmptype 5 Try to ping external host with big ICMP packets: ping -s 2000 host >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030424084146.A51A7A8927>