Date: Fri, 26 Mar 2004 20:10:10 -0800 (PST) From: Kris Kennaway <kris@obsecurity.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/64694: UID/GID matching in ipfw non-functional Message-ID: <200403270410.i2R4AAKA020756@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/64694; it has been noted by GNATS. From: Kris Kennaway <kris@obsecurity.org> To: Grant Millar <co0lkizz@btinternet.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/64694: UID/GID matching in ipfw non-functional Date: Fri, 26 Mar 2004 20:04:19 -0800 --98e8jtXdkpgskNou Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 25, 2004 at 02:39:44AM -0800, Grant Millar wrote: > >Description: > When adding the following rules uid matching on ipfw is totally=20 > ignored as we can see no packets are getting through on the ip with=20 > uid maching enabled, packets are allowed in but not out. >=20 > 00100 3 144 allow tcp from any to 66.X.X.2 > 00200 0 0 allow tcp from 66.X.X.2 to any uid root > 00300 3 132 deny tcp from 66.X.X.2 to any > 65535 28440 2522637 allow ip from any to any >=20 > Clearly you can see this is a substantial problem as now we cannot > restrict access to ip's which could cause problems, i've also tried to > solve this problem by upgrading to 5.2.1-RELEASE but had exactly the > same problem. You forgot to mention details of your network configuration, and how you are testing this. It's possible your expectations are wrong. Kris --98e8jtXdkpgskNou Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAZP1DWry0BWjoQKURAq2VAKDNy3oFG/daPf29fvsd74Xrqx0unwCg+hdb GKxi5zf1CYCHiDL+sA0sIi8= =icbO -----END PGP SIGNATURE----- --98e8jtXdkpgskNou--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403270410.i2R4AAKA020756>