From owner-freebsd-current Fri Jun 28 05:07:37 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA28970 for current-outgoing; Fri, 28 Jun 1996 05:07:37 -0700 (PDT) Received: from shogun.tdktca.com ([206.26.1.21]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA28965; Fri, 28 Jun 1996 05:07:34 -0700 (PDT) Received: from shogun.tdktca.com (daemon@localhost) by shogun.tdktca.com (8.7.2/8.7.2) with ESMTP id HAA06006; Fri, 28 Jun 1996 07:08:50 -0500 (CDT) Received: from orion.fa.tdktca.com ([163.49.131.130]) by shogun.tdktca.com (8.7.2/8.7.2) with SMTP id HAA06000; Fri, 28 Jun 1996 07:08:50 -0500 (CDT) Received: from orion (alex@localhost [127.0.0.1]) by orion.fa.tdktca.com (8.6.12/8.6.9) with SMTP id HAA12835; Fri, 28 Jun 1996 07:10:19 -0500 Message-ID: <31D3CBAB.136FEDE9@fa.tdktca.com> Date: Fri, 28 Jun 1996 07:10:19 -0500 From: Alex Nash Organization: TDK Factory Automation X-Mailer: Mozilla 2.0 (X11; I; Linux 1.2.13 i586) MIME-Version: 1.0 To: phk@freebsd.org CC: nate@mt.sri.com, current@freebsd.org Subject: Re: IPFW bugs? (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Yes, (I just talk(1)'ed Nate). The curent implentation doesn't complain > about "over-specified" rules. The portnumber isn't used with "all" as > protocol. > > ipfw and the kernel should both complain about such a rule being set. Agreed, I'll fix it tonight if nobody else beats me to it. I recently added another such check to the kernel: 1.42 Tue Jun 25 0:22:20 1996 by alex CVS Tags: HEAD Diffs to 1.41 Allow fragment checking to work with specific protocols. Reviewed by: phk Reject the addition of rules that will never match (for example, 1.2.3.4:255.255.255.0). User level utilities specify the policy by either masking the IP address for the user (as ipfw(8) does) or rejecting the entry with an error. In either case, the kernel should not modify chain entries to make them work. Alex