Date: Tue, 28 Jan 2003 16:01:38 -0200 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Oleg Baranov <ol@csa.ru> Cc: freebsd-current@FreeBSD.ORG Subject: Re: [5.0-RELEASE] uid option in ipfw Message-ID: <3E36C582.6050909@tcoip.com.br> In-Reply-To: <3E35D3E0.2080104@csa.ru> References: <3E35D3E0.2080104@csa.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Oleg Baranov wrote:
> It looks like firewall in 5.0-RELEASE doesn't respect uid option.
> I migrated from 4.7 where the following lines worked fine:
>
> allow tcp from me to any uid 500 setup
> allow udp from me to any uid 500 keep-state
>
> I couldn't get these lines working on 5.0 (packets don't match these
> rules).
> it's a little strange thing - the following lines DO work, but they
> match for ANY user on the system:
>
> allow tcp from me to any uid 0 setup
> allow udp from me to any uid 0 keep-state
>
> also the counters are updated in a mysterious way...
> it's a very confusing thing for me. can anyone help to solve the problem
> plz?
It might be a network order bug. ipfw2 had lots of these.
At any rate, do read the man page. 5.0's ipfw is different from 4.7's ipfw.
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
Sturgeon's Law:
90% of everything is crud.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E36C582.6050909>