Date: Sun, 18 Mar 2018 03:00:50 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ipfw@FreeBSD.org Subject: [Bug 226688] [ipfw] rejects adding 255.255.255.255 to a table Message-ID: <bug-226688-7515-BzaFIVSaXc@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-226688-7515@https.bugs.freebsd.org/bugzilla/> References: <bug-226688-7515@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226688 --- Comment #4 from Rodney W. Grimes <rgrimes@FreeBSD.org> --- 255.255.255.255 is a special broadcast IP addresses used to broadcast on "this network". That is not applicable in this case though. BUT 255.255.255.255 should be a perfectly valid table entry for the reasons the submitter stated. If for some odd reason someone got this IP on the wire you would want ipfw to filter it out. As a workaround you could use 255.255.255.254/31, this is pretty safe as: 240.0.0.0/4 is "reserved". Which you could also use to block this, and if your trying to block bad addresses you should block 240/4 anyway. I am not sure how much effort it is worth trying to fix this. And now that I see: ${fwcmd} table ${BAD_ADDR_TBL} add 240.0.0.0/4 is already in /etc/rc.firewall which would include 255.255.255.255 this bug could be closed as "to hard to fix" -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226688-7515-BzaFIVSaXc>