Date: Fri, 29 Aug 2003 00:07:01 +0400 (MSD) From: Maxim Konovalov <maxim@macomnet.ru> To: Petri Helenius <pete@he.iki.fi> Cc: freebsd-net@freebsd.org Subject: Re: ipfw parsing bug Message-ID: <20030829000533.K65653@news1.macomnet.ru> In-Reply-To: <3F4E5FAF.2080705@he.iki.fi> References: <3F4E5FAF.2080705@he.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote:
>
> ipfw seems to have developed a bug lately on 5-CURRENT;
> # ipfw add 2042 allow tcp from 0.0.0.0/0 to me
> 42
> 02042 allow tcp from me to me dst-port 42
>
> It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked
> the notation is also widely used in networking gear for default route which
> is a "catch any" definition.
Known ipfw2 bug. Try this:
Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.38
diff -u -r1.38 ipfw2.c
--- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38
+++ ipfw2.c 28 Jul 2003 15:51:26 -0000
@@ -2046,7 +2046,7 @@
errx(EX_DATAERR, "not any never matches");
}
/* else do nothing and skip this entry */
- continue;
+ return;
}
/* A single IP can be stored in an optimized format */
if (d[1] == IP_MASK_ALL && av == NULL && len == 0) {
%%%
--
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030829000533.K65653>