Date: Wed, 29 Jan 2003 14:54:56 +0300 (MSK) From: Maxim Konovalov <maxim@macomnet.ru> To: Oleg Baranov <ol@csa.ru> Cc: freebsd-current@FreeBSD.ORG Subject: Re: [5.0-RELEASE] uid option in ipfw Message-ID: <20030129145406.T63880@news1.macomnet.ru> In-Reply-To: <3E35D3E0.2080104@csa.ru> References: <3E35D3E0.2080104@csa.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03:50+0300, Jan 28, 2003, Oleg Baranov wrote:
> It looks like firewall in 5.0-RELEASE doesn't respect uid option.
> I migrated from 4.7 where the following lines worked fine:
>
> allow tcp from me to any uid 500 setup
> allow udp from me to any uid 500 keep-state
>
> I couldn't get these lines working on 5.0 (packets don't match these rules).
> it's a little strange thing - the following lines DO work, but they
> match for ANY user on the system:
>
> allow tcp from me to any uid 0 setup
> allow udp from me to any uid 0 keep-state
>
> also the counters are updated in a mysterious way...
> it's a very confusing thing for me. can anyone help to solve the problem
> plz?
Please try a patch below.
Index: sys/netinet/ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.25
diff -u -r1.25 ip_fw2.c
--- sys/netinet/ip_fw2.c 21 Jan 2003 08:56:03 -0000 1.25
+++ sys/netinet/ip_fw2.c 29 Jan 2003 11:50:32 -0000
@@ -1515,7 +1515,7 @@
#endif
if (cmd->opcode == O_UID) {
match =
- socheckuid(pcb->inp_socket,
+ !socheckuid(pcb->inp_socket,
(uid_t)((ipfw_insn_u32 *)cmd)->d[0]);
} else {
match = groupmember(
%%%
--
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030129145406.T63880>