From owner-freebsd-current Wed Jan 29 3:55: 2 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D05737B401 for ; Wed, 29 Jan 2003 03:55:00 -0800 (PST) Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 24BC443F85 for ; Wed, 29 Jan 2003 03:54:59 -0800 (PST) (envelope-from maxim@macomnet.ru) Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14]) by relay1.macomnet.ru (8.11.6/8.11.6) with ESMTP id h0TBsuv10185969; Wed, 29 Jan 2003 14:54:56 +0300 (MSK) Date: Wed, 29 Jan 2003 14:54:56 +0300 (MSK) From: Maxim Konovalov To: Oleg Baranov Cc: freebsd-current@FreeBSD.ORG Subject: Re: [5.0-RELEASE] uid option in ipfw In-Reply-To: <3E35D3E0.2080104@csa.ru> Message-ID: <20030129145406.T63880@news1.macomnet.ru> References: <3E35D3E0.2080104@csa.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 03:50+0300, Jan 28, 2003, Oleg Baranov wrote: > It looks like firewall in 5.0-RELEASE doesn't respect uid option. > I migrated from 4.7 where the following lines worked fine: > > allow tcp from me to any uid 500 setup > allow udp from me to any uid 500 keep-state > > I couldn't get these lines working on 5.0 (packets don't match these rules). > it's a little strange thing - the following lines DO work, but they > match for ANY user on the system: > > allow tcp from me to any uid 0 setup > allow udp from me to any uid 0 keep-state > > also the counters are updated in a mysterious way... > it's a very confusing thing for me. can anyone help to solve the problem > plz? Please try a patch below. Index: sys/netinet/ip_fw2.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v retrieving revision 1.25 diff -u -r1.25 ip_fw2.c --- sys/netinet/ip_fw2.c 21 Jan 2003 08:56:03 -0000 1.25 +++ sys/netinet/ip_fw2.c 29 Jan 2003 11:50:32 -0000 @@ -1515,7 +1515,7 @@ #endif if (cmd->opcode == O_UID) { match = - socheckuid(pcb->inp_socket, + !socheckuid(pcb->inp_socket, (uid_t)((ipfw_insn_u32 *)cmd)->d[0]); } else { match = groupmember( %%% -- Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message