Date: Tue, 21 Jan 2003 01:43:54 +0100 From: "Simon L. Nielsen" <simon@nitro.dk> To: freebsd-ipfw@FreeBSD.ORG Subject: Sanity check in ipfw(8) Message-ID: <20030121004353.GF351@nitro.dk>
index | next in thread | raw e-mail
[-- Attachment #1 --] Hello I recently found a problem where ipfw2 would allow the user to create firewall rules that does not make sense like (notice udp and setup) : ipfw add allow udp from any to any setup I filed a PR (bin/47120) with a "fix" since I thought this was a trivial change to check in the ipfw userland program for protocol when specifying options like setup, icmpoptions and the likes. The fix is not correct since I did not notice that it is possible to use multiple protocols with or statements. Now for the point :-)... Is it interesting to have the extra sanity check in ipfw(8) ? If it is I will try to make a patch that actually works, but if it isn't there is not much reason to make a new patch... Btw. could a committer take a quick look at bin/46785 which is a trivial change to ipfw -h. -- Simon L. Nielsen [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LJfJ8kocFXgPTRwRAjiRAKDFQbHvu/JsBWpaYfnnFeByUN1hKgCdFkQe 1Ocyh0OoEpye9wC5u/frlhk= =W8z8 -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121004353.GF351>