Date: Thu, 04 Sep 1997 18:09:04 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: mickey@deadline.snafu.de (Andreas S. Wetzel) Cc: bugs@FreeBSD.ORG Subject: Re: Bug in IPFW code ? Message-ID: <5816.873389344@critter.freebsd.dk> In-Reply-To: Your message of "Thu, 04 Sep 1997 16:15:25 %2B0200." <m0x6cgv-000Br6C@deadline.snafu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <m0x6cgv-000Br6C@deadline.snafu.de>, Andreas S. Wetzel writes: >Hi! >--- > >Recently I discovered a strange problem with the IPFW code. I have the >following rule added with ipfw: > >230 Deny log udp from any to 194.121.229.32/28 111 via sl0 > >This rule should drop udp packets to the sunrpc port coming in via interface >sl0. But instead it seems to deny random udp traffic to my network: > >Sep 4 16:13:09 gw-deadnet : /kernel: ipfw: 230 Deny UDP 130.83.22.1:17993 194 >.121.229.34:17732 in via sl0 Fragment = 123 > >This packet was dropped, although it is not directed to the sunrpc port. > >Am I missing something, or is this definately a BUG? It's an IP-fragment, they have special security problems, and are denied, unless you allow them. RTFM/YTSL -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5816.873389344>