kern/51341: ipfw rule 'deny icmp from any to any icmptype 5'
matches fragmented icmp packets
land at dnepr.net
land at dnepr.net
Thu Apr 24 01:50:17 PDT 2003
>Number: 51341
>Category: kern
>Synopsis: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 24 01:50:13 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: land at dnepr.net
>Release: FreeBSD 4.7-RELEASE
>Organization:
>Environment:
System: FreeBSD 4.7-RELEASE i386
>Description:
IPFW1 rule 'deny icmp from any to any icmptype 5' matches fragmented
ICMP packets.
>How-To-Repeat:
ipfw add 1 deny icmp from any to any icmptype 5
Try to ping external host with big ICMP packets:
ping -s 2000 host
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list