kern/51341: ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets

land at dnepr.net land at dnepr.net
Thu Apr 24 01:50:17 PDT 2003


>Number:         51341
>Category:       kern
>Synopsis:       ipfw rule 'deny icmp from any to any icmptype 5' matches fragmented icmp packets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 24 01:50:13 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     land at dnepr.net
>Release:        FreeBSD 4.7-RELEASE
>Organization:
>Environment:
System: FreeBSD 4.7-RELEASE i386

>Description:
	IPFW1 rule 'deny icmp from any to any icmptype 5' matches fragmented
	ICMP packets.

>How-To-Repeat:
	ipfw add 1 deny icmp from any to any icmptype 5
	Try to ping external host with big ICMP packets:
	ping -s 2000 host
	
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list