misc/64694: UID/GID matching in ipfw non-functional
Kris Kennaway
kris at obsecurity.org
Fri Mar 26 20:10:10 PST 2004
The following reply was made to PR misc/64694; it has been noted by GNATS.
From: Kris Kennaway <kris at obsecurity.org>
To: Grant Millar <co0lkizz at btinternet.com>
Cc: freebsd-gnats-submit at FreeBSD.org
Subject: Re: misc/64694: UID/GID matching in ipfw non-functional
Date: Fri, 26 Mar 2004 20:04:19 -0800
--98e8jtXdkpgskNou
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 25, 2004 at 02:39:44AM -0800, Grant Millar wrote:
> >Description:
> When adding the following rules uid matching on ipfw is totally=20
> ignored as we can see no packets are getting through on the ip with=20
> uid maching enabled, packets are allowed in but not out.
>=20
> 00100 3 144 allow tcp from any to 66.X.X.2
> 00200 0 0 allow tcp from 66.X.X.2 to any uid root
> 00300 3 132 deny tcp from 66.X.X.2 to any
> 65535 28440 2522637 allow ip from any to any
>=20
> Clearly you can see this is a substantial problem as now we cannot
> restrict access to ip's which could cause problems, i've also tried to
> solve this problem by upgrading to 5.2.1-RELEASE but had exactly the
> same problem.
You forgot to mention details of your network configuration, and how
you are testing this. It's possible your expectations are wrong.
Kris
--98e8jtXdkpgskNou
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAZP1DWry0BWjoQKURAq2VAKDNy3oFG/daPf29fvsd74Xrqx0unwCg+hdb
GKxi5zf1CYCHiDL+sA0sIi8=
=icbO
-----END PGP SIGNATURE-----
--98e8jtXdkpgskNou--
More information about the freebsd-bugs
mailing list