kern/66319: ipfw count rule disabling new connections
Zachery Hostens
openhalo at openhalo.net
Thu May 6 00:40:20 PDT 2004
>Number: 66319
>Category: kern
>Synopsis: ipfw count rule disabling new connections
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 06 00:40:19 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Zachery Hostens
>Release: 5-CURRENT
>Organization:
>Environment:
FreeBSD avalanche.mchsi.com 5.2-CURRENT FreeBSD 5.2-CURRENT #4: Mon May 3 22:07:04 CDT 2004 root at avalanche.mchsi.com:/usr/obj/usr/src/sys/AVALANCHE i386
>Description:
i was attempting to add a rule to ipfw to count syn packets coming in
ipfw add 01000 count tcp from any to me setup (i also tried to any)
when i would try to connect to the box from another machine i would always get this:
extort at fate extort $ ssh avalanche
ssh: connect to host avalanche port 22: Network is unreachable
now the counter would count connection tries correctly, just not allow me to connect. as soon as i remove the rule i can ssh perfectly fine.
src-all was cvsup'd within 1 day of being compiled. If you need to see the kernel config and/or rc.conf or any other settings i have set, please feel free to email me.
>How-To-Repeat:
ipfw add # count tcp to any from [any|me]
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list