misc/187904: ipfw (8) does not properly recognize the network in shorthand
Vladislav V. Prodan
admin at support.od.ua
Mon Mar 24 18:00:03 UTC 2014
>Number: 187904
>Category: misc
>Synopsis: ipfw (8) does not properly recognize the network in shorthand
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 24 18:00:01 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Vladislav V. Prodan
>Release: FreeBSD 10.0
>Organization:
support.od.ua
>Environment:
FreeBSD bimbo.YYY 10.0-STABLE FreeBSD 10.0-STABLE #0: Sun Mar 23 08:14:35 EET 2014 root at bimbo.YYY:/usr/obj/usr/src/sys/bimbo.3 amd64
>Description:
When network is added to the table ipfw in shortened form, network ::/0 appears
By the context of the rules ipfw - drop or reset, network ::/0 can block access to the target machine.
In the system 9.0 such behavior was not observed.
For example, the network 177.204/14
#whois -L 177.204/14
..
inetnum: 177.204/14
aut-num: AS18881
abuse-c: GOI
owner: Global Village Telecom
..
>How-To-Repeat:
#ipfw table 100 list
#ipfw table 100 add 177.204/14
#ipfw table 100 list
::/0 0
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list