Another bug in IPFW@ ...?

Oliver Fromme olli at lurza.secnetix.de
Wed Aug 3 08:35:40 GMT 2005


Luigi Rizzo <rizzo at icir.org> wrote:
 > ok, so the problem is the following: when i implemented ipfw2
 > i thought that 'recv any' or 'xmit any' were effectively NOPs
 > so the parser erroneously removes them, together with any 'not' prefix
 > (which is processed before).

That explains it.

I was a little confused by the ipfw(8) manpage:  It says:
"recv any [...] matches packets received [...] through some
interface", and two paragraphs later:  "A packet may not
have a receive [...] interface: packets originating from
the local host have no receive interface".  That clearly
implies that "recv any" shouldn't be a NOP.  :-)

 > To fix this one should
 > [...]
 > if you want to try, this should be all

Thank you very much!  I will give it a try, but it will
take a little while, because I cannot reboot this router
any time (ipfw is configured statically in the kernel).

Thanks again, Luigi, I appreciate your assistance!

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

I suggested holding a "Python Object Oriented Programming Seminar",
but the acronym was unpopular.
        -- Joseph Strout


More information about the freebsd-ipfw mailing list