Another bug in IPFW@ ...?
Oliver Fromme
olli at lurza.secnetix.de
Wed Aug 3 08:35:40 GMT 2005
Luigi Rizzo <rizzo at icir.org> wrote:
> ok, so the problem is the following: when i implemented ipfw2
> i thought that 'recv any' or 'xmit any' were effectively NOPs
> so the parser erroneously removes them, together with any 'not' prefix
> (which is processed before).
That explains it.
I was a little confused by the ipfw(8) manpage: It says:
"recv any [...] matches packets received [...] through some
interface", and two paragraphs later: "A packet may not
have a receive [...] interface: packets originating from
the local host have no receive interface". That clearly
implies that "recv any" shouldn't be a NOP. :-)
> To fix this one should
> [...]
> if you want to try, this should be all
Thank you very much! I will give it a try, but it will
take a little while, because I cannot reboot this router
any time (ipfw is configured statically in the kernel).
Thanks again, Luigi, I appreciate your assistance!
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
I suggested holding a "Python Object Oriented Programming Seminar",
but the acronym was unpopular.
-- Joseph Strout
More information about the freebsd-ipfw
mailing list