[Bug 238694] Configuring & using a customized IPFW rule set now causes additional rles to be (involuntarily) added
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jun 20 14:36:03 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238694
--- Comment #7 from Rodney W. Grimes <rgrimes at FreeBSD.org> ---
(In reply to karl from comment #6)
I agree Karl, one does have to be very careful when hand crafting there own
firewall. Most of mine do in fact use the simple flush, but there are other
techniques, such as load the set of rules into a known empty set and do a set
flip, complicated state management that knows how to incrementally remove and
add the proper sequence of rules, etc.
I think the reason so very few reports exist about this bug is that we have 2
ways to cause an external script to load, setting firewall_type="/path/to/file"
and firewall_script="/path/to/file". The second form always works exactly as
we (we being I think all of us) expected it to, however the former now has this
wart that we get the, by my claim fake, loopback stuff. It is this wart that
is at issue and we should solve that so the behavior of firewall_script= and
firewall_type=path are exactly the same. Can I get an agreement on that
point?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ipfw
mailing list