bin/66103: macro HISADDR is not sticky in filters
Sergey Homenkow
hsw at yandex.ru
Thu Apr 29 23:50:15 PDT 2004
>Number: 66103
>Category: bin
>Synopsis: macro HISADDR is not sticky in filters
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 29 23:50:14 PDT 2004
>Closed-Date:
>Last-Modified:
>Originator: Sergey Homenkow
>Release: FreeBSD 4.9-STABLE
>Organization:
Comptek
>Environment:
FreeBSD sofia.nirvana.ipct.ru 4.9-STABLE FreeBSD 4.9-STABLE #22: Thu Mar 25 23:07:34 MSK 2004 r
oot at sofia.nirvana.ipct.ru:/usr/src/sys/compile/SOFIA i386
>Description:
ppp(8) does not update filter rules with sticky macro HISADDR after negotiating IP-addr.
>How-To-Repeat:
make ppp.conf record with:
set ifaddr 217.150.59.131 192.168.253.2-192.168.253.99
set radius /etc/radius.conf
set filter in 0 permit HISADDR 0.0.0.0/0
At start ppp(8) select client ip from pool (192.168.253.42) and set filters.
After authorization with radius with attributes Framed-IP-Address:=217.150.58.197 packets blocked:
>Fix:
Setup (or update) filter rules with macro in /etc/ppp/ppp.linkup
>Release-Note:
>Audit-Trail:
>Unformatted:
>Debug: IN filter:
>Debug: rule = 0: Address mismatch
>Filter: INbound rule = implicit deny icmp src = 217.150.58.197/0 dst = 217.150.59.131/0
>TCP/IP: IN ICMP: 217.150.58.197:8 ---> 217.150.59.131 (36/84) - BLOCKED
More information about the freebsd-bugs
mailing list