misc/64694: UID/GID matching in ipfw non-functional
Grant Millar
co0lkizz at btinternet.com
Thu Mar 25 02:40:15 PST 2004
>Number: 64694
>Category: misc
>Synopsis: UID/GID matching in ipfw non-functional
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 25 02:40:15 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Grant Millar
>Release: 4.9-RELEASE
>Organization:
Uneix Internet Services
>Environment:
FreeBSD uneix.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Thu Mar 25 08:22:06 CST 2004 fdc at box.domain.com:/usr/src/sys/compile/GENERIC i386
>Description:
When adding the following rules uid matching on ipfw is totally
ignored as we can see no packets are getting through on the ip with
uid maching enabled, packets are allowed in but not out.
00100 3 144 allow tcp from any to 66.X.X.2
00200 0 0 allow tcp from 66.X.X.2 to any uid root
00300 3 132 deny tcp from 66.X.X.2 to any
65535 28440 2522637 allow ip from any to any
Clearly you can see this is a substantial problem as now we cannot
restrict access to ip's which could cause problems, i've also tried to
solve this problem by upgrading to 5.2.1-RELEASE but had exactly the
same problem.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list