IPFW and 5.2.1

Leon Garde leon at nelsonbay.com
Tue Sep 28 23:48:28 PDT 2004

Any explanation or fix for my problem with ipfw  ...

yes I did search the mailing list archives, couldnt find anything relevant.

Kernel 5.2.1, freshly loaded off CD, as in

rm -rf /usr/src/*
../install.sh base
../install.sh tools
../install.sh sys

cp ~leon/GUASS /usr/src/sys/i386/conf/GUASS
cd /usr/src
make buildkernel KERNCONF=GUASS
make installkernel KERNCONF=GUASS

Its a relatively fresh install of 5.2.1..
and a picobsd style install derived from same.

guass# ipfw -a list
00001    0      0 deny ip from any to via rl0
65535 1287 499525 allow ip from any to any

guass# ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=255 time=0.281 ms
64 bytes from icmp_seq=1 ttl=255 time=0.207 ms

< packets are flowing by rl0, despite the ipfw rule to stop them !,
rl0 being the only network interface 'connected' )

guass# ipfw delete 1

guass# ipfw add 1 deny ip from any to any

guass# ping

< No answer, like u would hope>

Yes, I have searched archives.

Why does "via rl0" , "in recv rl0" , "out xmit rl0" ,
(or via wi0, in recv wi0, out xmit wi0 )

Is it a known bug ?

Can't think of anything else relevant  to add.
ipfw seems seriously broken  in 5.2.1 ???

leon at nelsonbay.com
Ph 02 4984 1422

