kern/76971: ipfw antispoof incorrectly blocks broadcasts

Radim Kolar hsn at
Tue Feb 1 09:20:17 PST 2005

>Number:         76971
>Category:       kern
>Synopsis:       ipfw antispoof incorrectly blocks broadcasts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 17:20:16 GMT 2005
>Originator:     Radim Kolar
>Release:        FreeBSD 5.3-STABLE i386
System: FreeBSD sanatana.dharma 5.3-STABLE FreeBSD 5.3-STABLE #3: Sat Jan 29 08:58:45 CET 2005 root at sanatana.dharma:/usr/obj/usr/src/sys/UP i386

Anti spoof ipfw check rule blocks incoming broadcast from our host.
This confuses many apps using broadcasts, because they expect to receive
their own messages. Broadcast should not be Deny, because it arrives on
good network interface.
ipfw rule

00110 3 624 deny log logamount 200 ip from any to any not antispoof

incorrectly blocks broadcasts generated by local applications, such as
rwho, routed and so on.

Feb  1 10:56:58 sanatana kernel: ipfw: 110 Deny UDP in via ed0

sanatana# ifconfig ed0
inet netmask 0xffffff00 broadcast

More information about the freebsd-bugs mailing list