kern/131817: ipfw blocks layer2 packets that should not be blocked
Eugene Grosbein
eugen at grosbein.pp.ru
Wed Feb 18 07:50:01 PST 2009
>Number: 131817
>Category: kern
>Synopsis: ipfw blocks layer2 packets that should not be blocked
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 18 15:50:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 7.1-STABLE i386
>Organization:
Svyaz-Service
>Environment:
System: FreeBSD grosbein.pp.ru 7.1-STABLE FreeBSD 7.1-STABLE #13: Tue Feb 17 20:11:39 KRAT 2009 eu at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386
>Description:
The rule:
ipfw add 1000 deny ip from any to any out recv fxp0 xmit fxp0
blocks outgoing ARP replys on the interface fxp0
if sysctl net.link.ether.ipfw is set to 1.
ARP reply is not transit packet received from fxp0 and
must not be blocked in this case. This is serious bug
and it exists in ipfw2 since RELENG_4.
>How-To-Repeat:
See above.
>Fix:
Unknown.
Eugene Grosbein
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list