kern/131817: ipfw blocks layer2 packets that should not be blocked

Eugene Grosbein eugen at grosbein.pp.ru
Wed Feb 18 07:50:01 PST 2009


>Number:         131817
>Category:       kern
>Synopsis:       ipfw blocks layer2 packets that should not be blocked
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 18 15:50:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 7.1-STABLE i386
>Organization:
Svyaz-Service
>Environment:
System: FreeBSD grosbein.pp.ru 7.1-STABLE FreeBSD 7.1-STABLE #13: Tue Feb 17 20:11:39 KRAT 2009 eu at grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386

>Description:
	
	The rule:

ipfw add 1000 deny ip from any to any out recv fxp0 xmit fxp0

	blocks outgoing ARP replys on the interface fxp0
	if sysctl net.link.ether.ipfw is set to 1.

	ARP reply is not transit packet received from fxp0 and
	must not be blocked in this case. This is serious bug
	and it exists in ipfw2 since RELENG_4.
	
>How-To-Repeat:
	See above.

>Fix:

	Unknown.


Eugene Grosbein
>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list