kern/169620: ng_l2tp incomming packet bypass pf firewall
HASHI Hiroaki
hashiz at meridiani.jp
Tue Jul 3 01:50:10 UTC 2012
>Number: 169620
>Category: kern
>Synopsis: ng_l2tp incomming packet bypass pf firewall
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 03 01:50:08 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: HASHI Hiroaki
>Release: FreeBSD 8.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD tomba.meridiani.jp 8.3-STABLE FreeBSD 8.3-STABLE #33: Mon Jul 2 01:44:40 JST 2012 hashiz at stenmark.meridiani.jp:/usr/obj/usr/src/sys/TOMBA i386
l2tp daemon: net/mpd5
>Description:
PF firewall does not examine incomming packet on ng_l2tp interface.
ng_pppoe : examine.
ng_l2tp : not examine.
>How-To-Repeat:
Setup l2tp tunnel using net/mpd5.
Connect from client.
Write block PF rule on l2tp netgraph interface.
block in quick on ngX inet from any to any
pass out quick on ngX inet from any to any
PF through the packets. Block rule not evalute.
sudo pfctl -vvs -s Interfaces -i ngX
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list