[Bug 202802] ipf reports error with broken rule, but places malformed rule anyway
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 31 23:43:22 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202802
Bug ID: 202802
Summary: ipf reports error with broken rule, but places
malformed rule anyway
Product: Base System
Version: 10.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: jessica at litw.in
Hi,
Steps to duplicate:
1.) In an ipf.rules file you can place the following rule exactly as typed
(with typo):
block in quick proto tcp from8.8.8.8/32 to any
2.) load ipf with 'ipf -F -a -f /etc/ipf.rules' or similar:
# ipfstat -hi
empty list for ipfilter(in)
# ipfstat -ho
empty list for ipfilter(out)
# ipf -F -a -f /etc/ipf.rules
syntax error error at "/", line 1
Expected result:
ipf correctly reports a syntax error and does reload rules until the error is
corrected.
Actual result:
# ipfstat -hi
2 block in quick proto tcp from any to any
At this point the box is deaf to the world until the rule is removed,
corrected, or ipf is flushed via console.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list