bug or a feature of ipfw2?
Goran Gajic
ggajic at afrodita.rcub.bg.ac.yu
Fri May 12 19:51:49 UTC 2006
Hi,
I don't know if this is normal behaviour:
fbsd# arp -a
fbsd (192.168.1.1) at 00:14:85:22:8f:62 on sk0 permanent [ethernet]
enterprise (192.168.1.2) at 00:0d:88:6e:6d:b4 on sk0 [ethernet]
fbsd# kldload ipfw.ko
fbsd# kldload dummynet.ko
fbsd# sysctl -n net.link.ether.ipfw=1
0 -> 1
fbsd# ipfw add 100 permit ip from any to any
00100 allow ip from any to any
fbsd# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.362 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.260 ms
^C
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.260/0.311/0.362/0.051 ms
fbsd# ipfw delete 100
fbsd# ipfw add 100 permit ip from any to any MAC any any
00100 allow ip from any to any MAC any any
fbsd# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied
^C
--- 192.168.1.2 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
So my question is: if I select dst and src MAC to any shouldn't ipfw
let me pass? I've got same result when I've tried
ipfw add 100 permit MAC 00:0d:88:6e:6d:b4 any
ipfw add 100 permit MAC any 00:14:85:22:8f:62
fbsd# uname -a
FreeBSD fbsd 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Sat May 6 19:29:12
CEST 2006
GENERIC config. sk0 is NIC on both machines.
Regards,
gg.
More information about the freebsd-current
mailing list