mfc of ipf 3.4.35 breaks POLA in 4.11, 4-Stable

Jonathan Dama bn at
Fri Apr 1 16:21:13 PST 2005

IPF in 4.11, 4-Stable breaks the semantics of icmp
keep-state rules.  This problem was mentioned in

I wouldn't make a fuss over this simple matter 
except that this constitutes a POLA violation.

To that end, the following pr was submitted:

Incidentially, unless I really misunderstand ipf, there
appears to be a genuine bug here.  POLA issues aside, a
pass-rule is being used to block packets.


More information about the freebsd-stable mailing list