ipfw table add problem
Ian Lepore
ian at FreeBSD.org
Thu Nov 21 14:50:48 UTC 2013
On Tue, 2013-11-19 at 23:26 +0200, Özkan KIRIK wrote:
> On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson <andrnils at gmail.com>wrote:
>
> >
> >
> >
> > On Tue, Nov 19, 2013 at 9:36 PM, Özkan KIRIK <ozkan.kirik at gmail.com>wrote:
> >
> >> Hi,
> >>
> >>
> >>
> >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson <andrnils at gmail.com>wrote:
> >>
> >>>
> >>>
> >>>
> >>> On Tue, Nov 19, 2013 at 8:55 PM, Özkan KIRIK <ozkan.kirik at gmail.com>wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel.
> >>>> I am trying to add port number to ipfw tables. But there is something
> >>>> strange :
> >>>> Problem is easily repeatable.
> >>>>
> >>>> #ipfw table 1 flush
> >>>> #ipfw table 1 add 4899
> >>>> #ipfw table 1 list
> >>>> ::/0 0
> >>>>
> >>> Works with ipfw table 1 add 0 4899
> >>>
> >> No, i want to use this table as port list ( to use with "lookup src-port
> >> 1" ) . If you add like this, you cannot match against ports. Am I wrong?
> >>
> > No, that should be possible.
> >
> >>
> >>
> >>>
> >>>> #ipfw table 1 flush
> >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 as
> >>>> prefix )
> >>>> #ipfw table 1 list
> >>>> ::/0 0
> >>>>
> >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me.
> >>>
> >> Please dont leave spaces between 0 and 1.
> >>
> > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ?
> >
> There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true
> syntax.
> The problem is, ipfw doesnt throw any errors, but record added as
> 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous.
>
> FreeBSD 8.2 and 8.4 doesnt have this problem.
For this, I wonder if ipfw was recently changed from using inet_aton()
to inet_pton() to parse addresses? Our implementation of inet_pton()
does not match the manpage -- it's supposed to accept decimal, octal, or
hex numbers for each of the dotted IP comonents, but it accepts decimal
only. 10.2.3.01 appears to cause it to return 0 as the address. Our
inet_aton() handles oct/dec/hex.
-- Ian
More information about the freebsd-stable
mailing list