From owner-freebsd-ipfw Sun Mar 12 21:47:13 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id C894B37B8CF for ; Sun, 12 Mar 2000 21:47:10 -0800 (PST) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id GAA89213; Mon, 13 Mar 2000 06:45:44 +0100 (CET) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200003130545.GAA89213@info.iet.unipi.it> Subject: Re: ipfw doesn't match when src == dest In-Reply-To: from Robert Watson at "Mar 12, 2000 05:52:07 pm" To: Robert Watson Date: Mon, 13 Mar 2000 06:45:44 +0100 (CET) Cc: Mike Heffner , freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, the original poster found out the problem -- a call to inet_ntoa() (or similar function) which returned a ptr to a static buffer was used twice in the same function, with obvious results. cheers luigi > > > > Hello, > > > > > > When I recently redid my firewall, I wanted to block a strange packet from my > > > cablemodem, > > > > > > Deny P:2 192.168.100.1 192.168.100.1 in via ed1 > > > > are you sure that the logging code prints the right thing ? > > I noticed (from source code analysis) it does strange things with > > fragments, it might as well misbehave with short packets etc. > > Having spent about two minutes looking at the ipfw code, it looks like > there are no false accepts for ultra-fragmented UDP/TCP/ICMP packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message