Date: Fri, 14 Nov 97 16:21:18 -0800 From: "Studded" <Studded@dal.net> To: "Alex Nash" <nash@Mcs.Net> Cc: "FreeBSD Stable List" <FreeBSD-Stable@FreeBSD.ORG> Subject: Re: Serious problem with ipfw in 11/10 Snap Message-ID: <199711150021.QAA02869@mail.san.rr.com>
next in thread | raw e-mail | index | archive | help
On Fri, 14 Nov 1997 08:34:54 -0600 (CST), Alex Nash wrote: >This code hasn't changed on the 2.2 branch since August 23. The same >code that's in 2.2.5 is in the 11/10 snap (that you claim is broken) and >the 11/11 snap (that you claim is fixed). Ok, I'll take your word for that, but I'm still at a loss as to how the problem could have occurred. FWIW, I rm -r /usr/obj/* and /usr/src/* before I make the world, then ftp the ...-SNAP/src/* tree to make sure I've got everything fresh. If you're telling me the code hasn't changed, then something else has either changed, or is vulnerable to change, since I used the same procedures I always do. More detail on the problem in case it's useful. 1. The rule appeared as 00000 deny ip from any to any 2. That rule, and only that rule persisted after a flush. 3. IPFW was able to load my usual (well-tested) rc.firewall script just fine, but none of the rules in it mattered because the 00000 rule was always parsed first. Please understand, I'm not trying to point the finger of blame at anyone. I simply would like to be sure that this problem can't take anyone else by surprise. Thanks for your time, Doug *** Proud operator, designer and maintainer of the world's largest *** Internet Relay Chat server. 4,168 clients and still growing. :-) *** Try spider.dal.net on ports 6662-4 (Powered by FreeBSD) *** Part of the DALnet IRC network ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711150021.QAA02869>