Date: Tue, 21 Jan 2003 01:43:54 +0100 From: "Simon L. Nielsen" <simon@nitro.dk> To: freebsd-ipfw@FreeBSD.ORG Subject: Sanity check in ipfw(8) Message-ID: <20030121004353.GF351@nitro.dk>
next in thread | raw e-mail | index | archive | help
--tmoQ0UElFV5VgXgH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello I recently found a problem where ipfw2 would allow the user to create firewall rules that does not make sense like (notice udp and setup) : ipfw add allow udp from any to any setup I filed a PR (bin/47120) with a "fix" since I thought this was a trivial change to check in the ipfw userland program for protocol when specifying options like setup, icmpoptions and the likes. The fix is not correct since I did not notice that it is possible to use multiple protocols with or statements. Now for the point :-)... Is it interesting to have the extra sanity check in ipfw(8) ? If it is I will try to make a patch that actually works, but if it isn't there is not much reason to make a new patch... Btw. could a committer take a quick look at bin/46785 which is a trivial change to ipfw -h. --=20 Simon L. Nielsen --tmoQ0UElFV5VgXgH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+LJfJ8kocFXgPTRwRAjiRAKDFQbHvu/JsBWpaYfnnFeByUN1hKgCdFkQe 1Ocyh0OoEpye9wC5u/frlhk= =W8z8 -----END PGP SIGNATURE----- --tmoQ0UElFV5VgXgH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030121004353.GF351>