Date: Tue, 19 Nov 2013 23:26:18 +0200 From: =?ISO-8859-1?Q?=D6zkan_KIRIK?= <ozkan.kirik@gmail.com> To: Andreas Nilsson <andrnils@gmail.com> Cc: freebsd-ipfw <freebsd-ipfw@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org>, Luigi Rizzo <rizzo@iet.unipi.it> Subject: Re: ipfw table add problem Message-ID: <CAAcX-AHQvZDXJUKrVKnW4xhOxO4DE7uFUyMqBC2biVaDhq%2BcGg@mail.gmail.com> In-Reply-To: <CAPS9%2BSv=4J2g8rCbz-99VoQiN8=eNsDWJkNVW6E0g%2B2B-LPTEQ@mail.gmail.com> References: <CAAcX-AGDZbFn5RmhLBBn2PPWRPcsFUnea5MgTc7nuXGD8Ge53A@mail.gmail.com> <CAPS9%2BSv9Um47wzOkfEsA_S7sb-FbQ=aZE2qb7EkFgnzEsrOc%2BQ@mail.gmail.com> <CAAcX-AHqxnx73%2BP_h0ooK8CNZCM0%2BOo-TckLNHexqnP8bytCpA@mail.gmail.com> <CAPS9%2BSv=4J2g8rCbz-99VoQiN8=eNsDWJkNVW6E0g%2B2B-LPTEQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 19, 2013 at 11:21 PM, Andreas Nilsson <andrnils@gmail.com>wrote= : > > > > On Tue, Nov 19, 2013 at 9:36 PM, =D6zkan KIRIK <ozkan.kirik@gmail.com>wro= te: > >> Hi, >> >> >> >> On Tue, Nov 19, 2013 at 10:22 PM, Andreas Nilsson <andrnils@gmail.com>wr= ote: >> >>> >>> >>> >>> On Tue, Nov 19, 2013 at 8:55 PM, =D6zkan KIRIK <ozkan.kirik@gmail.com>w= rote: >>> >>>> Hi, >>>> >>>> I'm using kernel FreeBSD 10.0-BETA3 #2 r257635 kernel. >>>> I am trying to add port number to ipfw tables. But there is something >>>> strange : >>>> Problem is easily repeatable. >>>> >>>> #ipfw table 1 flush >>>> #ipfw table 1 add 4899 >>>> #ipfw table 1 list >>>> ::/0 0 >>>> >>> Works with ipfw table 1 add 0 4899 >>> >> No, i want to use this table as port list ( to use with "lookup src-port >> 1" ) . If you add like this, you cannot match against ports. Am I wrong? >> > No, that should be possible. > >> >> >>> >>>> #ipfw table 1 flush >>>> #ipfw table 1 add 10.2.3.01 ( not 10.0.0.1, the last 1 has 0 a= s >>>> prefix ) >>>> #ipfw table 1 list >>>> ::/0 0 >>>> >>> Did you mean ipfw table 1 add 10.2.3.0 1 ? That works for me. >>> >> Please dont leave spaces between 0 and 1. >> > Ok. any specific reason to type it as 10.2.3.01 instead 0f 10.2.3.1 ? > There is no specific reason, but both 10.2.3.01 and 10.2.3.1 are has true syntax. The problem is, ipfw doesnt throw any errors, but record added as 0.0.0.0/0( all the IPv4 network ). This behaviour is really dangerous. FreeBSD 8.2 and 8.4 doesnt have this problem. >> >>> >>>> #ipfw table 1 delete ::/0 >>>> ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process >>>> >>> However ipfw table 1 delete 0.0.0.0/0 does. >>> >> Thank you >> >>> >>>> >>>> I guess that, this problem is related to radix mask calculation >>>> problem/fix. >>>> >>>> Is there a quick solution for this. >>>> Best, regards, >>> >>> >>> Best regards >>> Andreas >>> >> >> Best regards, >> Ozkan. >> >> > > Best regards > Andreas >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AHQvZDXJUKrVKnW4xhOxO4DE7uFUyMqBC2biVaDhq%2BcGg>