From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 13 11:08:18 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 00C58106564A for ; Mon, 13 Dec 2010 11:08:18 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D7E488FC12 for ; Mon, 13 Dec 2010 11:08:17 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBDB8Hba045520 for ; Mon, 13 Dec 2010 11:08:17 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBDB8HIL045517 for freebsd-ipfw@FreeBSD.org; Mon, 13 Dec 2010 11:08:17 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 13 Dec 2010 11:08:17 GMT Message-Id: <201012131108.oBDB8HIL045517@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 11:08:18 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/152887 ipfw [ipfw] Can not set more then 1024 buckets with buckets o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/150798 ipfw [ipfw] ipfw2 fwd rule matches packets but does not do o kern/148928 ipfw [ipfw] Problem with loading of ipfw NAT rules during s o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148689 ipfw [ipfw] antispoof wrongly triggers on link local IPv6 a o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148157 ipfw [ipfw] IPFW in kernel nat BUG found in FreeBSD 8.1-PRE o conf/148144 ipfw [patch] add ipfw_nat support for rc.firewall simple ty o conf/148137 ipfw [ipfw] call order of natd and ipfw startup scripts o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. o kern/147720 ipfw [ipfw] ipfw dynamic rules and fwd o kern/145733 ipfw [ipfw] [patch] ipfw flaws with ipv6 fragments o kern/145305 ipfw [ipfw] ipfw problems, panics, data corruption, ipv6 so o kern/144269 ipfw [ipfw] problem with ipfw tables o kern/144187 ipfw [ipfw] deadlock using multiple ipfw nat and multiple l o kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143653 ipfw [ipfw] [patch] ipfw nat redirect_port "buf is too smal o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/143474 ipfw [ipfw] ipfw table contains the same address f kern/142951 ipfw [dummynet] using pipes&queues gives OUCH! pipe should o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip o kern/122109 ipfw [ipfw] ipfw nat traceroute problem s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet] 6.3-RELEASE-p1 page fault in dummynet (corr o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 79 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 13 11:15:46 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 757E710656CE; Mon, 13 Dec 2010 11:15:46 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4BA328FC13; Mon, 13 Dec 2010 11:15:46 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBDBFkuw064538; Mon, 13 Dec 2010 11:15:46 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBDBFjPl064529; Mon, 13 Dec 2010 11:15:45 GMT (envelope-from ae) Date: Mon, 13 Dec 2010 11:15:45 GMT Message-Id: <201012131115.oBDBFjPl064529@freefall.freebsd.org> To: bu7cher@yandex.ru, ae@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/80642: [ipfw] [patch] ipfw small patch - new RULE OPTION X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 11:15:46 -0000 Synopsis: [ipfw] [patch] ipfw small patch - new RULE OPTION State-Changed-From-To: suspended->closed State-Changed-By: ae State-Changed-When: Mon Dec 13 11:15:21 UTC 2010 State-Changed-Why: It is my PR. http://www.freebsd.org/cgi/query-pr.cgi?pr=80642 From owner-freebsd-ipfw@FreeBSD.ORG Mon Dec 13 17:10:09 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DFB7D1065672 for ; Mon, 13 Dec 2010 17:10:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id ACCAD8FC21 for ; Mon, 13 Dec 2010 17:10:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBDHA9v9054607 for ; Mon, 13 Dec 2010 17:10:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBDHA94q054604; Mon, 13 Dec 2010 17:10:09 GMT (envelope-from gnats) Date: Mon, 13 Dec 2010 17:10:09 GMT Message-Id: <201012131710.oBDHA94q054604@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Nikolay Denev Cc: Subject: Re: kern/139226: [ipfw] install_state: entry already present, done X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Nikolay Denev List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 17:10:10 -0000 The following reply was made to PR kern/139226; it has been noted by GNATS. From: Nikolay Denev To: bug-followup@FreeBSD.org Cc: Subject: Re: kern/139226: [ipfw] install_state: entry already present, done Date: Mon, 13 Dec 2010 18:38:29 +0200 Just got a lot of the same messages "ipfw: ipfw_install_state: entry = already present, done" on a 8.2-PRERELEASE from Fri Dec 10 05:17:02 CET 2010 From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 14 20:26:17 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF12D106564A; Tue, 14 Dec 2010 20:26:17 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 840D68FC18; Tue, 14 Dec 2010 20:26:17 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBEKQHxA071603; Tue, 14 Dec 2010 20:26:17 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBEKQHKO071599; Tue, 14 Dec 2010 20:26:17 GMT (envelope-from linimon) Date: Tue, 14 Dec 2010 20:26:17 GMT Message-Id: <201012142026.oBEKQHKO071599@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: conf/153155: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2010 20:26:17 -0000 Synopsis: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat enabled Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Tue Dec 14 20:26:08 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=153155 From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 15 05:47:39 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAD981065673; Wed, 15 Dec 2010 05:47:39 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C002C8FC1D; Wed, 15 Dec 2010 05:47:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBF5ldLd072752; Wed, 15 Dec 2010 05:47:39 GMT (envelope-from ae@freefall.freebsd.org) Received: (from ae@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBF5ldiE072748; Wed, 15 Dec 2010 05:47:39 GMT (envelope-from ae) Date: Wed, 15 Dec 2010 05:47:39 GMT Message-Id: <201012150547.oBF5ldiE072748@freefall.freebsd.org> To: rtsanch@gmail.com, ae@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: ae@FreeBSD.org Cc: Subject: Re: kern/153161: IPFIREWALL does not allow specify rules with ICMP codes X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2010 05:47:40 -0000 Synopsis: IPFIREWALL does not allow specify rules with ICMP codes State-Changed-From-To: closed->open State-Changed-By: ae State-Changed-When: Wed Dec 15 05:44:49 UTC 2010 State-Changed-Why: Reopen PR and assign over to maintainer. ipfw currently does not support icmp codes. Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: ae Responsible-Changed-When: Wed Dec 15 05:44:49 UTC 2010 Responsible-Changed-Why: Reopen PR and assign over to maintainer. ipfw currently does not support icmp codes. http://www.freebsd.org/cgi/query-pr.cgi?pr=153161 From owner-freebsd-ipfw@FreeBSD.ORG Fri Dec 17 22:11:59 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EAB03106564A; Fri, 17 Dec 2010 22:11:59 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C007F8FC1B; Fri, 17 Dec 2010 22:11:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBHMBxdH091834; Fri, 17 Dec 2010 22:11:59 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBHMBxhH091830; Fri, 17 Dec 2010 22:11:59 GMT (envelope-from linimon) Date: Fri, 17 Dec 2010 22:11:59 GMT Message-Id: <201012172211.oBHMBxhH091830@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2010 22:12:00 -0000 Synopsis: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Fri Dec 17 22:11:53 UTC 2010 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=153252 From owner-freebsd-ipfw@FreeBSD.ORG Sat Dec 18 20:00:24 2010 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B25C106566B for ; Sat, 18 Dec 2010 20:00:24 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 27C538FC0A for ; Sat, 18 Dec 2010 20:00:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBIK0NAQ022123 for ; Sat, 18 Dec 2010 20:00:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBIK0N6Q022100; Sat, 18 Dec 2010 20:00:23 GMT (envelope-from gnats) Date: Sat, 18 Dec 2010 20:00:23 GMT Message-Id: <201012182000.oBIK0N6Q022100@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Alexander Verbod" Cc: Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alexander Verbod List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2010 20:00:24 -0000 The following reply was made to PR bin/153252; it has been noted by GNATS. From: "Alexander Verbod" To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Date: Sat, 18 Dec 2010 15:00:01 -0500 --========GMX20051292702401607924 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Eugene Grosbein wrote: > One should not unconditionally disable ability of reloading ipfw rules > using "/etc/rc.d/ipfw start" command. Patch  doesn't "unconditionally disable ability of reloading ipfw rules"! Patch disables the ability to run start up script "/etc/rc.d/ipfw" with "start" command twice that causes lockdown even if type of firewall is "OPEN". By the term "reloading" I guess you meant the "restart" command that's doing stop/start sequence, but not start/start. ;) > For example, it's used extensively > in my systems and does not lead to "lock-down". Eugene, you could do with your systems whatever you want, but here was described the bug that appears when used standard, non modified OS. Did you try all steps described in the "How-To-Repeat" section before replying? > One should learn ipfw(8) manual page including CHECKLIST paragraph :) Could you check please /etc/rc.firewall for presence of this line "${fwcmd} add 65000 pass all from any to any" It's the only one line for "OPEN" firewall's profile. One who claim to know ipfw(8) manual page should understand this firewall's rule that unconditionally allow all traffic in both direction for any type of protocols. But after running "/etc/rc.d/ipfw start" twice all rules are flashed and only default rule: 65535 deny ip from any to any to take affect. > and make oneself familiar with proper ways of reloading ipfw over > network. Did I say somewhere that I don't know "proper ways of reloading ipfw over network"? If one like to show of, bug report board isn't a good place to do that. > 2. Nice catch. It isn't a catch, it's a report about bugs. > However, that's only one of reasons why it is > very bad habit to have "./" in PATH. It is a perfectly legal operation that shouldn't cause an error on the OS level. If one can't use a hummer and broke his finger because of that - it isn't mean that hummer is a bad tool. > 3. Please use "diff -u" to make unified diffs, > they are much easier to read. I'm agree with you on that but I used official advice http://www.freebsd.org/doc/en/articles/contributing/contrib-how.html that says: "The preferred diff(1) format for submitting patches is the unified output format generated by diff -u. However, for patches that substantially change a region of code, a context output format diff generated by diff -c may be more readable and thus preferable." Unified patch attached. --========GMX20051292702401607924 Content-Type: application/octet-stream; charset="utf-8"; name="ipfw.patch2.txt" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipfw.patch2.txt" Content-Description: Attachment: ipfw.patch2.txt LS0tIGlwZncub3JpZwkyMDEwLTA3LTMxIDE4OjUyOjU0LjAwMDAwMDAwMCAtMDQwMAorKysgaXBm dwkyMDEwLTEyLTE3IDEwOjAyOjU0LjAwMDAwMDAwMCAtMDUwMApAQCAtMzksNyArMzksMTggQEAK IAogCV9maXJld2FsbF90eXBlPSQxCiAKKwkjIGNoZWNrIGlmIGZpcmV3YWxsIGFscmVhZHkgcnVu bmluZyB0byBwcmV2ZW50IHN1YnNlcXVlbnQgc3RhcnQgY2FsbHMKKwkjCisJWyAkKCAke1NZU0NU TF9OfSBuZXQuaW5ldC5pcC5mdy5lbmFibGUgKSAtbmUgMCBdICYmIHsKKwkJd2FybiAnRmlyZXdh bGwgaXMgYWxyZWFkeSBydW5uaW5nLic7CisJCV9pcGZ3X3J1bm5pbmdfc3RhdHVzPTE7CisJCXJl dHVybiAxOworCX0gfHwgeworCQlfaXBmd19ydW5uaW5nX3N0YXR1cz0wOworCX0KKwogCSMgc2V0 IHRoZSBmaXJld2FsbCBydWxlcyBzY3JpcHQgaWYgbm9uZSB3YXMgc3BlY2lmaWVkCisJIwogCVsg LXogIiR7ZmlyZXdhbGxfc2NyaXB0fSIgXSAmJiBmaXJld2FsbF9zY3JpcHQ9L2V0Yy9yYy5maXJl d2FsbAogCiAJaWYgWyAtciAiJHtmaXJld2FsbF9zY3JpcHR9IiBdOyB0aGVuCkBAIC01NSw3ICs2 Niw3IEBACiAJIwogCWlmIGNoZWNreWVzbm8gZmlyZXdhbGxfbG9nZ2luZzsgdGhlbgogCQllY2hv ICdGaXJld2FsbCBsb2dnaW5nIGVuYWJsZWQuJwotCQlzeXNjdGwgbmV0LmluZXQuaXAuZncudmVy Ym9zZT0xID4vZGV2L251bGwKKwkJJHtTWVNDVExfV30gbmV0LmluZXQuaXAuZncudmVyYm9zZT0x ID4vZGV2L251bGwKIAlmaQogfQogCkBAIC02MywxMCArNzQsMTYgQEAKIHsKIAlsb2NhbAlfY29z Y3JpcHQKIAorCSMgc3RvcCBwcm9jY2Vzc2luZyBpZiBmaXJld2FsbCBpcyBhbHJlYWR5IHJ1bm5p bmcKKwkjCisJWyAke19pcGZ3X3J1bm5pbmdfc3RhdHVzfSAtZXEgMSBdICYmIHsKKwkJcmV0dXJu IDE7CisJfQorCiAJIyBTdGFydCBmaXJld2FsbCBjb3NjcmlwdHMKIAkjCiAJZm9yIF9jb3Njcmlw dCBpbiAke2ZpcmV3YWxsX2Nvc2NyaXB0c30gOyBkbwotCQlpZiBbIC1mICIke19jb3NjcmlwdH0i IF07IHRoZW4KKwkJaWYgWyAtZiAiJHtfY29zY3JpcHR9IiAtYSAteCAiJHtfY29zY3JpcHR9IiBd OyB0aGVuCiAJCQkke19jb3NjcmlwdH0gcXVpZXRzdGFydAogCQlmaQogCWRvbmUKQEAgLTk4LDEz ICsxMTUsMTggQEAKIAkjIFN0b3AgZmlyZXdhbGwgY29zY3JpcHRzCiAJIwogCWZvciBfY29zY3Jp cHQgaW4gYHJldmVyc2VfbGlzdCAke2ZpcmV3YWxsX2Nvc2NyaXB0c31gIDsgZG8KLQkJaWYgWyAt ZiAiJHtfY29zY3JpcHR9IiBdOyB0aGVuCisJCWlmIFsgLWYgIiR7X2Nvc2NyaXB0fSIgLWEgLXgg IiR7X2Nvc2NyaXB0fSIgXTsgdGhlbgogCQkJJHtfY29zY3JpcHR9IHF1aWV0c3RvcAogCQlmaQog CWRvbmUKIH0KIAogbG9hZF9yY19jb25maWcgJG5hbWUKLWZpcmV3YWxsX2Nvc2NyaXB0cz0iL2V0 Yy9yYy5kL25hdGQgJHtmaXJld2FsbF9jb3NjcmlwdHN9IgorCitpZiBjaGVja3llc25vIGZpcmV3 YWxsX25hdF9lbmFibGU7IHRoZW4KKwlmaXJld2FsbF9jb3NjcmlwdHM9Ii9ldGMvcmMuZC9uYXRk ICR7ZmlyZXdhbGxfY29zY3JpcHRzfSIKK2VsaWYgY2hlY2t5ZXNubyBuYXRkX2VuYWJsZTsgdGhl bgorCWZpcmV3YWxsX2Nvc2NyaXB0cz0iL2V0Yy9yYy5kL25hdGQgJHtmaXJld2FsbF9jb3Njcmlw dHN9IgorZmkKIAogcnVuX3JjX2NvbW1hbmQgJCoK --========GMX20051292702401607924--