From owner-freebsd-ipfw@freebsd.org Sun May 27 01:12:55 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9ABDF70DB6 for ; Sun, 27 May 2018 01:12:55 +0000 (UTC) (envelope-from jmk@wagsky.com) Received: from mx.allycomm.com (mx.allycomm.com [138.68.30.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 54F13688BC for ; Sun, 27 May 2018 01:12:55 +0000 (UTC) (envelope-from jmk@wagsky.com) Received: from miniup.bevandjeff.com (c-73-223-112-15.hsd1.ca.comcast.net [73.223.112.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.allycomm.com (Postfix) with ESMTPSA id 4198F24AC6; Sat, 26 May 2018 18:03:49 -0700 (PDT) To: freebsd-ipfw@freebsd.org From: Jeff Subject: Unexpected behavior ipfw check-state with count tag or call Message-ID: <583c0634-c87c-5502-300b-6450253f71a7@wagsky.com> Date: Sat, 26 May 2018 18:03:49 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 May 2018 01:12:56 -0000 TL;DR If an ipfw rule's action is "count [tag]" or "call" and initiates a keep-state, when the check-state is matched, the execution not only performs the action of the original rule, but also the rule number. This results in the "continuation" being not where the check-state was executed but where the corresponding keep-state is numbered. Before I either file a ticket or start to work on the code or docs, is this intended behavior? --- Context: IPv4 and NAT -- Capture the "established" connections on egress by use of a "count tag XXX keep-state :out-ifN" rule. When a "return" packet arrives, the "check-state :out-ifN" would then tag the packet XXX, which could be used in identifying it as it flows through the firewall as "expected from valid connection", even as its addr:port is modified. You can't "accept keep-state" as the packet still needs NAT on the way in. I've tried "count tag" as well as "call" to "tag ; return" with the same results, the "next" rule evaluated is the one following the keep-state rule, not the check-state rule. (I've still got a couple other things I'm going to try as work-arounds.) Once I've got my rules running here, I'd like to tackle this, but I don't know if this is a "documentation weakness", or perhaps unintended behavior, based on the man pages and what I've been able to find in the code. I know the man page and comments have grown organically since I started using ipfw back in the 4.0 days and may not be completely up-to-date. If there's any insight into intent of the code before I dive in, I'd certainly appreciate it! Thanks, Jeff ipfw(8):      check-state [:flowname | :any]              Checks the packet against the dynamic ruleset.  If a match is              found, execute the action associated with the rule which              generated this dynamic rule, otherwise move to the next rule. "action associated with the rule" -- not the rule itself ip_fw_dynamic.c has some "interesting" comments:  * Each dynamic rule holds a pointer to the parent ipfw rule so  * we know what action to perform. Dynamic rules are removed when  * the parent rule is deleted. This can be changed by dyn_keep_states  * sysctl.  *  * There are some limitations with dynamic rules -- we do not  * obey the 'randomized match', and we do not do multiple  * passes through the firewall. XXX check the latter!!! ip_fw2.c appears to the match/dispatch: 2191 /* 2192  * Found dynamic entry, update stats 2193  * and jump to the 'action' part of 2194  * the parent rule by setting 2195  * f, cmd, l and clearing cmdlen. 2196  */ (I haven't pursued the code deeper yet) Here are the rules used for confirming this behavior 192.168.0.100 is the management interface 10.0.0.100 is the "outside" interface, leading to the "true" gateway 172.217.11.164 is an IP of www.google.com used to drive outside traffic 00001 reass 00010 allow via lo0 00011 deny ip from 127.0.0.0/8 to any 00012 deny ip from any to 127.0.0.0/8 00013 deny ip from ::1 to any 00014 deny ip from any to ::1 00020 allow tcp from 192.168.0.100 22 to 192.168.0.100/24 via igb2 00021 allow tcp from 192.168.0.100/24 to 192.168.0.100 dst-port 22 via igb2 00080 skipto 90 log proto tcp src-ip 10.0.0.100 via igb0 dst-ip 172.217.11.164 dst-port 443 00081 skipto 90 log proto tcp src-ip 172.217.11.164 src-port 443 dst-ip 10.0.0.100 via igb0 00092 skipto 2000 log not layer2 in 00093 skipto 3000 log not layer2 out recv * 00094 skipto 4000 log not layer2 out // not recv * 00099 deny log // first-stage dispatch problem 02000 count log // ip_input 02100 count log tagged 40 02104 check-state :IP4_TAG_OUTER_outside log // "established" IPv4 connections 02500 count log // Inbound "NAT" of IPv4 02510 allow log tagged 40 // "established" IPv4 connections,post-NAT 02999 deny log // ip_input -- DENY remaining 03000 deny log // ip_output -- forwarded 04000 count log // ip_output -- common output 04204 count log // Outbound "NAT" 04304 count log tag 40 xmit igb0 keep-state :IP4_TAG_OUTER_outside 04400 allow log tagged 40 04999 deny log // ip_output -- common output -- DENY remaining 65535 deny ip from any to any # First packet goes out, tagged keep-state at 4304, accepted at 4400 ipfw: 80 SkipTo 90 TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 ipfw: 94 SkipTo 4000 TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 ipfw: 4000 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 ipfw: 4204 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 ipfw: 4304 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 ipfw: 4400 Accept TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 # Return packet comes back, check-state fires at 2104 (as expected) # Action is logged as 4304 (location of the keep-state rule) # Then continues at 4400 -- UNEXPECTED ipfw: 81 SkipTo 90 TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 ipfw: 92 SkipTo 2000 TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 ipfw: 2000 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 ipfw: 2104 UNKNOWN TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 ipfw: 4304 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 ipfw: 4400 Accept TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 [...] From owner-freebsd-ipfw@freebsd.org Sun May 27 15:32:53 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9452F77FC0 for ; Sun, 27 May 2018 15:32:53 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48CF583E8F for ; Sun, 27 May 2018 15:32:53 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (115-166-25-190.dyn.iinet.net.au [115.166.25.190]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w4RFWfYu056283 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 27 May 2018 08:32:44 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Unexpected behavior ipfw check-state with count tag or call To: Jeff , freebsd-ipfw@freebsd.org References: <583c0634-c87c-5502-300b-6450253f71a7@wagsky.com> From: Julian Elischer Message-ID: Date: Sun, 27 May 2018 23:32:35 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <583c0634-c87c-5502-300b-6450253f71a7@wagsky.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 May 2018 15:32:53 -0000 On 27/5/18 9:03 am, Jeff wrote: > TL;DR > > If an ipfw rule's action is "count [tag]" or "call" and initiates a > keep-state, when the check-state is matched, the execution not only > performs the action of the original rule, but also the rule > number. This results in the "continuation" being not where the > check-state was executed but where the corresponding keep-state is > numbered. yes, that is executed though not really documented. > > Before I either file a ticket or start to work on the code or docs, > is this intended behavior? > > --- > > Context: > > IPv4 and NAT -- Capture the "established" connections on egress by use > of a "count tag XXX keep-state :out-ifN" rule. When a "return" packet > arrives, the "check-state :out-ifN" would then tag the packet XXX, > which could be used in identifying it as it flows through the firewall > as "expected from valid connection", even as its addr:port is modified. > You can't "accept keep-state" as the packet still needs NAT on the > way in. > > I've tried "count tag" as well as "call" to "tag ; return" with the > same > results, the "next" rule evaluated is the one following the keep-state > rule, not the check-state rule. > that is expected. the way it is implemented is that the dynamic rule is basically a shortcut to the action part of the static rule that made it. I didn't write it and it surprised me in the beginning but it can be useful as well sometimes. > (I've still got a couple other things I'm going to try as > work-arounds.) > > > Once I've got my rules running here, I'd like to tackle this, but I > don't know if this is a "documentation weakness", or perhaps > unintended behavior, based on the man pages and what I've been able to > find in the code. I know the man page and comments have grown > organically since I started using ipfw back in the 4.0 days and may > not be completely up-to-date. > > If there's any insight into intent of the code before I dive in, I'd > certainly appreciate it! > > Thanks, > > Jeff > > > > > > ipfw(8): > >      check-state [:flowname | :any] >              Checks the packet against the dynamic ruleset.  If a > match is >              found, execute the action associated with the rule which >              generated this dynamic rule, otherwise move to the next > rule. > > "action associated with the rule" -- not the rule itself > > > > ip_fw_dynamic.c has some "interesting" comments: > >  * Each dynamic rule holds a pointer to the parent ipfw rule so >  * we know what action to perform. Dynamic rules are removed when >  * the parent rule is deleted. This can be changed by dyn_keep_states >  * sysctl. >  * >  * There are some limitations with dynamic rules -- we do not >  * obey the 'randomized match', and we do not do multiple >  * passes through the firewall. XXX check the latter!!! > > > > ip_fw2.c appears to the match/dispatch: > > 2191 /* > 2192  * Found dynamic entry, update stats > 2193  * and jump to the 'action' part of > 2194  * the parent rule by setting > 2195  * f, cmd, l and clearing cmdlen. > 2196  */ > > (I haven't pursued the code deeper yet) > > > > > Here are the rules used for confirming this behavior > > > 192.168.0.100 is the management interface > 10.0.0.100 is the "outside" interface, leading to the "true" gateway > 172.217.11.164 is an IP of www.google.com used to drive outside traffic > > 00001 reass > 00010 allow via lo0 > 00011 deny ip from 127.0.0.0/8 to any > 00012 deny ip from any to 127.0.0.0/8 > 00013 deny ip from ::1 to any > 00014 deny ip from any to ::1 > 00020 allow tcp from 192.168.0.100 22 to 192.168.0.100/24 via igb2 > 00021 allow tcp from 192.168.0.100/24 to 192.168.0.100 dst-port 22 > via igb2 > 00080 skipto 90 log proto tcp src-ip 10.0.0.100 via igb0 dst-ip > 172.217.11.164 dst-port 443 > 00081 skipto 90 log proto tcp src-ip 172.217.11.164 src-port 443 > dst-ip 10.0.0.100 via igb0 > 00092 skipto 2000 log not layer2 in > 00093 skipto 3000 log not layer2 out recv * > 00094 skipto 4000 log not layer2 out // not recv * > 00099 deny log // first-stage dispatch problem > 02000 count log // ip_input > 02100 count log tagged 40 > 02104 check-state :IP4_TAG_OUTER_outside log // "established" IPv4 > connections > 02500 count log // Inbound "NAT" of IPv4 > 02510 allow log tagged 40 // "established" IPv4 connections,post-NAT > 02999 deny log // ip_input -- DENY remaining > 03000 deny log // ip_output -- forwarded > 04000 count log // ip_output -- common output > 04204 count log // Outbound "NAT" > 04304 count log tag 40 xmit igb0 keep-state :IP4_TAG_OUTER_outside > 04400 allow log tagged 40 > 04999 deny log // ip_output -- common output -- DENY remaining > 65535 deny ip from any to any > > # First packet goes out, tagged keep-state at 4304, accepted at 4400 > > ipfw: 80 SkipTo 90 TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 > ipfw: 94 SkipTo 4000 TCP 10.0.0.100:45427 172.217.11.164:443 out via > igb0 > ipfw: 4000 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 > ipfw: 4204 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 > ipfw: 4304 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 > ipfw: 4400 Accept TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 > > # Return packet comes back, check-state fires at 2104 (as expected) > # Action is logged as 4304 (location of the keep-state rule) > # Then continues at 4400 -- UNEXPECTED > > ipfw: 81 SkipTo 90 TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 > ipfw: 92 SkipTo 2000 TCP 172.217.11.164:443 10.0.0.100:45427 in via > igb0 > ipfw: 2000 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 > ipfw: 2104 UNKNOWN TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 > ipfw: 4304 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 > ipfw: 4400 Accept TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 > > [...] > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > From owner-freebsd-ipfw@freebsd.org Sun May 27 15:41:54 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A478EF78373 for ; Sun, 27 May 2018 15:41:54 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3FA60843D9 for ; Sun, 27 May 2018 15:41:53 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (115-166-25-190.dyn.iinet.net.au [115.166.25.190]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w4RFfnru056310 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Sun, 27 May 2018 08:41:52 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Unexpected behavior ipfw check-state with count tag or call From: Julian Elischer To: Jeff , freebsd-ipfw@freebsd.org References: <583c0634-c87c-5502-300b-6450253f71a7@wagsky.com> Message-ID: Date: Sun, 27 May 2018 23:41:43 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 May 2018 15:41:54 -0000 On 27/5/18 11:32 pm, Julian Elischer wrote: > On 27/5/18 9:03 am, Jeff wrote: >> TL;DR >> >> If an ipfw rule's action is "count [tag]" or "call" and initiates a >> keep-state, when the check-state is matched, the execution not only >> performs the action of the original rule, but also the rule >> number. This results in the "continuation" being not where the >> check-state was executed but where the corresponding keep-state is >> numbered. > yes, that is executed though not really documented. #$%^%$ spellcheck...   expected.. not executed. > >> >> Before I either file a ticket or start to work on the code or docs, >> is this intended behavior? >> >> --- >> >> Context: >> >> IPv4 and NAT -- Capture the "established" connections on egress by use >> of a "count tag XXX keep-state :out-ifN" rule. When a "return" packet >> arrives, the "check-state :out-ifN" would then tag the packet XXX, >> which could be used in identifying it as it flows through the firewall >> as "expected from valid connection", even as its addr:port is >> modified. >> You can't "accept keep-state" as the packet still needs NAT on the >> way in. >> >> I've tried "count tag" as well as "call" to "tag ; return" with the >> same >> results, the "next" rule evaluated is the one following the keep-state >> rule, not the check-state rule. >> > that is expected. > the way it is implemented is that the dynamic rule is basically a > shortcut to the action part of the static rule that made it. > I didn't write it and it surprised me in the beginning but it can be > useful as well sometimes. > >> (I've still got a couple other things I'm going to try as >> work-arounds.) >> >> >> Once I've got my rules running here, I'd like to tackle this, but I >> don't know if this is a "documentation weakness", or perhaps >> unintended behavior, based on the man pages and what I've been able to >> find in the code. I know the man page and comments have grown >> organically since I started using ipfw back in the 4.0 days and may >> not be completely up-to-date. >> >> If there's any insight into intent of the code before I dive in, I'd >> certainly appreciate it! >> >> Thanks, >> >> Jeff >> >> >> >> >> >> ipfw(8): >> >>      check-state [:flowname | :any] >>              Checks the packet against the dynamic ruleset.  If a >> match is >>              found, execute the action associated with the rule which >>              generated this dynamic rule, otherwise move to the >> next rule. >> >> "action associated with the rule" -- not the rule itself >> >> >> >> ip_fw_dynamic.c has some "interesting" comments: >> >>  * Each dynamic rule holds a pointer to the parent ipfw rule so >>  * we know what action to perform. Dynamic rules are removed when >>  * the parent rule is deleted. This can be changed by dyn_keep_states >>  * sysctl. >>  * >>  * There are some limitations with dynamic rules -- we do not >>  * obey the 'randomized match', and we do not do multiple >>  * passes through the firewall. XXX check the latter!!! >> >> >> >> ip_fw2.c appears to the match/dispatch: >> >> 2191 /* >> 2192  * Found dynamic entry, update stats >> 2193  * and jump to the 'action' part of >> 2194  * the parent rule by setting >> 2195  * f, cmd, l and clearing cmdlen. >> 2196  */ >> >> (I haven't pursued the code deeper yet) >> >> >> >> >> Here are the rules used for confirming this behavior >> >> >> 192.168.0.100 is the management interface >> 10.0.0.100 is the "outside" interface, leading to the "true" gateway >> 172.217.11.164 is an IP of www.google.com used to drive outside >> traffic >> >> 00001 reass >> 00010 allow via lo0 >> 00011 deny ip from 127.0.0.0/8 to any >> 00012 deny ip from any to 127.0.0.0/8 >> 00013 deny ip from ::1 to any >> 00014 deny ip from any to ::1 >> 00020 allow tcp from 192.168.0.100 22 to 192.168.0.100/24 via igb2 >> 00021 allow tcp from 192.168.0.100/24 to 192.168.0.100 dst-port 22 >> via igb2 >> 00080 skipto 90 log proto tcp src-ip 10.0.0.100 via igb0 dst-ip >> 172.217.11.164 dst-port 443 >> 00081 skipto 90 log proto tcp src-ip 172.217.11.164 src-port 443 >> dst-ip 10.0.0.100 via igb0 >> 00092 skipto 2000 log not layer2 in >> 00093 skipto 3000 log not layer2 out recv * >> 00094 skipto 4000 log not layer2 out // not recv * >> 00099 deny log // first-stage dispatch problem >> 02000 count log // ip_input >> 02100 count log tagged 40 >> 02104 check-state :IP4_TAG_OUTER_outside log // "established" IPv4 >> connections >> 02500 count log // Inbound "NAT" of IPv4 >> 02510 allow log tagged 40 // "established" IPv4 connections,post-NAT >> 02999 deny log // ip_input -- DENY remaining >> 03000 deny log // ip_output -- forwarded >> 04000 count log // ip_output -- common output >> 04204 count log // Outbound "NAT" >> 04304 count log tag 40 xmit igb0 keep-state :IP4_TAG_OUTER_outside >> 04400 allow log tagged 40 >> 04999 deny log // ip_output -- common output -- DENY remaining >> 65535 deny ip from any to any >> >> # First packet goes out, tagged keep-state at 4304, accepted at 4400 >> >> ipfw: 80 SkipTo 90 TCP 10.0.0.100:45427 172.217.11.164:443 out via >> igb0 >> ipfw: 94 SkipTo 4000 TCP 10.0.0.100:45427 172.217.11.164:443 out >> via igb0 >> ipfw: 4000 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 >> ipfw: 4204 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 >> ipfw: 4304 Count TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 >> ipfw: 4400 Accept TCP 10.0.0.100:45427 172.217.11.164:443 out via igb0 >> >> # Return packet comes back, check-state fires at 2104 (as expected) >> # Action is logged as 4304 (location of the keep-state rule) >> # Then continues at 4400 -- UNEXPECTED >> >> ipfw: 81 SkipTo 90 TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 >> ipfw: 92 SkipTo 2000 TCP 172.217.11.164:443 10.0.0.100:45427 in via >> igb0 >> ipfw: 2000 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 >> ipfw: 2104 UNKNOWN TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 >> ipfw: 4304 Count TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 >> ipfw: 4400 Accept TCP 172.217.11.164:443 10.0.0.100:45427 in via igb0 >> >> [...] >> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to >> "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > From owner-freebsd-ipfw@freebsd.org Sun May 27 21:00:08 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50B9DEEA28E for ; Sun, 27 May 2018 21:00:08 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id DC3946E519 for ; Sun, 27 May 2018 21:00:07 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 9624CEEA28C; Sun, 27 May 2018 21:00:07 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8378CEEA286 for ; Sun, 27 May 2018 21:00:07 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1E2A06E514 for ; Sun, 27 May 2018 21:00:07 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 50A4913F9D for ; Sun, 27 May 2018 21:00:06 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4RL06kI083029 for ; Sun, 27 May 2018 21:00:06 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4RL06RU083021 for ipfw@FreeBSD.org; Sun, 27 May 2018 21:00:06 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201805272100.w4RL06RU083021@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 27 May 2018 21:00:06 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 May 2018 21:00:08 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag 1 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Mon May 28 19:43:34 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7669FF7AFBA for ; Mon, 28 May 2018 19:43:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id F289E7E1D0 for ; Mon, 28 May 2018 19:43:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 967A3F7AFB2; Mon, 28 May 2018 19:43:33 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C9D7F7AFB0 for ; Mon, 28 May 2018 19:43:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3167E7E1C4 for ; Mon, 28 May 2018 19:43:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 3871120159 for ; Mon, 28 May 2018 19:43:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJhWoT044534 for ; Mon, 28 May 2018 19:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJhWpW044533 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:43:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 189720] [ipfw] [patch] pps action for ipfw Date: Mon, 28 May 2018 19:43:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:43:34 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D189720 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #7 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:44:57 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC28DF7B6F7 for ; Mon, 28 May 2018 19:44:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 2DEDB7E532 for ; Mon, 28 May 2018 19:44:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D746FF7B6F3; Mon, 28 May 2018 19:44:56 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C20D5F7B6F1 for ; Mon, 28 May 2018 19:44:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 72FD87E52B for ; Mon, 28 May 2018 19:44:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 7DE3F2029B for ; Mon, 28 May 2018 19:44:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJitnH047824 for ; Mon, 28 May 2018 19:44:55 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJit1H047823 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:44:55 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 130109] [ipfw] Can not set fib for packets originated from local host Date: Mon, 28 May 2018 19:44:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 7.1-PRERELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:44:57 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D130109 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #2 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:45:08 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F7B3F7B81F for ; Mon, 28 May 2018 19:45:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id DB0297E593 for ; Mon, 28 May 2018 19:45:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 909FAF7B819; Mon, 28 May 2018 19:45:07 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C624F7B818 for ; Mon, 28 May 2018 19:45:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 168A07E58C for ; Mon, 28 May 2018 19:45:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 2B00F202C4 for ; Mon, 28 May 2018 19:45:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJj6sm048327 for ; Mon, 28 May 2018 19:45:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJj6bC048326 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:45:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 26534] [ipfw] Add an option to ipfw to log gid/uid of who caused the rule Date: Mon, 28 May 2018 19:45:06 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:45:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D26534 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #3 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:45:14 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 95F16F7B88D for ; Mon, 28 May 2018 19:45:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 2B3E77E5CB for ; Mon, 28 May 2018 19:45:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id DE05CF7B888; Mon, 28 May 2018 19:45:13 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CBB07F7B886 for ; Mon, 28 May 2018 19:45:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 56D337E5C5 for ; Mon, 28 May 2018 19:45:13 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 764B9202DB for ; Mon, 28 May 2018 19:45:12 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJjCe2048550 for ; Mon, 28 May 2018 19:45:12 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJjCW3048549 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:45:12 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 148091] [ipfw] ipfw ipv6 handling broken. Date: Mon, 28 May 2018 19:45:12 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 8.1-PRERELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:45:14 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D148091 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #3 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:46:56 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FDCCF7C3C1 for ; Mon, 28 May 2018 19:46:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 92FCF7EB77 for ; Mon, 28 May 2018 19:46:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3FE95F7C3B6; Mon, 28 May 2018 19:46:55 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00A66F7C3B2 for ; Mon, 28 May 2018 19:46:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACC837EB6C for ; Mon, 28 May 2018 19:46:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id BCD592044A for ; Mon, 28 May 2018 19:46:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJkrRI052734 for ; Mon, 28 May 2018 19:46:53 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJkrU0052733 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:46:53 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 121807] [request] TCP and UDP port_table in ipfw Date: Mon, 28 May 2018 19:46:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:46:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D121807 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #5 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:47:24 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7771F7C647 for ; Mon, 28 May 2018 19:47:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0CCF37ECBE for ; Mon, 28 May 2018 19:47:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id A69C4F7C63E; Mon, 28 May 2018 19:47:23 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8EF60F7C63B for ; Mon, 28 May 2018 19:47:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 348667ECB6 for ; Mon, 28 May 2018 19:47:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 65199204BF for ; Mon, 28 May 2018 19:47:22 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJlMUU053886 for ; Mon, 28 May 2018 19:47:22 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJlMsN053885 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:47:22 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 123358] [ipfw] ipfw add 1000 allow IP from any to any doesn't work Date: Mon, 28 May 2018 19:47:22 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 6.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:47:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D123358 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #4 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:49:37 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B49C2F7D2A9 for ; Mon, 28 May 2018 19:49:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 36F9B7F2C4 for ; Mon, 28 May 2018 19:49:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id DCF90F7D295; Mon, 28 May 2018 19:49:36 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C230FF7D293 for ; Mon, 28 May 2018 19:49:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 477597F2BA for ; Mon, 28 May 2018 19:49:36 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 6C6B9206FC for ; Mon, 28 May 2018 19:49:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJnZDO059245 for ; Mon, 28 May 2018 19:49:35 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJnZSg059244 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:49:35 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 178480] [ipfw] dynamically loaded ipfw with a vimage kernel don't work. Date: Mon, 28 May 2018 19:49:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:49:37 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D178480 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #4 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 28 19:50:21 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2B743F7D6CB for ; Mon, 28 May 2018 19:50:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 9C6277F4D4 for ; Mon, 28 May 2018 19:50:20 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 3B74DF7D6B7; Mon, 28 May 2018 19:50:20 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C4632F7D6AB for ; Mon, 28 May 2018 19:50:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 59AA97F4C2 for ; Mon, 28 May 2018 19:50:19 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 7FE90207B1 for ; Mon, 28 May 2018 19:50:18 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4SJoIQe061162 for ; Mon, 28 May 2018 19:50:18 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4SJoIEZ061161 for ipfw@FreeBSD.org; Mon, 28 May 2018 19:50:18 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 167822] [ipfw] [patch] start script doesn't load firewall_type if set in rc.conf.d/ipfw Date: Mon, 28 May 2018 19:50:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 8.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: eadler@FreeBSD.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2018 19:50:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D167822 Eitan Adler changed: What |Removed |Added ---------------------------------------------------------------------------- Status|In Progress |Open --- Comment #5 from Eitan Adler --- batch change: For bugs that match the following - Status Is In progress=20 AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile= to double check to see if this bug ought to be closed. --=20 You are receiving this mail because: You are the assignee for the bug.=