From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 27 11:01:49 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA3EA16A430 for ; Mon, 27 Jun 2005 11:01:49 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B483143D48 for ; Mon, 27 Jun 2005 11:01:49 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5RB1neJ043037 for ; Mon, 27 Jun 2005 11:01:49 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5RB1m7t043031 for freebsd-ipfw@freebsd.org; Mon, 27 Jun 2005 11:01:48 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 27 Jun 2005 11:01:48 GMT Message-Id: <200506271101.j5RB1m7t043031@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 11:01:49 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2005/05/11] bin/80913 ipfw /sbin/ipfw2 silently discards MAC addr ar 1 problem total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2004/10/29] kern/73276 ipfw ipfw2 vulnerability (parser error) o [2005/02/01] kern/76971 ipfw ipfw antispoof incorrectly blocks broadca o [2005/02/15] kern/77570 ipfw [PATCH] ipfw: Multiple rules may have the o [2005/05/05] kern/80642 ipfw [patch] IPFW small patch - new RULE OPTIO 4 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 27 11:02:27 2005 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2681516A41F for ; Mon, 27 Jun 2005 11:02:27 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 125C443D4C for ; Mon, 27 Jun 2005 11:02:27 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5RB2Qcd043567 for ; Mon, 27 Jun 2005 11:02:26 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5RB2QRJ043561 for ipfw@freebsd.org; Mon, 27 Jun 2005 11:02:26 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 27 Jun 2005 11:02:26 GMT Message-Id: <200506271102.j5RB2QRJ043561@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 11:02:27 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct o [2004/11/13] kern/73910 ipfw [ipfw] serious bug on forwarding of packe o [2004/11/19] kern/74104 ipfw ipfw2/1 conflict not detected or reported f [2004/12/25] i386/75483 ipfw ipfw count does not count 8 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 29 12:20:15 2005 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E30716A41C; Wed, 29 Jun 2005 12:20:15 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3597D43D1D; Wed, 29 Jun 2005 12:20:15 +0000 (GMT) (envelope-from arved@FreeBSD.org) Received: from freefall.freebsd.org (arved@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j5TCKFef036920; Wed, 29 Jun 2005 12:20:15 GMT (envelope-from arved@freefall.freebsd.org) Received: (from arved@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j5TCKExq036916; Wed, 29 Jun 2005 12:20:14 GMT (envelope-from arved) Date: Wed, 29 Jun 2005 12:20:14 GMT From: Tilman Linneweh Message-Id: <200506291220.j5TCKExq036916@freefall.freebsd.org> To: arved@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/82724: Add setnexthop and defaultroute features to ipfw2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 12:20:15 -0000 Synopsis: Add setnexthop and defaultroute features to ipfw2 Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: arved Responsible-Changed-When: Wed Jun 29 12:19:56 GMT 2005 Responsible-Changed-Why: Over to ipfw maintainers http://www.freebsd.org/cgi/query-pr.cgi?pr=82724 From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 29 16:26:56 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3072716A41C for ; Wed, 29 Jun 2005 16:26:56 +0000 (GMT) (envelope-from aymeric.muntz@free.fr) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id E38FA43D49 for ; Wed, 29 Jun 2005 16:26:55 +0000 (GMT) (envelope-from aymeric.muntz@free.fr) Received: from serveur.thrruss.org (unknown [81.56.231.36]) by postfix3-2.free.fr (Postfix) with ESMTP id E3160C050 for ; Wed, 29 Jun 2005 18:26:54 +0200 (CEST) Received: from artemis (artemis [192.168.2.2]) by serveur.thrruss.org (8.13.0/8.13.0) with SMTP id j5TGQwPb024345 for ; Wed, 29 Jun 2005 18:26:59 +0200 From: "Aymeric MUNTZ" To: Date: Wed, 29 Jun 2005 18:27:20 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Subject: strange dummynet WFQ problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 16:26:56 -0000 Hi guys I have a strange problem. here is a simple sample my conf (hic!): # ipfw list 00005 allow ip from any to any via lo0 00006 deny ip from any to 127.0.0.0/8 00007 deny ip from 127.0.0.0/8 to any 00011 divert 8668 ip from any to any via ext 21046 queue 8 ip from any to 172.20.1.23 21047 queue 9 ip from 172.20.1.23 to any 65535 allow ip from any to any bash-2.05b# ipfw pipe list 00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 ... q00008: weight 4 pipe 1 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp dns address/53 172.20.1.195/3007 1032 254524 0 0 0 q00009: weight 4 pipe 2 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp 172.20.1.195/68 255.255.255.255/67 589 53330 0 0 0 The thing is that: -it looks that datas are going through the corrects queues, -each queue is correctly linked to a pipe -there is not accounting on both pipes -only dns packets are shown by this command. My wonders are: -How can I be sure that my queues are correctly linked to the pipes? -Why don't I have accounting on the pipes? -Why don't I get other than dns packet accounting? Sorry for the english Thanks for the answer Cheers Alex From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 29 16:27:24 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F347616A41C for ; Wed, 29 Jun 2005 16:27:23 +0000 (GMT) (envelope-from alexandre.delay@free.fr) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id B58AB43D49 for ; Wed, 29 Jun 2005 16:27:23 +0000 (GMT) (envelope-from alexandre.delay@free.fr) Received: from serveur.thrruss.org (unknown [81.56.231.36]) by postfix3-2.free.fr (Postfix) with ESMTP id AAA33C0B4 for ; Wed, 29 Jun 2005 18:27:22 +0200 (CEST) Received: from artemis (artemis [192.168.2.2]) by serveur.thrruss.org (8.13.0/8.13.0) with SMTP id j5TGRQti024350 for ; Wed, 29 Jun 2005 18:27:27 +0200 From: "Alexandre D." To: Date: Wed, 29 Jun 2005 18:27:48 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Subject: strange dummynet WFQ problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 16:27:24 -0000 Hi guys I have a strange problem. here is a simple sample my conf (hic!): # ipfw list 00005 allow ip from any to any via lo0 00006 deny ip from any to 127.0.0.0/8 00007 deny ip from 127.0.0.0/8 to any 00011 divert 8668 ip from any to any via ext 21046 queue 8 ip from any to 172.20.1.23 21047 queue 9 ip from 172.20.1.23 to any 65535 allow ip from any to any bash-2.05b# ipfw pipe list 00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 ... q00008: weight 4 pipe 1 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp dns address/53 172.20.1.195/3007 1032 254524 0 0 0 q00009: weight 4 pipe 2 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 udp 172.20.1.195/68 255.255.255.255/67 589 53330 0 0 0 The thing is that: -it looks that datas are going through the corrects queues, -each queue is correctly linked to a pipe -there is not accounting on both pipes -only dns packets are shown by this command. My wonders are: -How can I be sure that my queues are correctly linked to the pipes? -Why don't I have accounting on the pipes? -Why don't I get other than dns packet accounting? Sorry for the english Thanks for the answer Cheers Alex From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 29 16:32:51 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 524B116A41C for ; Wed, 29 Jun 2005 16:32:51 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1F23943D4C for ; Wed, 29 Jun 2005 16:32:51 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id j5TGWnej044216; Wed, 29 Jun 2005 09:32:49 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id j5TGWm0V044215; Wed, 29 Jun 2005 09:32:48 -0700 (PDT) (envelope-from rizzo) Date: Wed, 29 Jun 2005 09:32:48 -0700 From: Luigi Rizzo To: "Alexandre D." Message-ID: <20050629093248.A44168@xorpc.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from alexandre.delay@free.fr on Wed, Jun 29, 2005 at 06:27:48PM +0200 Cc: freebsd-ipfw@freebsd.org Subject: Re: strange dummynet WFQ problem X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2005 16:32:51 -0000 hi, when a pipe or queue has a mask of all 0's it only shows the addresses of the first packet that matched, so you don't have to worry about that. Also, if queues are linked to the pipe, the accounting is done on the queues and not on the pipe. cheers luigi On Wed, Jun 29, 2005 at 06:27:48PM +0200, Alexandre D. wrote: > > Hi guys > > I have a strange problem. > > here is a simple sample my conf (hic!): > > # ipfw list > 00005 allow ip from any to any via lo0 > 00006 deny ip from any to 127.0.0.0/8 > 00007 deny ip from 127.0.0.0/8 to any > 00011 divert 8668 ip from any to any via ext > 21046 queue 8 ip from any to 172.20.1.23 > 21047 queue 9 ip from 172.20.1.23 to any > 65535 allow ip from any to any > > bash-2.05b# ipfw pipe list > 00001: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00002: 1.024 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > ... > q00008: weight 4 pipe 1 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte > Drp > 0 udp dns address/53 172.20.1.195/3007 1032 254524 0 0 > 0 > q00009: weight 4 pipe 2 50 sl. 1 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte > Drp > 0 udp 172.20.1.195/68 255.255.255.255/67 589 53330 0 0 > 0 > > > The thing is that: > -it looks that datas are going through the corrects queues, > -each queue is correctly linked to a pipe > -there is not accounting on both pipes > -only dns packets are shown by this command. > > > My wonders are: > -How can I be sure that my queues are correctly linked to the pipes? > -Why don't I have accounting on the pipes? > -Why don't I get other than dns packet accounting? > > Sorry for the english > > Thanks for the answer > > Cheers > > Alex > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 1 01:47:41 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 962FF16A41C; Fri, 1 Jul 2005 01:47:41 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3900B43D1F; Fri, 1 Jul 2005 01:47:41 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([69.172.31.81]) by mta10.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with SMTP id <20050701014740.YCTK19267.mta10.adelphia.net@barbish>; Thu, 30 Jun 2005 21:47:40 -0400 From: "fbsd_user" To: "Freebsd-Ipfw@Freebsd. Org" Date: Thu, 30 Jun 2005 21:47:35 -0400 Message-ID: MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-questions@FreeBSD. ORG" Subject: ipfw2 and clearing a rules state table records X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 01:47:41 -0000 Is there a way in 5.4 ipfw2 to reset/delete/clear a stateful rule's records in the state table? From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 1 09:23:57 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC14216A41F for ; Fri, 1 Jul 2005 09:23:57 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9385C43D1F for ; Fri, 1 Jul 2005 09:23:57 +0000 (GMT) (envelope-from dmitry.mityugov@gmail.com) Received: by wproxy.gmail.com with SMTP id i4so277891wra for ; Fri, 01 Jul 2005 02:23:57 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=c0Ru/mR7WYbfyMhLyBZPbR/NhHmh9uLNwbPmkbCMGhcRJ5WrZv/S0DaR/xGw3XA+ftpAdrpwRpioaWbR6ricB9iRJqvmx6aIrXYxmu7a/Jjy/cUHORY/pyleByYI9IIU1k7ONyM+S/x7ftxbOiefUmWC8Mm3F1Z2OdrlZjnYWvs= Received: by 10.54.45.21 with SMTP id s21mr1283535wrs; Fri, 01 Jul 2005 02:23:56 -0700 (PDT) Received: by 10.54.56.33 with HTTP; Fri, 1 Jul 2005 02:23:56 -0700 (PDT) Message-ID: Date: Fri, 1 Jul 2005 13:23:56 +0400 From: Dmitry Mityugov To: fbsd_user@a1poweruser.com In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Cc: "Freebsd-Ipfw@Freebsd. Org" , "freebsd-questions@FreeBSD. ORG" Subject: Re: ipfw2 and clearing a rules state table records X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dmitry Mityugov List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:23:58 -0000 On 7/1/05, fbsd_user wrote: > Is there a way in 5.4 ipfw2 to reset/delete/clear a stateful rule's recor= ds > in the state table? Never tried this myself, but probably by temporarily lowering net.inet.ip.fw.dyn_*_lifetime? --=20 Dmitry "We live less by imagination than despite it" - Rockwell Kent, "N by E" From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 1 09:45:54 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B67E216A41C for ; Fri, 1 Jul 2005 09:45:54 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E10243D1F for ; Fri, 1 Jul 2005 09:45:53 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.8.8] (14.80-203-184.nextgentel.com [80.203.184.14]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id j619jqwl032303 for ; Fri, 1 Jul 2005 11:45:52 +0200 Message-ID: <42C510C0.3020807@wm-access.no> Date: Fri, 01 Jul 2005 11:45:36 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Freebsd-Ipfw@Freebsd. Org" References: In-Reply-To: X-Enigmail-Version: 0.92.0.0 OpenPGP: id=AE7F1636 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: ipfw2 and clearing a rules state table records X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Jul 2005 09:45:54 -0000 fbsd_user wrote: > Is there a way in 5.4 ipfw2 to reset/delete/clear a stateful rule's records > in the state table? I think the manual says that if you remove the rule that created the dynamic rule (stateful rule record) then the dynamic rule will disappear. Verify this with the manual. -- Sten Daniel Sørsdal From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 2 11:00:19 2005 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F414D16A41C for ; Sat, 2 Jul 2005 11:00:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id DD42B43D49 for ; Sat, 2 Jul 2005 11:00:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j62B0Icj024031 for ; Sat, 2 Jul 2005 11:00:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j62B0Iqw024030; Sat, 2 Jul 2005 11:00:18 GMT (envelope-from gnats) Date: Sat, 2 Jul 2005 11:00:18 GMT Message-Id: <200507021100.j62B0Iqw024030@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Yar Tikhiy Cc: Subject: Re: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Yar Tikhiy List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2005 11:00:19 -0000 The following reply was made to PR kern/77570; it has been noted by GNATS. From: Yar Tikhiy To: bug-followup@FreeBSD.org, dunstan@freebsd.czest.pl, maxim@macomnet.ru Cc: Subject: Re: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. Date: Sat, 2 Jul 2005 14:51:17 +0400 Folks, Sorry, I haven't looked at how the discussion on freebsd-ipfw is going on ;-) but I can tell for myself that I consider having this "bug" in ipfw very useful. I use it often when I have to add some rules to a firewall temporarily and then remove them after a while. I add the temporary rules with the same rule number and then just type "ipfw d " once instead of having to remove each rule separately, which would be the case if the "bug" were "fixed". OTOH, thou shouldst abstain from messing with ipfw while having the morning cloudiness in thy mind and tremor in thy hands ;-))) Therefore I vote for closing this PR after making sure the current behaviour is well documented on the ipfw(8) manpage. -- Yar From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 2 11:06:26 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A4716A41C for ; Sat, 2 Jul 2005 11:06:26 +0000 (GMT) (envelope-from h-k@mail.ru) Received: from mx6.mail.ru (mx6.mail.ru [194.67.23.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C73143D1D for ; Sat, 2 Jul 2005 11:06:26 +0000 (GMT) (envelope-from h-k@mail.ru) Received: from [217.117.113.177] (port=34126 helo=217.117.113.177) by mx6.mail.ru with esmtp id 1DofpI-0001bY-00 for freebsd-ipfw@FreeBSD.org; Sat, 02 Jul 2005 15:06:24 +0400 Date: Sat, 2 Jul 2005 15:06:43 +0400 From: dawnshade X-Mailer: The Bat! (v1.62 Christmas Edition) X-Priority: 3 (Normal) Message-ID: <933699484.20050702150643@mail.ru> To: freebsd-ipfw@FreeBSD.org In-Reply-To: <200507021100.j62B0Iqw024030@freefall.freebsd.org> References: <200507021100.j62B0Iqw024030@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected Cc: Subject: Re[2]: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dawnshade List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2005 11:06:26 -0000 Hello Yar, Saturday, July 2, 2005, 3:00:18 PM, you wrote: YT> The following reply was made to PR kern/77570; it has been noted by GNATS. YT> From: Yar Tikhiy YT> To: bug-followup@FreeBSD.org, dunstan@freebsd.czest.pl, maxim@macomnet.ru YT> Cc: YT> Subject: Re: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. YT> Date: Sat, 2 Jul 2005 14:51:17 +0400 YT> Folks, YT> Sorry, I haven't looked at how the discussion on freebsd-ipfw is YT> going on ;-) but I can tell for myself that I consider having this YT> "bug" in ipfw very useful. agree with this.. ---------- Best regards, dawnshade mailto:h-k@mail.ru From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 2 13:10:37 2005 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AF4516A41F; Sat, 2 Jul 2005 13:10:37 +0000 (GMT) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FA7543D1F; Sat, 2 Jul 2005 13:10:37 +0000 (GMT) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j62DAaw4041454; Sat, 2 Jul 2005 13:10:36 GMT (envelope-from maxim@freefall.freebsd.org) Received: (from maxim@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j62DAa8n041450; Sat, 2 Jul 2005 13:10:36 GMT (envelope-from maxim) Date: Sat, 2 Jul 2005 13:10:36 GMT From: Maxim Konovalov Message-Id: <200507021310.j62DAa8n041450@freefall.freebsd.org> To: dunstan@freebsd.czest.pl, maxim@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/77570: [PATCH] ipfw: Multiple rules may have the same number. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jul 2005 13:10:37 -0000 Synopsis: [PATCH] ipfw: Multiple rules may have the same number. State-Changed-From-To: open->closed State-Changed-By: maxim State-Changed-When: Sat Jul 2 12:49:16 GMT 2005 State-Changed-Why: The proposed ipfw behaviour will hurt, break POLA, induce tsunami, pandemics, economic disasters, nuclear war and end with the Armageddon. http://www.freebsd.org/cgi/query-pr.cgi?pr=77570