Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 04 Feb 2001 22:14:48 +0900
From:      Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
To:        freebsd-stable@FreeBSD.org
Subject:   ipfw issue of 4.2-stable
Message-ID:  <20010204221448O.ipfw@ya3.so-net.ne.jp>
next in thread | raw e-mail | index | archive | help 
Hello,

I cvsup'd today at Feb  4 10:18:15 UTC. Everything seem to work fine.
But I found some issue around ipfw.

Before Jan 27 my ipfw produced the following log:

Jan 26 12:53:19 presario /kernel: \
ipfw: 1000 Deny TCP 203.178.141.212:4946 210.132.234.64:113 in via tun0
Jan 27 00:08:52 presario /kernel: \
ipfw: 1000 Deny TCP 216.6.41.141:3573 210.132.228.179:113 in via tun0

However, the log of new system built today produced

Feb  4 21:56:04 presario /kernel: \
ipfw: 500 Accept TCP 210.139.248.31:49208 210.132.234.20:113 in via tun0

Please keep in the mind that I've never changed my ipfw configuration
file essentially.  I only add "pass" in the following line.

add pass log tcp from any to any established

The followings are additional information on my ipfw.

# uname -a 
FreeBSD presario.my.domain 4.2-STABLE FreeBSD 4.2-STABLE #0: \
Sun Feb  4 20:14:24 JST 2001     \
root@presario.my.domain:/usr/obj/usr/src/sys/presario  i386

# ipfw -a list
00100  0    0 allow ip from any to any via lo0
00100  0    0 allow ip from any to any via lo0
00200  0    0 deny ip from any to 127.0.0.0/8
00300  0    0 deny log logamount 100 ip from 192.168.0.0/24 to any in recv tun0
00400  0    0 allow ip from any to any via dc0
00500 45 5284 allow log logamount 100 tcp from any to any established
00600  0    0 allow tcp from any 20 to any in recv tun0 setup
00700  0    0 allow tcp from any to any out xmit tun0 setup
00800  2  133 allow udp from any to any 53 out xmit tun0
00900  2  669 allow udp from any 53 to any in recv tun0
01000  0    0 deny log logamount 100 tcp from any to any in recv tun0 setup
01100  0    0 deny log logamount 100 udp from any to any via tun0
01200  2 3000 allow icmp from any to any
65535  0    0 deny ip from any to any

I guess that ipfw now cannot recoginize some TCP flags.  Before 27
Jan, ident check had been refused by my the rule 1000. 
Is there a problem in my setting? Or, Is there a problem elsewhere?

BTW, I also have -current box. The -current box didnt cause such a 
problem. 

Does someone have some suggestion?

koya


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010204221448O.ipfw>