Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Apr 2004 14:02:05 +0100
From:      "Grant Millar" <Co0lkizz@btinternet.com>
To:        <freebsd-ipfw@freebsd.org>
Subject:   FW: misc/64694: UID/GID matching in ipfw non-functional
Message-ID:  <000801c41b0e$326c0a90$0300a8c0@B77>

Next in thread | Raw E-Mail | Index | Archive | Help
I understand this but it should not mean that uid matching should not
work 
for ALL sockets am I correct. This all started by a friend of mine
entering 
exactly the same rules in my rule set as his and it not working he too
was 
using 4.9 Release and we compiled our kernels with exactly the same
options
this is what lead me the submit this as a bug. I mean why even implement
uid
matching if it does not work...

Another example, I setup an ircd on the IP 66.90.x.236 on the uid admin
and add the following rules to ipfw,

01600  21092  1981319 allow ip from any to 66.90.x.236 in
01700     90    10033 allow ip from 66.90.x.236 to any out via fxp0 uid
admin
01800    144    13517 deny ip from 66.90.x.236 to any

The 90 packets being accepted were from just before I added the deny
rule
after adding the deny rule all packets were dropped.

Does anyone agree that this is a problem?

Grant



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000801c41b0e$326c0a90$0300a8c0>