From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec  5 11:02:09 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A479916A420
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 11:02:09 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C028C43D53
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 11:02:01 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (peter@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB5B20Tx023897
	for <freebsd-ipfw@freebsd.org>; Mon, 5 Dec 2005 11:02:00 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Received: (from peter@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB5B1xbx023888
	for freebsd-ipfw@freebsd.org; Mon, 5 Dec 2005 11:01:59 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Date: Mon, 5 Dec 2005 11:01:59 GMT
Message-Id: <200512051101.jB5B1xbx023888@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: peter set sender to
	owner-bugmaster@freebsd.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2005 11:02:09 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2003/04/22] kern/51274  ipfw        [ipfw] [patch] ipfw2 create dynamic rules
f [2003/04/24] kern/51341  ipfw        [ipfw] [patch] ipfw rule 'deny icmp from 
o [2003/12/11] kern/60154  ipfw        [ipfw] ipfw core (crash)
o [2004/03/03] kern/63724  ipfw        [ipfw] IPFW2 Queues dont t work
o [2004/11/13] kern/73910  ipfw        [ipfw] serious bug on forwarding of packe
o [2004/11/19] kern/74104  ipfw        [ipfw] ipfw2/1 conflict not detected or r
o [2005/03/13] conf/78762  ipfw        [ipfw] [patch] /etc/rc.d/ipfw should exce
o [2005/05/11] bin/80913   ipfw        [patch] /sbin/ipfw2 silently discards MAC
o [2005/11/08] kern/88659  ipfw        [modules] ipfw and ip6fw do not work prop
o [2005/11/08] kern/88664  ipfw        [ipfw] ipfw stateful firewalling broken w

10 problems total.

Non-critical problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
a [2001/04/13] kern/26534  ipfw        [ipfw] Add an option to ipfw to log gid/u
o [2002/12/10] kern/46159  ipfw        [ipfw] [patch] ipfw dynamic rules lifetim
o [2003/02/11] kern/48172  ipfw        [ipfw] [patch] ipfw does not log size and
o [2003/03/10] kern/49086  ipfw        [ipfw] [patch] Make ipfw2 log to differen
o [2003/04/09] bin/50749   ipfw        [ipfw] [patch] ipfw2 incorrectly parses p
o [2003/08/26] kern/55984  ipfw        [ipfw] [patch] time based firewalling sup
o [2003/12/30] kern/60719  ipfw        [ipfw] Headerless fragments generate cryp
o [2004/08/03] kern/69963  ipfw        [ipfw] install_state warning about alread
o [2004/09/04] kern/71366  ipfw        [ipfw] "ipfw fwd" sometimes rewrites dest
o [2004/10/22] kern/72987  ipfw        [ipfw] ipfw/dummynet pipe/queue 'queue [B
o [2004/10/29] kern/73276  ipfw        [ipfw] [patch] ipfw2 vulnerability (parse
o [2005/02/01] kern/76971  ipfw        [ipfw] ipfw antispoof incorrectly blocks 
o [2005/03/13] bin/78785   ipfw        [ipfw] [patch] ipfw verbosity locks machi
o [2005/05/05] kern/80642  ipfw        [ipfw] [patch] ipfw small patch - new RUL
o [2005/06/28] kern/82724  ipfw        [ipfw] [patch] Add setnexthop and default
o [2005/10/05] kern/86957  ipfw        [ipfw] [patch] ipfw mac logging
o [2005/10/07] kern/87032  ipfw        [ipfw] [patch] ipfw ioctl interface imple
o [2005/12/01] conf/89789  ipfw        [patch] 500.ipfwdenied uses deprecated sy

18 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec  5 13:40:33 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9C9A216A41F
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 13:40:33 +0000 (GMT)
	(envelope-from saurin@dcs.gla.ac.uk)
Received: from mr1.dcs.gla.ac.uk (mr1.dcs.gla.ac.uk [130.209.249.184])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C2E6C43D5A
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 13:40:30 +0000 (GMT)
	(envelope-from saurin@dcs.gla.ac.uk)
Received: from ex1.ad.dcs.gla.ac.uk ([130.209.249.157]:27088)
	by mr1.dcs.gla.ac.uk with esmtp (Exim 4.42) id 1EjGZu-000303-1T
	for freebsd-ipfw@freebsd.org; Mon, 05 Dec 2005 13:40:26 +0000
thread-index: AcX5oXKzvBdKzYucQ52dtSQzsMrWvg==
Thread-Topic: Dummynet and fragments[MESSAGE NOT SCANNED]
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Received: from [130.209.254.20] ([130.209.254.20]) by ex1.ad.dcs.gla.ac.uk
	over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830);
	Mon, 5 Dec 2005 13:40:25 +0000
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Message-ID: <65F10237-5028-4C04-9094-D611B0A1D916@dcs.gla.ac.uk>
Content-Type: text/plain;
	format=flowed;
	charset="US-ASCII";
	delsp=yes
To: <freebsd-ipfw@freebsd.org>
From: "Alvaro Saurin" <saurin@dcs.gla.ac.uk>
Date: Mon, 5 Dec 2005 13:46:39 +0000
X-Mailer: Apple Mail (2.746.2)
X-OriginalArrivalTime: 05 Dec 2005 13:40:25.0903 (UTC)
	FILETIME=[72AEB3F0:01C5F9A1]
Subject: Dummynet and fragments[MESSAGE NOT SCANNED]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2005 13:40:33 -0000


Hi,

I was wondering if someone could help me with a small problem with  
dummynet. I have a typical dumbbell configuration where I have a  
FreeBSD 6.0 machine with dummynet. It is something like this:

                                                  *----- ubuntu6
                                                  |     10.10.3.6
                      10.10.1.3      10.10.1.4    |
   ubuntu2 ---[hub]--- ubuntu3------- BSD4------[hub]--- ubuntu5
  10.10.2.2     |     10.10.2.3      10.10.3.4          10.10.3.5
                |
   ubuntu1 -----*
  10.10.2.1

I want to set the delay, bandwidth, etc. limit in BSD4, using  
something like

 >        sudo ipfw add 3 pipe 3 all from ubuntu2 to ubuntu6
 >        sudo ipfw add 4 pipe 4 all from ubuntu6 to ubuntu2
 >        sudo ipfw pipe 3 config bw 12000Kbit/s queue 17500bytes  
delay 5ms
 >        sudo ipfw pipe 4 config bw 12000Kbit/s queue 17500bytes  
delay 5ms

for a limit between 'ubuntu2' and 'ubuntu6', leading to a new rule  
set like

 >        sudo ipfw -a list

00003      0        0 pipe 3 ip from 10.10.2.2 to 10.10.3.6
00004      0        0 pipe 4 ip from 10.10.3.6 to 10.10.2.2
00100   1862   144376 allow ip from any to any via lo0
00200      0        0 deny ip from any to 127.0.0.0/8
00300      0        0 deny ip from 127.0.0.0/8 to any
65000 118952 53165334 allow ip from any to any
65100      0        0 deny log logamount 5000 ip from any to any frag
65535      8      512 deny ip from any to any

 >        sudo ipfw pipe show

00003:  12.000 Mbit/s    5 ms  17 KB 0 queues (1 buckets) droptail
00004:  12.000 Mbit/s    5 ms  17 KB 0 queues (1 buckets) droptail

The problem comes here: if I 'ping'  between these two machines,  
everything is fine, but if I 'ping' with a packet size of, ie, 2000,  
no packets arrive at the receiver. Does it have to do with fragmented  
packets? Do I have to include any other rule for dealing with fragments?

And another question: why do I need to specify a 5ms delay for a  
total RTT of 40ms?

Thanks in advance

Alvaro



-- 
Alvaro Saurin <alvaro.saurin@gmail.com> <saurin@dcs.gla.ac.uk>




From owner-freebsd-ipfw@FreeBSD.ORG  Mon Dec  5 18:34:28 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AF02E16A41F
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 18:34:28 +0000 (GMT)
	(envelope-from estover@nativenerds.com)
Received: from www.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 61EB043D7E
	for <freebsd-ipfw@freebsd.org>; Mon,  5 Dec 2005 18:34:21 +0000 (GMT)
	(envelope-from estover@nativenerds.com)
Received: from host-185-149-111-24.midco.net ([24.111.149.185]
	helo=[192.168.1.89]) by www.nativenerds.com with esmtpa (Exim 4.50)
	id 1EjLBD-000I42-Oq; Mon, 05 Dec 2005 11:35:15 -0700
Message-ID: <4394891E.2090400@nativenerds.com>
Date: Mon, 05 Dec 2005 11:38:22 -0700
From: Ed Stover <estover@nativenerds.com>
Organization: Native Nerds
User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051118)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nicolas Blais <nb_root@videotron.ca>
References: <200510031816.26658.nb_root@videotron.ca>
In-Reply-To: <200510031816.26658.nb_root@videotron.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Automatically add attacks to deny list?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: estover@nativenerds.com
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2005 18:34:28 -0000

Nicolas Blais wrote:
> Hi,
> 
> Whenever someone tries a portscan or http server vulnerability scan on my 
> system, I have to manually add their ip in my /etc/ipfw.conf file such as:
> add 100 deny all from xx.xxx.xxx.xxx to any
> 
> Is there a way, without enabling blackhole, to dynamically add ips to my 
> blacklist after a certain packet/sec limit or some other way?
> 
> Thanks,
> Nicolas.

Portsentry is probably your best bet. It is probably the easiest 
effective security tool I have used for doing things of this nature. It 
  will detect port scanning and utilize tcp wrappers to block that the 
offending IP. Installation is a breeze, it's in security section of ports!


From owner-freebsd-ipfw@FreeBSD.ORG  Tue Dec  6 21:01:07 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8E85516A420;
	Tue,  6 Dec 2005 21:01:07 +0000 (GMT)
	(envelope-from oleg@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2AC9B43D79;
	Tue,  6 Dec 2005 21:01:06 +0000 (GMT)
	(envelope-from oleg@FreeBSD.org)
Received: from freefall.freebsd.org (oleg@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB6L157B053507;
	Tue, 6 Dec 2005 21:01:05 GMT
	(envelope-from oleg@freefall.freebsd.org)
Received: (from oleg@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB6L15Gs053503;
	Tue, 6 Dec 2005 21:01:05 GMT (envelope-from oleg)
Date: Tue, 6 Dec 2005 21:01:05 GMT
From: Oleg Bulyzhin <oleg@FreeBSD.org>
Message-Id: <200512062101.jB6L15Gs053503@freefall.freebsd.org>
To: deskpot@dot.aerodome.ru, oleg@FreeBSD.org, freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of
	ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Dec 2005 21:01:07 -0000

Synopsis: [patch] 500.ipfwdenied uses deprecated syntax of ipfw

State-Changed-From-To: open->feedback
State-Changed-By: oleg
State-Changed-When: Tue Dec 6 20:53:24 GMT 2005
State-Changed-Why: 

What is CVS id of your /etc/periodic/security/500.ipfwdenied file? The issue
you are talking about was fixed in rev 1.6 almost year ago. It looks like your
system was partially upgraded to RELENG_6_0 (did you ever run mergemaster?).


http://www.freebsd.org/cgi/query-pr.cgi?pr=89789

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec  7 05:52:33 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@FreeBSD.org
Delivered-To: freebsd-ipfw@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90F9116A41F;
	Wed,  7 Dec 2005 05:52:33 +0000 (GMT)
	(envelope-from deskpot@dot.aerodome.ru)
Received: from chronos.mmtel.ru (chronos.mmtel.ru [195.161.102.73])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BEB4943D5A;
	Wed,  7 Dec 2005 05:52:32 +0000 (GMT)
	(envelope-from deskpot@dot.aerodome.ru)
Received: from [195.161.132.101] (helo=abox.home.local)
	by chronos.mmtel.ru with smtp (Exim 4.50)
	id 1Ejs2K-0005IA-EZ; Wed, 07 Dec 2005 08:40:17 +0300
Received: from dub.home.local (postfix@dub.home.local [10.0.0.2])
	by abox.home.local (8.13.3/8.13.3) with ESMTP id jB75eDGm020279;
	Wed, 7 Dec 2005 08:40:13 +0300 (MSK)
Received: by dub.home.local (Postfix, from userid 1000)
	id C9FD1C0ED; Wed,  7 Dec 2005 08:40:12 +0300 (MSK)
To: Oleg Bulyzhin <oleg@FreeBSD.org>
References: <200512062101.jB6L15Gs053503@freefall.freebsd.org>
From: deskpot@dot.aerodome.ru (Vasily Korytov)
Date: Wed, 07 Dec 2005 08:40:12 +0300
Message-ID: <87u0dlpirn.fsf@dub.home.local>
In-Reply-To: <200512062101.jB6L15Gs053503@freefall.freebsd.org> (Oleg
	Bulyzhin's message of "Tue, 6 Dec 2005 21:01:05 GMT")
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-ipfw@FreeBSD.org
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of
	ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2005 05:52:33 -0000

On Tue, 6 Dec 2005 21:01:05 GMT, Oleg Bulyzhin wrote:

> What is CVS id of your /etc/periodic/security/500.ipfwdenied file?

1.5

> The issue you are talking about was fixed in rev 1.6 almost year ago.
> It looks like your system was partially upgraded to RELENG_6_0 (did
> you ever run mergemaster?).

Oops, indeed I did run it -- but only with -p option.
Running it without this option helped. Thanks. =)

-- 
   Oops! I sent it again.

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec  7 14:50:21 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 63C1216A425
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  7 Dec 2005 14:50:21 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 59FBD43D7B
	for <freebsd-ipfw@hub.freebsd.org>;
	Wed,  7 Dec 2005 14:50:10 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB7Eo7BY008278
	for <freebsd-ipfw@freefall.freebsd.org>; Wed, 7 Dec 2005 14:50:07 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB7Eo7su008277;
	Wed, 7 Dec 2005 14:50:07 GMT (envelope-from gnats)
Date: Wed, 7 Dec 2005 14:50:07 GMT
Message-Id: <200512071450.jB7Eo7su008277@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: deskpot@dot.aerodome.ru (Vasily Korytov)
Cc: 
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of
	ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Vasily Korytov <deskpot@dot.aerodome.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2005 14:50:21 -0000

The following reply was made to PR conf/89789; it has been noted by GNATS.

From: deskpot@dot.aerodome.ru (Vasily Korytov)
To: Oleg Bulyzhin <oleg@freebsd.org>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of ipfw
Date: Wed, 07 Dec 2005 08:40:12 +0300

 On Tue, 6 Dec 2005 21:01:05 GMT, Oleg Bulyzhin wrote:
 
 > What is CVS id of your /etc/periodic/security/500.ipfwdenied file?
 
 1.5
 
 > The issue you are talking about was fixed in rev 1.6 almost year ago.
 > It looks like your system was partially upgraded to RELENG_6_0 (did
 > you ever run mergemaster?).
 
 Oops, indeed I did run it -- but only with -p option.
 Running it without this option helped. Thanks. =)
 
 -- 
    Oops! I sent it again.

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Dec  7 15:49:18 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E909616A420;
	Wed,  7 Dec 2005 15:49:18 +0000 (GMT)
	(envelope-from oleg@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9B9EC43D53;
	Wed,  7 Dec 2005 15:49:18 +0000 (GMT)
	(envelope-from oleg@FreeBSD.org)
Received: from freefall.freebsd.org (oleg@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB7FnIws016914;
	Wed, 7 Dec 2005 15:49:18 GMT
	(envelope-from oleg@freefall.freebsd.org)
Received: (from oleg@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB7FnIi4016910;
	Wed, 7 Dec 2005 15:49:18 GMT (envelope-from oleg)
Date: Wed, 7 Dec 2005 15:49:18 GMT
From: Oleg Bulyzhin <oleg@FreeBSD.org>
Message-Id: <200512071549.jB7FnIi4016910@freefall.freebsd.org>
To: deskpot@dot.aerodome.ru, oleg@FreeBSD.org, freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Re: conf/89789: [patch] 500.ipfwdenied uses deprecated syntax of
	ipfw
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Dec 2005 15:49:19 -0000

Synopsis: [patch] 500.ipfwdenied uses deprecated syntax of ipfw

State-Changed-From-To: feedback->closed
State-Changed-By: oleg
State-Changed-When: Wed Dec 7 15:48:31 GMT 2005
State-Changed-Why: 
Nothing to do.


http://www.freebsd.org/cgi/query-pr.cgi?pr=89789

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Dec  8 06:00:26 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5CC6116A423
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  8 Dec 2005 06:00:26 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A2FD943D7F
	for <freebsd-ipfw@hub.freebsd.org>;
	Thu,  8 Dec 2005 06:00:21 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB860KiK063741
	for <freebsd-ipfw@freefall.freebsd.org>; Thu, 8 Dec 2005 06:00:20 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB860KXm063740;
	Thu, 8 Dec 2005 06:00:20 GMT (envelope-from gnats)
Date: Thu, 8 Dec 2005 06:00:20 GMT
Message-Id: <200512080600.jB860KXm063740@freefall.freebsd.org>
To: freebsd-ipfw@FreeBSD.org
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: 
Subject: Re: kern/60154: [ipfw] ipfw core (crash)
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2005 06:00:26 -0000

The following reply was made to PR kern/60154; it has been noted by GNATS.

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org
Cc: a.nomm@wap3.net
Subject: Re: kern/60154: [ipfw] ipfw core (crash)
Date: Thu, 08 Dec 2005 08:58:02 +0300

 This is a multi-part message in MIME format.
 --------------080701000609020709080702
 Content-Type: text/plain; charset=KOI8-R; format=flowed
 Content-Transfer-Encoding: 7bit
 
 The following patch can fix this error for CURRENT.
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------080701000609020709080702
 Content-Type: text/plain;
  name="pr-60154.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="pr-60154.diff"
 
 --- ipfw2.c.orig	Thu Dec  8 01:51:14 2005
 +++ ipfw2.c	Thu Dec  8 01:54:59 2005
 @@ -2641,6 +2641,14 @@
  	int masklen;
  	char md;
  
 +	if (len > 30) {
 +		/* 
 +		 * O_IP_SRC_MASK and O_IP_DST_MASK can't have length
 +		 * greater than 31 
 +		 */
 +		errx(EX_DATAERR, "too many addresses");
 +	}
 +	
  	if (p) {
  		md = *p;
  		*p++ = '\0';
 
 --------------080701000609020709080702--
 

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Dec  8 06:27:00 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6393016A41F;
	Thu,  8 Dec 2005 06:27:00 +0000 (GMT)
	(envelope-from maxim@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1DC8943D77;
	Thu,  8 Dec 2005 06:27:00 +0000 (GMT)
	(envelope-from maxim@FreeBSD.org)
Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB86R0O0069347;
	Thu, 8 Dec 2005 06:27:00 GMT
	(envelope-from maxim@freefall.freebsd.org)
Received: (from maxim@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB86QxRl069343;
	Thu, 8 Dec 2005 06:26:59 GMT (envelope-from maxim)
Date: Thu, 8 Dec 2005 06:26:59 GMT
From: Maxim Konovalov <maxim@FreeBSD.org>
Message-Id: <200512080626.jB86QxRl069343@freefall.freebsd.org>
To: maxim@FreeBSD.org, freebsd-ipfw@FreeBSD.org, maxim@FreeBSD.org
Cc: 
Subject: Re: kern/60154: [ipfw] ipfw core (crash)
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2005 06:27:00 -0000

Synopsis: [ipfw] ipfw core (crash)

Responsible-Changed-From-To: freebsd-ipfw->maxim
Responsible-Changed-By: maxim
Responsible-Changed-When: Thu Dec 8 06:26:32 GMT 2005
Responsible-Changed-Why: 


http://www.freebsd.org/cgi/query-pr.cgi?pr=60154

From owner-freebsd-ipfw@FreeBSD.ORG  Thu Dec  8 20:13:01 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3993D16A41F
	for <freebsd-ipfw@freebsd.org>; Thu,  8 Dec 2005 20:13:01 +0000 (GMT)
	(envelope-from guimonda@salu.com)
Received: from salu.com (83-102-232-140.broadband.corbina.ru [83.102.232.140])
	by mx1.FreeBSD.org (Postfix) with SMTP id B58C543D5A
	for <freebsd-ipfw@freebsd.org>; Thu,  8 Dec 2005 20:12:48 +0000 (GMT)
	(envelope-from guimonda@salu.com)
Message-ID: <000001c5fc33$8d4247b0$9273a8c0@diesis>
From: "Jeanna Guimond" <guimonda@salu.com>
To: "Wawrzyniec Mccarter" <freebsd-ipfw@freebsd.org>
Date: Thu, 8 Dec 2005 15:11:19 -0500
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: discontinuous
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Jeanna Guimond <guimonda@salu.com>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2005 20:13:01 -0000


http://www.supessin.com
=20
=20
implementation of the Novgorod process was simple in structure. A
compounds staff created the daily training schedules for each individual
section, and the trainers, both permanent and part-time retirees,
commandeered all individual and group activities while the candidates
carried them out, using only the language of the compound and the
dialects of the specific areas in which they were located. No Russian
was permitted; the rule was tested frequently by the trainers who would
suddenly bark orders or insults in the native language, which the
candidates could not acknowledge understanding. When you say
assignments, Bourne had asked, what do you mean? Situations, mah friend.
Jest about anything you might think of. Like ordering lunch or dinner,
or buying clothes, or fillin the tank of your car, requesting a specific
gasoline ... leaded or unleaded and the