Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Jan 2003 01:43:54 +0100
From:      "Simon L. Nielsen" <>
To:        freebsd-ipfw@FreeBSD.ORG
Subject:   Sanity check in ipfw(8)
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


I recently found a problem where ipfw2 would allow the user to create
firewall rules that does not make sense like (notice udp and setup) :

ipfw add allow udp from any to any setup

I filed a PR (bin/47120) with a "fix" since I thought this was a trivial
change to check in the ipfw userland program for protocol when
specifying options like setup, icmpoptions and the likes. The fix is not
correct since I did not notice that it is possible to use multiple
protocols with or statements.

Now for the point :-)... Is it interesting to have the extra sanity
check in ipfw(8) ? If it is I will try to make a patch that actually
works, but if it isn't there is not much reason to make a new patch...

Btw. could a committer take a quick look at bin/46785 which is a trivial
change to ipfw -h.

Simon L. Nielsen

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)



To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>