Date: Mon, 29 Mar 2004 14:40:04 -0800 (PST) From: "Grant Millar" <Co0lkizz@btinternet.com> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/64694: UID/GID matching in ipfw non-functional Message-ID: <200403292240.i2TMe4m4013028@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/64694; it has been noted by GNATS.
From: "Grant Millar" <Co0lkizz@btinternet.com>
To: <freebsd-gnats-submit@FreeBSD.org>, <co0lkizz@btinternet.com>
Cc:
Subject: Re: misc/64694: UID/GID matching in ipfw non-functional
Date: Mon, 29 Mar 2004 23:37:44 +0100
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C415E6.D66CEA60
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Ok so still no clarification as to whether this is an ipfw bug. I've
also tried trying
to match the uid to the current user whom is running the process as well
as root.
00100 1086 99590 allow ip from 66.90.98.2 to any uid root
00200 1556 83728 allow ip from any to 66.90.98.2 in
00400 0 0 deny ip from 66.90.98.2 to any uid root
00500 107 14366 deny ip from 66.90.98.2 to any uid admin
65535 32314 3262298 allow ip from any to any
Seems to be able to deny if a uid is specified so why not any?
Grant
------=_NextPart_000_0001_01C415E6.D66CEA60
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3D"Microsoft Theme 2.00" content=3D"Paw Print.htm 011">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Arial;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-GB link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>Ok so
still no clarification as to whether this is an ipfw bug. I’ve =
also tried
trying </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>to
match the uid to the current user whom is running the process as well as =
root.</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>00100
1086 99590 allow ip from 66.90.98.2 to any uid =
root</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>00200
1556 83728 allow ip from any to 66.90.98.2 =
in</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>00400
0 0 deny ip from 66.90.98.2 to any =
uid root</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>00500
107 14366 deny ip from 66.90.98.2 to any uid =
admin</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>65535
32314 3262298 allow ip from any to any</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>Seems
to be able to deny if a uid is specified so why not =
any?</span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt'>Grant</span></font></p>
</div>
</body>
</html>
------=_NextPart_000_0001_01C415E6.D66CEA60--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403292240.i2TMe4m4013028>