Date: Thu, 25 Mar 2004 02:39:44 -0800 (PST) From: Grant Millar <co0lkizz@btinternet.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/64694: UID/GID matching in ipfw non-functional Message-ID: <200403251039.i2PAdiiP050339@www.freebsd.org> Resent-Message-ID: <200403251040.i2PAeFhP031609@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64694
>Category: misc
>Synopsis: UID/GID matching in ipfw non-functional
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 25 02:40:15 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Grant Millar
>Release: 4.9-RELEASE
>Organization:
Uneix Internet Services
>Environment:
FreeBSD uneix.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Thu Mar 25 08:22:06 CST 2004 fdc@box.domain.com:/usr/src/sys/compile/GENERIC i386
>Description:
When adding the following rules uid matching on ipfw is totally
ignored as we can see no packets are getting through on the ip with
uid maching enabled, packets are allowed in but not out.
00100 3 144 allow tcp from any to 66.X.X.2
00200 0 0 allow tcp from 66.X.X.2 to any uid root
00300 3 132 deny tcp from 66.X.X.2 to any
65535 28440 2522637 allow ip from any to any
Clearly you can see this is a substantial problem as now we cannot
restrict access to ip's which could cause problems, i've also tried to
solve this problem by upgrading to 5.2.1-RELEASE but had exactly the
same problem.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403251039.i2PAdiiP050339>