Date: 21 Nov 1999 01:01:52 -0000 From: trost@cloud.rain.com To: FreeBSD-gnats-submit@freebsd.org Subject: conf/15010: "client" firewall configuration kills incoming broadcast Message-ID: <19991121010152.4793.qmail@grey.cloud.rain.com>
next in thread | raw e-mail | index | archive | help
>Number: 15010
>Category: conf
>Synopsis: "client" firewall configuration kills incoming broadcast
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 20 17:10:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Bill Trost
>Release: FreeBSD 3.3-STABLE i386
>Organization:
Trost Computing
>Environment:
rc.conf configured with firewall_enable=YES and firewall_type=client
>Description:
As provided, the "client" firewall type does not permit the
host to receive broadcast packets from its local network.
>How-To-Repeat:
Set the flags. Install something that needs to receive broadcast
(e.g., Samba's nmdb). Watch nothing happen.
>Fix:
(Just a suggestion).
--- rc.firewall.old Mon Nov 8 19:04:02 1999
+++ rc.firewall Sat Nov 20 16:58:11 1999
@@ -100,9 +100,11 @@
mask="255.255.255.0"
ip="192.168.4.17"
- # Allow any traffic to or from my own net.
- $fwcmd add pass all from ${ip} to ${net}:${mask}
- $fwcmd add pass all from ${net}:${mask} to ${ip}
+ # Allow any traffic to or from my own net, including
+ # broadcast traffic.
+ $fwcmd add pass all from ${net}:${mask} to ${net}:${mask} via $ip
+ # undirected broadcast, too
+ $fwcmd add pass all from 255.255.255.255 to $ip via $ip
# Allow TCP through if setup succeeded
$fwcmd add pass tcp from any to any established
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991121010152.4793.qmail>