From owner-freebsd-current@FreeBSD.ORG Fri May 12 19:51:49 2006 Return-Path: X-Original-To: freebsd-current@www.freebsd.org Delivered-To: freebsd-current@www.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48F7416A7CE for ; Fri, 12 May 2006 19:51:49 +0000 (UTC) (envelope-from ggajic@afrodita.rcub.bg.ac.yu) Received: from afrodita.rcub.bg.ac.yu (afrodita.rcub.bg.ac.yu [147.91.1.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9BA9E43D45 for ; Fri, 12 May 2006 19:51:48 +0000 (GMT) (envelope-from ggajic@afrodita.rcub.bg.ac.yu) Received: from afrodita.rcub.bg.ac.yu (localhost.localdomain [127.0.0.1]) by afrodita.rcub.bg.ac.yu (8.13.6/8.13.4) with ESMTP id k4CJpeNL017197 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 12 May 2006 21:51:40 +0200 Received: from localhost (ggajic@localhost) by afrodita.rcub.bg.ac.yu (8.13.6/8.13.6/Submit) with ESMTP id k4CJpdrj017194 for ; Fri, 12 May 2006 21:51:40 +0200 Date: Fri, 12 May 2006 21:51:38 +0200 (CEST) From: Goran Gajic To: freebsd-current@www.freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-RCUB-MailScanner-Information: Please contact the RCUB if you have problem with mail X-RCUB-MailScanner: Found to be clean X-RCUB-MailScanner-From: ggajic@afrodita.rcub.bg.ac.yu X-Mailman-Approved-At: Fri, 12 May 2006 20:07:45 +0000 Cc: Subject: bug or a feature of ipfw2? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 May 2006 19:51:49 -0000 Hi, I don't know if this is normal behaviour: fbsd# arp -a fbsd (192.168.1.1) at 00:14:85:22:8f:62 on sk0 permanent [ethernet] enterprise (192.168.1.2) at 00:0d:88:6e:6d:b4 on sk0 [ethernet] fbsd# kldload ipfw.ko fbsd# kldload dummynet.ko fbsd# sysctl -n net.link.ether.ipfw=1 0 -> 1 fbsd# ipfw add 100 permit ip from any to any 00100 allow ip from any to any fbsd# ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.362 ms 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.260 ms ^C --- 192.168.1.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.260/0.311/0.362/0.051 ms fbsd# ipfw delete 100 fbsd# ipfw add 100 permit ip from any to any MAC any any 00100 allow ip from any to any MAC any any fbsd# ping 192.168.1.2 PING 192.168.1.2 (192.168.1.2): 56 data bytes ping: sendto: Permission denied ping: sendto: Permission denied ^C --- 192.168.1.2 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss So my question is: if I select dst and src MAC to any shouldn't ipfw let me pass? I've got same result when I've tried ipfw add 100 permit MAC 00:0d:88:6e:6d:b4 any ipfw add 100 permit MAC any 00:14:85:22:8f:62 fbsd# uname -a FreeBSD fbsd 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Sat May 6 19:29:12 CEST 2006 GENERIC config. sk0 is NIC on both machines. Regards, gg.