From owner-freebsd-ipfw@freebsd.org Sun Dec 9 15:43:08 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47BC11325442 for ; Sun, 9 Dec 2018 15:43:08 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D25D56FEED for ; Sun, 9 Dec 2018 15:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 903841325441; Sun, 9 Dec 2018 15:43:07 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E997132543E for ; Sun, 9 Dec 2018 15:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0F9796FEE8 for ; Sun, 9 Dec 2018 15:43:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 52388801 for ; Sun, 9 Dec 2018 15:43:06 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wB9Fh6Vh029370 for ; Sun, 9 Dec 2018 15:43:06 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wB9Fh6e9029369 for ipfw@FreeBSD.org; Sun, 9 Dec 2018 15:43:06 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 178480] [ipfw] dynamically loaded ipfw with a vimage kernel don't work. Date: Sun, 09 Dec 2018 15:42:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: joeb1@a1poweruser.com X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: D25D56FEED X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.99)[-0.990,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; NEURAL_HAM_LONG(-0.99)[-0.993,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Dec 2018 15:43:08 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D178480 --- Comment #5 from joeb1@a1poweruser.com --- Now testing 12.0-RC3. This bug still exists. Running vnet jail running on the gateway host. IPF firewall running on the gateway host and ipfw running in the vnet jail. Found out about the undocumented ipfw0 log. This works in each vnet jail logging the vnet jails log records to the /var/log/security.log file in the vnet jail. To enable place the normal ipfw statements in the vnet jails rc.conf with t= hese changes. firewall_logging=3D"NO" firewall_logif=3D"YES" nohup tcpdump -lnti ipfw0 | logger -t jailname -p security.info & This method should be documented someplace. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Sun Dec 9 21:00:39 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 45863132F7B2 for ; Sun, 9 Dec 2018 21:00:39 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id CF8527B77C for ; Sun, 9 Dec 2018 21:00:38 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 8EE94132F7B1; Sun, 9 Dec 2018 21:00:38 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D8BC132F7B0 for ; Sun, 9 Dec 2018 21:00:38 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 210467B771 for ; Sun, 9 Dec 2018 21:00:38 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 3CE9F3340 for ; Sun, 9 Dec 2018 21:00:37 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wB9L0bLh079388 for ; Sun, 9 Dec 2018 21:00:37 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wB9L0bm8079384 for ipfw@FreeBSD.org; Sun, 9 Dec 2018 21:00:37 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201812092100.wB9L0bm8079384@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 9 Dec 2018 21:00:37 +0000 MIME-Version: 1.0 X-Rspamd-Queue-Id: CF8527B77C X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.99)[-0.991,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; NEURAL_HAM_LONG(-0.99)[-0.994,0] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Dec 2018 21:00:39 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New | 232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Mon Dec 10 14:46:04 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FC5D1328ACE for ; Mon, 10 Dec 2018 14:46:04 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 331977C255 for ; Mon, 10 Dec 2018 14:45:58 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBAER1As012217; Mon, 10 Dec 2018 15:27:01 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBAER1br012216; Mon, 10 Dec 2018 15:27:01 +0100 (CET) (envelope-from cei) Date: Mon, 10 Dec 2018 15:27:01 +0100 From: Claudio Eichenberger To: freebsd-ipfw@freebsd.org Subject: ipfw -N show Message-ID: <20181210142701.GA12120@yourshop.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Rspamd-Queue-Id: 331977C255 X-Spamd-Result: default: False [-1.67 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.44)[-0.444,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[yourshop.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.93)[-0.930,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.01)[country: CH(-0.04)]; NEURAL_SPAM_SHORT(0.03)[0.025,0]; MX_GOOD(-0.01)[mail.yourshop.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2018 14:46:04 -0000 Hello, ipfw -N show FreeBSD 11.1 was like this: 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0 FreeBSD 11.2 is like this: 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce0 Does a flag exist to make it report the the old way? Many thanks in advance for your answer King regards Claudio -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon From owner-freebsd-ipfw@freebsd.org Mon Dec 10 16:27:41 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03075132BC06 for ; Mon, 10 Dec 2018 16:27:41 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward103j.mail.yandex.net (forward103j.mail.yandex.net [5.45.198.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ACAF180FEA for ; Mon, 10 Dec 2018 16:27:39 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback19o.mail.yandex.net (mxback19o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::70]) by forward103j.mail.yandex.net (Yandex) with ESMTP id 27E096740DF5; Mon, 10 Dec 2018 19:27:32 +0300 (MSK) Received: from smtp4o.mail.yandex.net (smtp4o.mail.yandex.net [2a02:6b8:0:1a2d::28]) by mxback19o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id MsXD0I5R5i-RVcagBN3; Mon, 10 Dec 2018 19:27:32 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544459252; bh=JPpI+fPh8VvzWZIImpdI8a2gdZPC/ekajDAheoH93AM=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=vvVOLdiV1zkB1UF0Wl45EAvcAFGgNlxvENFFZIRfWrgkPXmCLIGwzOLaZPWN6pqyY irTAfw5/pIkqpsH+cvH1D/ePoIxLM+rk6sPndllOnb7Sx14Qj1zk34XNYA/TqU+9fz JKSTZs3OM2/LVXyxtJhCr+toX0LipiVat7mWW0Ag= Received: by smtp4o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id JMdV1KpPcP-RVpm8mj2; Mon, 10 Dec 2018 19:27:31 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544459251; bh=JPpI+fPh8VvzWZIImpdI8a2gdZPC/ekajDAheoH93AM=; h=Subject:To:References:From:Message-ID:Date:In-Reply-To; b=DXgpClh0gL3w5CiNnheBZFOHJ6Zaa7KfIHbgTiZXYXWRmtWhAJ7ZeiiwGHoZmaYQO CwTUpcWvRBXlU/VqySfOqTQa09R3Mg2IKC05Qyfbqk8TT9W5taEBG12bH+lXzqBgXM TqQAKwuXbdQFQhqUn37SIoQzb030g3TJr+tPQwFI= Authentication-Results: smtp4o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: ipfw -N show To: Claudio Eichenberger , freebsd-ipfw@freebsd.org References: <20181210142701.GA12120@yourshop.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> Date: Mon, 10 Dec 2018 19:25:11 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <20181210142701.GA12120@yourshop.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="IyoZOasa2IoiIxeKSM0H5ygIRgnFVOArb" X-Rspamd-Queue-Id: ACAF180FEA X-Spamd-Result: default: False [-6.97 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip4:5.45.192.0/19]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; MX_GOOD(-0.01)[mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.99)[-0.988,0]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-0.77)[asn: 13238(-3.84), country: RU(0.00)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[246.198.45.5.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:5.45.192.0/18, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru]; FROM_HAS_DN(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2018 16:27:41 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IyoZOasa2IoiIxeKSM0H5ygIRgnFVOArb Content-Type: multipart/mixed; boundary="RK9dBsSlDM3HvDkL1X9yzHEuybEyCeHIC"; protected-headers="v1" From: "Andrey V. Elsukov" To: Claudio Eichenberger , freebsd-ipfw@freebsd.org Message-ID: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> Subject: Re: ipfw -N show References: <20181210142701.GA12120@yourshop.com> In-Reply-To: <20181210142701.GA12120@yourshop.com> --RK9dBsSlDM3HvDkL1X9yzHEuybEyCeHIC Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 10.12.2018 17:27, Claudio Eichenberger wrote: > Hello, >=20 > ipfw -N show > FreeBSD 11.1 was like this: > 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https = in recv bce0 > FreeBSD 11.2 is like this: > 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce= 0 > Does a flag exist to make it report the the old way? > Many thanks in advance for your answer Hi, I just committed two fixes that should solve your problem: https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=3Dlog You can try to apply some of latest patches from this commit log to your source code and then test. --=20 WBR, Andrey V. Elsukov --RK9dBsSlDM3HvDkL1X9yzHEuybEyCeHIC-- --IyoZOasa2IoiIxeKSM0H5ygIRgnFVOArb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwOk2cACgkQAcXqBBDI oXpIKwgAjOJEOU32dnk+/qSxbn0lUSW72iYXYIN9U2TNZKwoXej5xmXTmtNGaxFS 9oJCx3jEeGxA1pjZyuSpXWQq7iAqG/nbMq2cRiTIJQ+iLOXipSpeJlzkn8qO4SGj VToehydKcrXulJ9rlDwncvAbZRjK4DmODccHFfoycVseruD5ZoVqSPCCRLTXooqi xgGapG+6dtWoELNtVCSKtnPzCQh76xXmFZfNgZvFXiHeRr37FlDsceHy8lyyJZhj XPCjVTHId7ABHtH5K+Q/zIwVwaIdrV4BiDiy8pG7HWHfAghXD/EiZ1SDaAnABloO gPTFzUOWrSNyFtTqrEPRFHgQj/XMXA== =Wkz1 -----END PGP SIGNATURE----- --IyoZOasa2IoiIxeKSM0H5ygIRgnFVOArb-- From owner-freebsd-ipfw@freebsd.org Mon Dec 10 18:27:52 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 32880132FA68 for ; Mon, 10 Dec 2018 18:27:52 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6AABC86FF6 for ; Mon, 10 Dec 2018 18:27:51 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBAIRn5A017062; Mon, 10 Dec 2018 19:27:49 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBAIRnPD017061; Mon, 10 Dec 2018 19:27:49 +0100 (CET) (envelope-from cei) Date: Mon, 10 Dec 2018 19:27:49 +0100 From: Claudio Eichenberger To: "Andrey V. Elsukov" Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181210182749.GA16942@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> X-Rspamd-Queue-Id: 6AABC86FF6 X-Spamd-Result: default: False [-1.58 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.37)[-0.369,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; NEURAL_HAM_LONG(-0.88)[-0.876,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[yourshop.com]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mail.yourshop.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.02)[-0.023,0]; IP_SCORE(-0.01)[country: CH(-0.03)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2018 18:27:52 -0000 Hello Andrey, Many thanks! I'll try to test it. Claudio On 2018-12-10 19:25:11, Andrey V. Elsukov wrote: > On 10.12.2018 17:27, Claudio Eichenberger wrote: > > Hello, > > > > ipfw -N show > > FreeBSD 11.1 was like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0 > > FreeBSD 11.2 is like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce0 > > Does a flag exist to make it report the the old way? > > Many thanks in advance for your answer > > Hi, > > I just committed two fixes that should solve your problem: > https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=log > > You can try to apply some of latest patches from this commit log to your > source code and then test. > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon From owner-freebsd-ipfw@freebsd.org Tue Dec 11 13:01:48 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8181013309B7 for ; Tue, 11 Dec 2018 13:01:48 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C1E96DD79 for ; Tue, 11 Dec 2018 13:01:47 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBBD1jwo009026; Tue, 11 Dec 2018 14:01:45 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBBD1jSp009025; Tue, 11 Dec 2018 14:01:45 +0100 (CET) (envelope-from cei) Date: Tue, 11 Dec 2018 14:01:45 +0100 From: Claudio Eichenberger To: "Andrey V. Elsukov" Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211130145.GC4820@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> X-Rspamd-Queue-Id: 9C1E96DD79 X-Spamd-Result: default: False [-1.07 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.35)[-0.349,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; NEURAL_HAM_LONG(-0.88)[-0.882,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[yourshop.com]; NEURAL_SPAM_SHORT(0.48)[0.479,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mail.yourshop.com]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-0.01)[country: CH(-0.03)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 13:01:48 -0000 Hello Andrey, I applied both patches: sigma# diff -u ipfw2.c-000 ipfw2.c --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 @@ -1251,7 +1251,8 @@ (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? 32 : contigmask((uint8_t *)&(a[1]), 32); if (mb == 32 && co.do_resolv) - he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET); + he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), + AF_INET); if (he != NULL) /* resolved to name */ bprintf(bp, "%s", he->h_name); else if (mb == 0) /* any */ @@ -1492,6 +1493,7 @@ bprintf(bp, " %s", pe->p_name); else bprintf(bp, " %u", cmd->arg1); + state->proto = cmd->arg1; break; case O_MACADDR2: print_mac(bp, insntod(cmd, mac)); @@ -1963,10 +1965,10 @@ struct show_state *state) { ipfw_insn *cmd; - int l, proto, ip4, ip6, tmp; + int l, proto, ip4, ip6; /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ - proto = tmp = ip4 = ip6 = 0; + proto = ip4 = ip6 = 0; for (l = state->rule->act_ofs, cmd = state->rule->cmd; l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { switch (cmd->opcode) { @@ -2002,18 +2004,13 @@ if (cmd == NULL || (cmd->len & F_OR)) for (l = proto; l > 0; l--) { cmd = print_opcode(bp, fo, state, O_PROTO); - if (cmd != NULL && (cmd->len & F_OR) == 0) + if (cmd == NULL || (cmd->len & F_OR) == 0) break; - tmp = cmd->arg1; } /* Initialize proto, it is used by print_newports() */ - if (tmp != 0) - state->proto = tmp; - else if (ip6 != 0) - state->proto = IPPROTO_IPV6; - else - state->proto = IPPROTO_IP; state->flags |= HAVE_PROTO; + if (state->proto == 0 && ip6 != 0) + state->proto = IPPROTO_IPV6; } static int unfortunately, ipfw -N show still doesn't print the protocols: 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 Claudio On 2018-12-10 19:25:11, Andrey V. Elsukov wrote: > On 10.12.2018 17:27, Claudio Eichenberger wrote: > > Hello, > > > > ipfw -N show > > FreeBSD 11.1 was like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x dst-port https in recv bce0 > > FreeBSD 11.2 is like this: > > 00600 712189 84865042 allow tcp from any to x.x.x.x 443 in recv bce0 > > Does a flag exist to make it report the the old way? > > Many thanks in advance for your answer > > Hi, > > I just committed two fixes that should solve your problem: > https://svnweb.freebsd.org/base/head/sbin/ipfw/ipfw2.c?view=log > > You can try to apply some of latest patches from this commit log to your > source code and then test. > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon From owner-freebsd-ipfw@freebsd.org Tue Dec 11 14:25:00 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0A811332FDB for ; Tue, 11 Dec 2018 14:25:00 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward102j.mail.yandex.net (forward102j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B1F0A705ED for ; Tue, 11 Dec 2018 14:24:59 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback15j.mail.yandex.net (mxback15j.mail.yandex.net [IPv6:2a02:6b8:0:1619::91]) by forward102j.mail.yandex.net (Yandex) with ESMTP id 9B7261E825CB; Tue, 11 Dec 2018 17:24:57 +0300 (MSK) Received: from smtp3p.mail.yandex.net (smtp3p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:8]) by mxback15j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id WjbP2OKGAH-Ovu8Bmnu; Tue, 11 Dec 2018 17:24:57 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544538297; bh=4jZB8vs8MSXTCvxeXHRmUrBmkmQBA1mCzTdkgyVee/A=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=nbUZZdO+RgGrGqV6k6L0xZWXdlY7Zg55PT5wbWGvg31+huEaQ2HidY2d8D4pUHIAg 6YSsURVwpLiiUHJa8wT3kkkYl7Vul/m5fp48AxKqvh5cgAm7WQzoqno85tw3t2c+f+ xXVDMUDeA5EmZQKsr6JrdzXuQ5TJPt1qec4jHsn4= Received: by smtp3p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id FhlfZR2OXo-Ouoelw9T; Tue, 11 Dec 2018 17:24:56 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544538296; bh=4jZB8vs8MSXTCvxeXHRmUrBmkmQBA1mCzTdkgyVee/A=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=G85ekgJJJP9peX9imGolaLcmz3MlBjWkp3U6+yqpAGI3pV3+wfUX1ahBWO9vHLxSs csj3NnEdC5Ddrpg8s4laKE02REDTWdbBkxPsJ/MQnKzlo6ahpZh0soU4d8g5oDMFdh Tw5bzm2ta4M11IWWyO0QniI/PS1xKWt5aHJDvpng= Authentication-Results: smtp3p.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: ipfw -N show To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> Date: Tue, 11 Dec 2018 17:22:32 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <20181211130145.GC4820@yourshop.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk" X-Rspamd-Queue-Id: B1F0A705ED X-Spamd-Result: default: False [-7.94 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MX_GOOD(-0.01)[cached: mx.yandex.ru]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-1.00)[-0.997,0]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-1.73)[ipnet: 2a02:6b8::/32(-4.82), asn: 13238(-3.85), country: RU(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[2.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; R_DKIM_ALLOW(-0.20)[yandex.ru]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 14:25:01 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk Content-Type: multipart/mixed; boundary="nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA"; protected-headers="v1" From: "Andrey V. Elsukov" To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org Message-ID: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> Subject: Re: ipfw -N show References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> In-Reply-To: <20181211130145.GC4820@yourshop.com> --nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11.12.2018 16:01, Claudio Eichenberger wrote: > Hello Andrey, >=20 > I applied both patches: >=20 >=20 > sigma# diff -u ipfw2.c-000 ipfw2.c > --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 > +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 > @@ -1251,7 +1251,8 @@ > (cmd->o.opcode =3D=3D O_IP_SRC || cmd->o.opcode =3D=3D O_IP_DST) = ? > 32 : contigmask((uint8_t *)&(a[1]), 32); > if (mb =3D=3D 32 && co.do_resolv) > - he =3D gethostbyaddr((char *)&(a[0]), sizeof(u_long), = AF_INET); > + he =3D gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t= ), > + AF_INET); > if (he !=3D NULL) /* resolved to name */ > bprintf(bp, "%s", he->h_name); > else if (mb =3D=3D 0) /* any */ > @@ -1492,6 +1493,7 @@ > bprintf(bp, " %s", pe->p_name); > else > bprintf(bp, " %u", cmd->arg1); > + state->proto =3D cmd->arg1; > break; > case O_MACADDR2: > print_mac(bp, insntod(cmd, mac)); > @@ -1963,10 +1965,10 @@ > struct show_state *state) > { > ipfw_insn *cmd; > - int l, proto, ip4, ip6, tmp; > + int l, proto, ip4, ip6; > =20 > /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ > - proto =3D tmp =3D ip4 =3D ip6 =3D 0; > + proto =3D ip4 =3D ip6 =3D 0; > for (l =3D state->rule->act_ofs, cmd =3D state->rule->cmd; > l > 0; l -=3D F_LEN(cmd), cmd +=3D F_LEN(cmd)) { > switch (cmd->opcode) { > @@ -2002,18 +2004,13 @@ > if (cmd =3D=3D NULL || (cmd->len & F_OR)) > for (l =3D proto; l > 0; l--) { > cmd =3D print_opcode(bp, fo, state, O_PROTO); > - if (cmd !=3D NULL && (cmd->len & F_OR) =3D=3D = 0) > + if (cmd =3D=3D NULL || (cmd->len & F_OR) =3D=3D= 0) > break; > - tmp =3D cmd->arg1; > } > /* Initialize proto, it is used by print_newports() */ > - if (tmp !=3D 0) > - state->proto =3D tmp; > - else if (ip6 !=3D 0) > - state->proto =3D IPPROTO_IPV6; > - else > - state->proto =3D IPPROTO_IP; > state->flags |=3D HAVE_PROTO; > + if (state->proto =3D=3D 0 && ip6 !=3D 0) > + state->proto =3D IPPROTO_IPV6; > } > =20 > static int >=20 >=20 > unfortunately, ipfw -N show still doesn't print the protocols: >=20 > 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 >=20 Did you reinstall the patched version of ipfw(8)? # ipfw add count tcp from any to ya.ru 443 out xmit lagg0 00100 count tcp from any to 87.250.250.242 443 out xmit lagg0 # ipfw -N show 100 00100 0 0 count tcp from any to ya.ru https out xmit lagg0 --=20 WBR, Andrey V. Elsukov --nBwHhdq0zvbfx9v2r0UV4SodlyHmrItJA-- --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwPyCgACgkQAcXqBBDI oXpg8Qf/clXQEa/M5Ly/GKyCYnbYJjFg273bqhjajOsGdP37dyPhciFx7E7u/7lE MmgvH/UdBucLwtbzYkZXIfpYlQz6y/oZ2z2nvOhplGpYBCcM7kukXyHmq88PVkjN R6MYLiLjVDop6uk2CY6JH7cXiUVtBB6k5A7/g0zFeGiSmC2r1lQGk0vHXGm/MaQc hf04ikXqS+Ec22+iwDopqQ6ntUd3b+WIYk+5HWtAmHLNaBM+5oSQ+35/ENpBzvKq 6D2qT8bWgZwqkzMdFzkzEqUY1pjD/rpSlVOFanx4N1/CMVuz0j3HNzEAWQeilfnu QTYuNZDxv+1cIs2JI4yGiZxjP5JZBw== =P9pE -----END PGP SIGNATURE----- --YJrhiUc4tmIOH28VwYfoXg5Gkv4WGCKzk-- From owner-freebsd-ipfw@freebsd.org Tue Dec 11 16:55:49 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9B3B1337E58 for ; Tue, 11 Dec 2018 16:55:49 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 034FE805A8 for ; Tue, 11 Dec 2018 16:55:42 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBBGtYgE013434; Tue, 11 Dec 2018 17:55:34 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBBGtYxP013433; Tue, 11 Dec 2018 17:55:34 +0100 (CET) (envelope-from cei) Date: Tue, 11 Dec 2018 17:55:34 +0100 From: Claudio Eichenberger To: "Andrey V. Elsukov" Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211165534.GA13363@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> X-Rspamd-Queue-Id: 034FE805A8 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of cei@yourshop.com designates 212.74.185.45 as permitted sender) smtp.mailfrom=cei@yourshop.com X-Spamd-Result: default: False [-0.63 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[yourshop.com]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mail.yourshop.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.32)[-0.320,0]; IP_SCORE(-0.00)[country: CH(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 16:55:50 -0000 I didn't install anything. I applied the patches to this file /usr/src/sbin/ipfw/ipfw2.c compiled the kernel & booted On 2018-12-11 17:22:32, Andrey V. Elsukov wrote: > On 11.12.2018 16:01, Claudio Eichenberger wrote: > > Hello Andrey, > > > > I applied both patches: > > > > > > sigma# diff -u ipfw2.c-000 ipfw2.c > > --- ipfw2.c-000 2018-12-11 13:01:01.370594000 +0100 > > +++ ipfw2.c 2018-12-11 13:04:25.132233000 +0100 > > @@ -1251,7 +1251,8 @@ > > (cmd->o.opcode == O_IP_SRC || cmd->o.opcode == O_IP_DST) ? > > 32 : contigmask((uint8_t *)&(a[1]), 32); > > if (mb == 32 && co.do_resolv) > > - he = gethostbyaddr((char *)&(a[0]), sizeof(u_long), AF_INET); > > + he = gethostbyaddr((char *)&(a[0]), sizeof(in_addr_t), > > + AF_INET); > > if (he != NULL) /* resolved to name */ > > bprintf(bp, "%s", he->h_name); > > else if (mb == 0) /* any */ > > @@ -1492,6 +1493,7 @@ > > bprintf(bp, " %s", pe->p_name); > > else > > bprintf(bp, " %u", cmd->arg1); > > + state->proto = cmd->arg1; > > break; > > case O_MACADDR2: > > print_mac(bp, insntod(cmd, mac)); > > @@ -1963,10 +1965,10 @@ > > struct show_state *state) > > { > > ipfw_insn *cmd; > > - int l, proto, ip4, ip6, tmp; > > + int l, proto, ip4, ip6; > > > > /* Count all O_PROTO, O_IP4, O_IP6 instructions. */ > > - proto = tmp = ip4 = ip6 = 0; > > + proto = ip4 = ip6 = 0; > > for (l = state->rule->act_ofs, cmd = state->rule->cmd; > > l > 0; l -= F_LEN(cmd), cmd += F_LEN(cmd)) { > > switch (cmd->opcode) { > > @@ -2002,18 +2004,13 @@ > > if (cmd == NULL || (cmd->len & F_OR)) > > for (l = proto; l > 0; l--) { > > cmd = print_opcode(bp, fo, state, O_PROTO); > > - if (cmd != NULL && (cmd->len & F_OR) == 0) > > + if (cmd == NULL || (cmd->len & F_OR) == 0) > > break; > > - tmp = cmd->arg1; > > } > > /* Initialize proto, it is used by print_newports() */ > > - if (tmp != 0) > > - state->proto = tmp; > > - else if (ip6 != 0) > > - state->proto = IPPROTO_IPV6; > > - else > > - state->proto = IPPROTO_IP; > > state->flags |= HAVE_PROTO; > > + if (state->proto == 0 && ip6 != 0) > > + state->proto = IPPROTO_IPV6; > > } > > > > static int > > > > > > unfortunately, ipfw -N show still doesn't print the protocols: > > > > 00800 0 0 allow tcp from any to x.x.x.x 443 in recv bce0 > > > Did you reinstall the patched version of ipfw(8)? > > # ipfw add count tcp from any to ya.ru 443 out xmit lagg0 > 00100 count tcp from any to 87.250.250.242 443 out xmit lagg0 > # ipfw -N show 100 > 00100 0 0 count tcp from any to ya.ru https out xmit lagg0 > > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon From owner-freebsd-ipfw@freebsd.org Tue Dec 11 16:59:11 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD50D130A0DC for ; Tue, 11 Dec 2018 16:59:11 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A5644808CC for ; Tue, 11 Dec 2018 16:59:10 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from thor.intern.walstatt.dynvpn.de ([78.55.236.191]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LkTSx-1h2nCO1Gkl-00cT3d; Tue, 11 Dec 2018 17:58:55 +0100 Date: Tue, 11 Dec 2018 17:58:21 +0100 From: "O. Hartmann" To: Claudio Eichenberger Cc: "Andrey V. Elsukov" , freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211175848.6012a32b@thor.intern.walstatt.dynvpn.de> In-Reply-To: <20181211165534.GA13363@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> <20181211165534.GA13363@yourshop.com> Organization: WALSTATT User-Agent: OutScare 3.1415926 X-Operating-System: ImNotAnOperatingSystem 3.141592527 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 X-Provags-ID: V03:K1:zDS02okrNRjG0dGBeBYw6nVgLvXpLtpDutHg8Hj5NGIUzcKK8aP MIFDynhlRALdxeClp7APS8yk3tiYOkj37mW3UyXD1sUVdXRtDpoTKtnQhXHe/iEfyrnp41k c441Vt6f5r1TWIRQbZXGCyNmPS3v1Sk3t+Cekdqty5diMPJ8T6sBRGhVxZZ1Gz+gn9iAMhW w/45jSV3N61KAHdxgpmeg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:zP1NWTkdIg0=:cwJkUGLGUDiOTFJvVP2FIb J+JXN6ptPVFSEpzoKGvk4PRfw3206LLWkCqATaWiwvUQLXIXPihxz6KMhgEyQ/L1FoeFLp7nu UEcpxT0lae/84HmwgMxXECWs/KKWBGwEmQA9Ms9ReGU/49YFJ0VRbj4kPZoA4q7ENcp4ewG5f mmjscf+PB4HKQn2/vwvcWrNgS2F3mAee2mMWtXElCEjOOjh8PUhAIpWq0o1ditZhnXCao1gTJ OTPBPixUw+u3+4PsMX9/5+qCgBXy8xyTKLvok+JvfI7M+spzgkQcv0o9r3fv5B4orstWLUNpy VvxjbkU7et5lV3bKQufaasd5sSqs9al1HYkgpoJG+2LQMKAui69iecVxiUB+LYJprvUA5Synn DAIwXh/5SQVh9RRM7x9lQbcX2SfP6O3XRJlqkzpFOURcjKspWnUuVvF/PLTowQwnqZXYTPdq6 9ZxUCGu4XRgCyz4KT/L1CRHD3V7MNsFbiMz1hXRY9Nf0PE/PM1GXS9oUzN1Xa6m9aDfmBgV+Z qdOrbT7hSy/2MaKZQkyNIKhJyUpOHOqSKBYKDOhOOQY1kPxj1jXEHtTZq6uZH8u78zhfRTUmW WKqNmCwVVpmxB2r0TMJygqySbNEcjhEzZO1lCXP7k/6BeNvoAU+yPrskq0XJvEpwG+TKaSVvM 7Y1pg+tEp4hzskQ7Hu2j26rSb4owcs9GMFkv/Bw7u6DGTpQPIbKx/LzZUsN6B3ZzEHLEaOy1F 8i2RqvnRQUA6RKQTzikOTutfylProlDV+Hb4Y05r5k7syRk+9qfU4I4dhxXwPL1x3L9pctb5X 8uJQA3aTEU5OCrdgoiX/m+jTunmKO1YP4wW+G081CHhuHy6U4KBjkL7x/jRxq6X6VSRpIpPOK eCThXrRV27cgi/OZT8UWvCwg7P32/vTVV1bVwYKUQZBufmc/6Fs7d55cg2+pv7rUaJdwoKkvW wkiQ1Ejne1w== X-Rspamd-Queue-Id: A5644808CC X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-1.05 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; RECEIVED_SPAMHAUS_PBL(0.00)[191.236.55.78.zen.spamhaus.org : 127.0.0.11]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; IP_SCORE(-1.10)[ip: (-4.84), ipnet: 212.227.0.0/16(-0.54), asn: 8560(-0.09), country: DE(-0.01)]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[walstatt.org]; AUTH_NA(1.00)[]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mx00.gmx.net,mx01.gmx.net]; MIME_BASE64_TEXT(0.10)[]; NEURAL_HAM_SHORT(-0.84)[-0.838,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[22.17.227.212.list.dnswl.org : 127.0.3.1]; R_DKIM_NA(0.00)[]; FREEMAIL_CC(0.00)[yandex.ru]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 16:59:11 -0000 LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBNTEyDQoNCkFtIFR1 ZSwgMTEgRGVjIDIwMTggMTc6NTU6MzQgKzAxMDANCkNsYXVkaW8gRWljaGVuYmVyZ2VyIDxjZWlA eW91cnNob3AuY29tPiBzY2hyaWViOg0KDQo+IC91c3Ivc3JjL3NiaW4vaXBmdy9pcGZ3Mi5jIA0K DQpJc24ndCAvdXNyL3NyYy9zYmluLyBhbmQgZmVsbG93cyBzdXBwb3NlZCB0byBpbnN0YWxsIG9u bHkgdmlhICJtYWtlIGluc3RhbGx3b3JsZCI/DQoNCi0gLS0gDQpPLiBIYXJ0bWFubg0KDQpJY2gg d2lkZXJzcHJlY2hlIGRlciBOdXR6dW5nIG9kZXIgw5xiZXJtaXR0bHVuZyBtZWluZXIgRGF0ZW4g ZsO8cg0KV2VyYmV6d2Vja2Ugb2RlciBmw7xyIGRpZSBNYXJrdC0gb2RlciBNZWludW5nc2ZvcnNj aHVuZyAowqcgMjggQWJzLiA0IEJEU0cpLg0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0N Cg0KaUxVRUFSTUtBQjBXSVFRWlZaTXpBdHdDMlQvODZUclM1MjhmeUZoWWxBVUNYQS9zeUFBS0NS RFM1MjhmeUZoWQ0KbEtTVkFnQ2lvQjMraVJXd05valRhN2l2VTdsNmo5QnpWdm9uYmFkajlkY1lR YUJyaW1YMFpaWFNVTTZMQzZSVQ0KQjB4aGJVcTcyM010YjR4WGJmQXNZMFhnOVVPdUFmOVJ4S2s5 RUVpd01tZXEzQXo1ODB3MEprM3h6bURMRy91aw0KUUZieWhsMUxTaEh2WUltaTA0T2VySmpRY2Zn NGNiZWl2WUkwU2R4dXlqcFJ1TlM5K09tcQ0KPTZyWlINCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUt LS0tLQ0K From owner-freebsd-ipfw@freebsd.org Tue Dec 11 16:59:24 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72CFC130A11C for ; Tue, 11 Dec 2018 16:59:24 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101p.mail.yandex.net (forward101p.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 23D54808E9 for ; Tue, 11 Dec 2018 16:59:23 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback20g.mail.yandex.net (mxback20g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:320]) by forward101p.mail.yandex.net (Yandex) with ESMTP id 2DCB832813A1; Tue, 11 Dec 2018 19:59:13 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback20g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id 8jFEzMZbWa-xCOCJqV1; Tue, 11 Dec 2018 19:59:13 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544547553; bh=dR1LzLnNB0Wa+VVuSxJTdXmTgWVEANLzFRKS+q3HKik=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=jMzKgHJ4YW9RyhtOmX7rlGqe7m2kXVEUF01wkFa29jcrsIC0hETkWwmZykaTFscGs Lw/08fSNcmxFElTbF+3hqKWpNx88JXoJrtMxYGtinXHy/NC3N2sfzTVw6fDQEWaRUO DsiNm81RO1cLv7m4YpbzJTC/XiTL+IGfRkC/ig/Y= Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 0l3722HYjl-xCXCq0c9; Tue, 11 Dec 2018 19:59:12 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1544547552; bh=dR1LzLnNB0Wa+VVuSxJTdXmTgWVEANLzFRKS+q3HKik=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=sWHgPXdPOPsL2uVhRYIZX6EsJelr6m1qy4M3y07E/Y/aAULreCBQHnu15osU8ZR22 S5OF0FaiEJyvYvHY4uwdaFI/i8YiIs8l4M7oZ83sz6gNY86DQ5Kpzjo2uEOJDrLjn5 Ud/SqYPl8Rpu9P0CbXwp61T+obARXQdyXUmgqLBI= Subject: Re: ipfw -N show To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> <20181211165534.GA13363@yourshop.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <98bd2566-fefc-15fd-d1f4-7719c273fa44@yandex.ru> Date: Tue, 11 Dec 2018 19:56:46 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <20181211165534.GA13363@yourshop.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5mmj4Zy4VjHukxBoG0GTEnQnOwK3HFmuZ" X-Rspamd-Queue-Id: 23D54808E9 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yandex.ru header.s=mail header.b=jMzKgHJ4; dkim=pass header.d=yandex.ru header.s=mail header.b=sWHgPXdP; dmarc=pass (policy=none) header.from=yandex.ru; spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates 2a02:6b8:0:1472:2741:0:8b7:101 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru X-Spamd-Result: default: False [-5.91 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0:1000::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; MX_GOOD(-0.01)[mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.968,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[1.0.1.0.7.b.8.0.0.0.0.0.1.4.7.2.2.7.4.1.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; IP_SCORE(-1.73)[ipnet: 2a02:6b8::/32(-4.82), asn: 13238(-3.85), country: RU(0.01)]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 16:59:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5mmj4Zy4VjHukxBoG0GTEnQnOwK3HFmuZ Content-Type: multipart/mixed; boundary="cIS1ebgBSGp8wQqLBiTH1mMkuLrukEcp5"; protected-headers="v1" From: "Andrey V. Elsukov" To: Claudio Eichenberger Cc: freebsd-ipfw@freebsd.org Message-ID: <98bd2566-fefc-15fd-d1f4-7719c273fa44@yandex.ru> Subject: Re: ipfw -N show References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> <20181211165534.GA13363@yourshop.com> In-Reply-To: <20181211165534.GA13363@yourshop.com> --cIS1ebgBSGp8wQqLBiTH1mMkuLrukEcp5 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11.12.2018 19:55, Claudio Eichenberger wrote: > I didn't install anything. I applied the patches to this file > /usr/src/sbin/ipfw/ipfw2.c compiled the kernel & booted These patches are not for kernel, you need to rebuild only sbin/ipfw utility. You can do this: # make -C /usr/src/sbin/ipfw all install --=20 WBR, Andrey V. Elsukov --cIS1ebgBSGp8wQqLBiTH1mMkuLrukEcp5-- --5mmj4Zy4VjHukxBoG0GTEnQnOwK3HFmuZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwP7FMACgkQAcXqBBDI oXqU3wgAqjhXXXZMM7fuAHaXKF8nq8ZBQdEaA7/R2vsYYJ6kfA9phFrwoiD42+p3 EN/Xb7pli6zu0AAF9HvSHSUGWyXsG1xEDbwr01gCfFx7AMlcgddwFNTTWGI5YPqt gjqQ/Q+Ar1I3cpE07CV5ZZqRMsdlTEJld7tJ77fC96OyQwDAQrsDKcqVcUD+TcXx MaK9AlfKE08gcm7DA9YKUrBOGSjA/RgOhx/PBjxzJbb7ACWSqoQMF+sCVTwkzwvh AaqUGAarwRY8lZPXnUZoQdifbUmi6hHInQPf7SvPC55g0w4kFErTBI7RCUrJIhAO hsCeVeXXFVo2eWaTS6j+DbD6PyJ9Nw== =YmIS -----END PGP SIGNATURE----- --5mmj4Zy4VjHukxBoG0GTEnQnOwK3HFmuZ-- From owner-freebsd-ipfw@freebsd.org Tue Dec 11 17:22:37 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 52DD8130B564 for ; Tue, 11 Dec 2018 17:22:37 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from gamma.yourshop.com (gamma.yourshop.com [212.74.185.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6D90781DDC for ; Tue, 11 Dec 2018 17:22:36 +0000 (UTC) (envelope-from cei@yourshop.com) Received: from yourshop.com (localhost [127.0.0.1]) by gamma.yourshop.com (8.15.2/8.15.2) with ESMTP id wBBHMYAu013731; Tue, 11 Dec 2018 18:22:34 +0100 (CET) (envelope-from cei@yourshop.com) Received: (from cei@localhost) by yourshop.com (8.15.2/8.15.2/Submit) id wBBHMY4W013730; Tue, 11 Dec 2018 18:22:34 +0100 (CET) (envelope-from cei) Date: Tue, 11 Dec 2018 18:22:34 +0100 From: Claudio Eichenberger To: "Andrey V. Elsukov" Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw -N show Message-ID: <20181211172234.GA13642@yourshop.com> References: <20181210142701.GA12120@yourshop.com> <828f1634-9e9e-a6ef-4d7d-abcf071d89a7@yandex.ru> <20181211130145.GC4820@yourshop.com> <396f3a36-9108-1a97-76de-7de6931fb984@yandex.ru> <20181211165534.GA13363@yourshop.com> <98bd2566-fefc-15fd-d1f4-7719c273fa44@yandex.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <98bd2566-fefc-15fd-d1f4-7719c273fa44@yandex.ru> X-Rspamd-Queue-Id: 6D90781DDC X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of cei@yourshop.com designates 212.74.185.45 as permitted sender) smtp.mailfrom=cei@yourshop.com X-Spamd-Result: default: False [-0.78 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.74.185.45]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[yourshop.com]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mail.yourshop.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.46)[-0.461,0]; IP_SCORE(-0.00)[country: CH(-0.02)]; FREEMAIL_TO(0.00)[yandex.ru]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12651, ipnet:212.74.128.0/18, country:CH]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 17:22:37 -0000 Hello Andrey, Many many thanks. This solved the problem. Your fix does more than did the -N flag in the past. Even the IP Address gets transformed to domain name! 00600 58 2404 allow tcp from any to yourshop.com http in recv bce0 00700 48 15788 allow tcp from yourshop.com http to any out xmit bce0 Claudio On 2018-12-11 19:56:46, Andrey V. Elsukov wrote: > On 11.12.2018 19:55, Claudio Eichenberger wrote: > > I didn't install anything. I applied the patches to this file > > /usr/src/sbin/ipfw/ipfw2.c compiled the kernel & booted > > These patches are not for kernel, you need to rebuild only sbin/ipfw > utility. > You can do this: > > # make -C /usr/src/sbin/ipfw all install > > -- > WBR, Andrey V. Elsukov > -- Tel +41 21 67 17 111 mailto:cei@yourshop.com https://YourShop.com "But Israel will be saved by the LORD with an everlasting salvation; you will never be put to shame or disgraced, to ages everlasting." -- Isaiah 45:17 https://www.youtube.com/DannyAyalon From owner-freebsd-ipfw@freebsd.org Fri Dec 14 05:44:16 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30C0F13168D9 for ; Fri, 14 Dec 2018 05:44:16 +0000 (UTC) (envelope-from furiopru@tin.it) Received: from vsmtpvtin2.tin.it (vsmtpvtin2.tin.it [212.216.176.110]) by mx1.freebsd.org (Postfix) with ESMTP id 9DE058CC86 for ; Fri, 14 Dec 2018 05:44:15 +0000 (UTC) (envelope-from furiopru@tin.it) Received: from mail.tin.it (14.231.141.191) by vsmtpvtin2.tin.it (8.6.060.43) (authenticated as furiopru@tin.it) id 5C0CC55B006DA9E2 for freebsd-ipfw@freebsd.org; Fri, 14 Dec 2018 06:20:15 +0100 To: "freebsd ipfw" From: raffaele.delorenzo Subject: Ciao! Message-ID: <86BE617F-9396-4B19-BEE7-C6322321948F@tin.it> Date: Thu, 13 Dec 2018 22:20:47 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Rspamd-Queue-Id: 9DE058CC86 X-Spamd-Bar: +++++++++++ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of furiopru@tin.it designates 212.216.176.110 as permitted sender) smtp.mailfrom=furiopru@tin.it X-Spamd-Result: default: False [11.75 / 15.00]; R_SPF_ALLOW(0.00)[+ip4:212.216.176.0/24]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: smtp.tin.it]; SUBJECT_ENDS_EXCLAIM(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; RECEIVED_SPAMHAUS_PBL(0.00)[191.141.231.14.zen.spamhaus.org : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:3269, ipnet:212.216.0.0/16, country:IT]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RSPAMD_URIBL(4.50)[slowpok.com]; RECEIVED_SPAMHAUS_XBL(3.00)[191.141.231.14.zen.spamhaus.org : 127.0.0.4]; FORGED_MUA_THUNDERBIRD_MSGID_UNKNOWN(2.50)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.85)[0.853,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[tin.it]; NEURAL_SPAM_MEDIUM(1.00)[1.000,0]; RCPT_COUNT_ONE(0.00)[1]; BAD_REP_POLICIES(0.10)[]; IP_SCORE(-0.19)[ipnet: 212.216.0.0/16(-1.04), asn: 3269(0.01), country: IT(0.09)]; RCVD_IN_DNSWL_NONE(0.00)[110.176.216.212.list.dnswl.org : 127.0.5.0]; RWL_MAILSPIKE_POSSIBLE(0.00)[110.176.216.212.rep.mailspike.net : 127.0.0.17]; RCVD_COUNT_TWO(0.00)[2]; GREYLIST(0.00)[pass,body] X-Spam: Yes X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2018 05:44:16 -0000 Ciao! https://slowpok.com