From owner-freebsd-current@FreeBSD.ORG  Tue Jun 10 21:21:45 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9750A37B401
	for <current@freebsd.org>; Tue, 10 Jun 2003 21:21:45 -0700 (PDT)
Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com
	[209.69.98.4])	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F58343FAF
	for <current@freebsd.org>; Tue, 10 Jun 2003 21:21:43 -0700 (PDT)
	(envelope-from andy@siliconlandmark.com)
Received: from alpha.siliconlandmark.com (localhost [127.0.0.1])
	h5B4LdAQ096782
	for <current@freebsd.org>; Wed, 11 Jun 2003 00:21:39 -0400 (EDT)
	(envelope-from andy@siliconlandmark.com)
Received: from localhost (andy@localhost)h5B4LcVk096779
	for <current@freebsd.org>; Wed, 11 Jun 2003 00:21:38 -0400 (EDT)
	(envelope-from andy@siliconlandmark.com)
X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing
	-bs
Date: Wed, 11 Jun 2003 00:21:37 -0400 (EDT)
From: Andre Guibert de Bruet <andy@siliconlandmark.com>
To: current@freebsd.org
Message-ID: <20030611001220.X56112@alpha.siliconlandmark.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: ipfw's "me" keyword
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jun 2003 04:21:45 -0000

Hi,

I've been fooling around a bit with IPFW2 and I came across interesting
behavior with regards to the "me" keyword. It appears as if smb broadcasts
(UDP 137,138) do not get matched when denying packets with a rule similar
to the following:
deny udp from 192.168.1.0/24 to me dst-port 137,138

I have a rule right after the one above which logs and I'm getting the
following in my syslog:
Jun 11 00:16:04 bling kernel: ipfw: 65530 Reject UDP 192.168.1.40:138 192.168.1.255:138 in via dc0

Now I realize that the broadcast address doesn't match the network card's
IP address, which is why the packet isn't getting matched. But do we
really want this behavior? Don't broadcasts affect all machines on the
subnet and therefore qualify for "me" matching?

Thanks for any insight.

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >