Date: Wed, 18 Feb 2009 22:10:26 +0700 (KRAT) From: Eugene Grosbein <eugen@grosbein.pp.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/131817: ipfw blocks layer2 packets that should not be blocked Message-ID: <200902181510.n1IFAQGj001547@grosbein.pp.ru> Resent-Message-ID: <200902181550.n1IFo1O7036575@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 131817 >Category: kern >Synopsis: ipfw blocks layer2 packets that should not be blocked >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 18 15:50:00 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Eugene Grosbein >Release: FreeBSD 7.1-STABLE i386 >Organization: Svyaz-Service >Environment: System: FreeBSD grosbein.pp.ru 7.1-STABLE FreeBSD 7.1-STABLE #13: Tue Feb 17 20:11:39 KRAT 2009 eu@grosbein.pp.ru:/usr/local/obj/usr/local/src/sys/DADV i386 >Description: The rule: ipfw add 1000 deny ip from any to any out recv fxp0 xmit fxp0 blocks outgoing ARP replys on the interface fxp0 if sysctl net.link.ether.ipfw is set to 1. ARP reply is not transit packet received from fxp0 and must not be blocked in this case. This is serious bug and it exists in ipfw2 since RELENG_4. >How-To-Repeat: See above. >Fix: Unknown. Eugene Grosbein >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902181510.n1IFAQGj001547>