Re: kern/113388: [ipfw] [patch] Addition actions with rules within specified set's
Synopsis: [ipfw] [patch] Addition actions with rules within specified set's State-Changed-From-To: patched->closed State-Changed-By: gavin State-Changed-When: Tue Jul 20 13:00:21 UTC 2010 State-Changed-Why: This is in 7.0 and up, and is unlikely to ever be merged back to 6.x now. Close. http://www.freebsd.org/cgi/query-pr.cgi?pr=113388 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: bin/83046: ipfw2 error: "setup" is allowed for icmp, but shouldn't be
Old Synopsis: ipfw2 error New Synopsis: ipfw2 error: "setup" is allowed for icmp, but shouldn't be Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Sat Mar 20 14:36:50 UTC 2010 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=83046 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: bin/115172: [patch] ipfw(8) list show some rules with a wrong format
The following reply was made to PR bin/115172; it has been noted by GNATS. From: Gavin Atkinson To: bug-follo...@freebsd.org Cc: Subject: Re: bin/115172: [patch] ipfw(8) list show some rules with a wrong format Date: Fri, 1 Jan 2010 19:59:32 + (GMT) This is still an issue with HEAD. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: kern/115755: [ipfw] [patch] unify message and add a rule number where limit was reached
Synopsis: [ipfw] [patch] unify message and add a rule number where limit was reached State-Changed-From-To: patched->closed State-Changed-By: gavin State-Changed-When: Sun Nov 8 15:33:49 UTC 2009 State-Changed-Why: I can't see this ever being merged to 6.x now as it changes the format of the log file. http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth
Old Synopsis: ipfw pipe New Synopsis: [ipfw] "ipfw pipe" not limiting bandwidth Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Wed Oct 14 20:17:06 UTC 2009 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=139581 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: kern/131817: ipfw blocks layer2 packets that should not be blocked
Synopsis: ipfw blocks layer2 packets that should not be blocked Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Wed Feb 18 21:01:17 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). To submitter: FWIW, I agree that this does seem like incorrect behaviour. I usually work around it with the following additional rule: ipfw add 10 allow ip from any to any layer2 mac-type arp http://www.freebsd.org/cgi/query-pr.cgi?pr=131817 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: kern/131558: [ipfw] Inconsistent "via" ipfw behavior
Old Synopsis: Inconsistent "via" ipfw behavior New Synopsis: [ipfw] Inconsistent "via" ipfw behavior Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Tue Feb 10 13:44:03 UTC 2009 Responsible-Changed-Why: Over to maintainer(s). I get the feeling this may be a kernel bug rather than a userspace bug, reclassify. http://www.freebsd.org/cgi/query-pr.cgi?pr=131558 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: kern/115755: [ipfw][patch] unify message and add a rule number where limit was reached
The following reply was made to PR kern/115755; it has been noted by GNATS. From: Gavin Atkinson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Subject: Re: kern/115755: [ipfw][patch] unify message and add a rule number where limit was reached Date: Fri, 06 Jun 2008 13:04:12 +0100 This has not yet been MFC'd to RELENG_6. However, I'm not sure it can be, as it does change the format of a logged message, so may be unsuitable to merge to a STABLE branch. Opinions? Please close if it can't be merged. Gavin ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern/123174: [ipfw] table add value lists as ip/uint16 instead of uint32.
Old Synopsis: ipfw table add value lists as ip/uint16 instead of uint32. New Synopsis: [ipfw] table add value lists as ip/uint16 instead of uint32. Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Mon Apr 28 19:10:46 UTC 2008 Responsible-Changed-Why: Over to maintainers http://www.freebsd.org/cgi/query-pr.cgi?pr=123174 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: conf/123119: [patch] rc script for ipfw does not handle IPv6
Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: feedback->open State-Changed-By: gavin State-Changed-When: Mon Apr 28 12:11:36 UTC 2008 State-Changed-Why: Response received from submitter: Forwarded Message From: Kevin Oberman <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], freebsd-ipfw@FreeBSD.org Date: Sun, 27 Apr 2008 14:40:02 -0700 > To submitter: as far as I can tell, starting and stopping the IPv6 > firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason > why you believe this is broken? ip6fw was added to the system back with V5.0 days (not fun days for FreeBSD) when ipfw was two separate modules, one for IPv4 and another for IPv6. makonnen wrote the required script for the IPv6 module back in 2002 and it has lived on with mostly small fixes to deal with changes in the startup scripts. Back in 2006, ipfw was re-worked to make it dual stack and it now is a single module with a single management CLI, ipfw(8) and rules for IPv4 and IPv6 can all be included in a single configuration file. It really makes no sense to have two very similar startup scripts, one with a fairly non-intuitive name, for a single function. It continues the approach that IPv6 is to be treated as something separate and not an integrated part of the OS and I see no real purpose served by the separation. Now that I have looked at ip6fw, I can see that the fix I recommended is not adequate, although it will prevent the problem I ran into when I thought I was stopping all of ipfw, only to find that I was still blocked from the system (except via the console). In my spare time (translate that to "it may take a while"), I'll look at a merge of the two rc scripts so that those with separate configuration files won't find things broken. (I suspect that there are not too many of those, but their firewalls really need to be preserved.) It looks simple on the surface, but I suspect there are a few corner cases that might be a bit tricky. I may even be able to come up with a solution to NDP (the IPv6 http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: conf/123119: [patch] rc script for ipfw does not handle IPv6
Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: open->feedback State-Changed-By: gavin State-Changed-When: Sun Apr 27 11:35:43 UTC 2008 State-Changed-Why: To submitter: as far as I can tell, starting and stopping the IPv6 firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason why you believe this is broken? http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: bin/50749: [ipfw] [patch] ipfw2 incorrectly parses ports and port ranges
Synopsis: [ipfw] [patch] ipfw2 incorrectly parses ports and port ranges State-Changed-From-To: open->closed State-Changed-By: gavin State-Changed-When: Thu Jan 31 15:59:12 UTC 2008 State-Changed-Why: Submitter confirms this can be closed http://www.freebsd.org/cgi/query-pr.cgi?pr=50749 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"