>Number: 169620
>Category: kern
>Synopsis: ng_l2tp incomming packet bypass pf firewall
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 03 01:50:08 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: HASHI Hiroaki
>Release: FreeBSD 8.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD tomba.meridiani.jp 8.3-STABLE FreeBSD 8.3-STABLE #33: Mon Jul 2
01:44:40 JST 2012 has...@stenmark.meridiani.jp:/usr/obj/usr/src/sys/TOMBA i386
l2tp daemon: net/mpd5
>Description:
PF firewall does not examine incomming packet on ng_l2tp interface.
ng_pppoe : examine.
ng_l2tp : not examine.
>How-To-Repeat:
Setup l2tp tunnel using net/mpd5.
Connect from client.
Write block PF rule on l2tp netgraph interface.
block in quick on ngX inet from any to any
pass out quick on ngX inet from any to any
PF through the packets. Block rule not evalute.
sudo pfctl -vvs -s Interfaces -i ngX
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
