On Thu, 28 Aug 2003, 23:01+0300, Petri Helenius wrote:
ipfw seems to have developed a bug lately on 5-CURRENT; # ipfw add 2042 allow tcp from 0.0.0.0/0 to me 42 02042 allow tcp from me to me dst-port 42
It used to work that 0.0.0.0/0 was "any" instead of "me". Last I checked
the notation is also widely used in networking gear for default route which
is a "catch any" definition.
Known ipfw2 bug. Try this:
It works, please press the big red COMMIT button!
# ipfw add 2043 allow tcp from 0.0.0.0/0 to me dst-port 42 02043 allow tcp from any to me dst-port 42
Thanks,
Pete
Index: ipfw2.c =================================================================== RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v retrieving revision 1.38 diff -u -r1.38 ipfw2.c --- ipfw2.c 21 Jul 2003 09:56:05 -0000 1.38 +++ ipfw2.c 28 Jul 2003 15:51:26 -0000 @@ -2046,7 +2046,7 @@ errx(EX_DATAERR, "not any never matches"); } /* else do nothing and skip this entry */ - continue; + return; } /* A single IP can be stored in an optimized format */ if (d[1] == IP_MASK_ALL && av == NULL && len == 0) { %%%
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
