FreeBSD11 ipfw sets.

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

FreeBSD11 ipfw sets.

damian@damianek.be
Hello

I have strange behavior using ipfw set's on FreeBSD11.

Working fine on 10.3-STABLE amd64 amd64 1003514 - customkernel with
options IPFIREWALL_VERBOSE
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL

:~# ipfw add 9999 count tcp from any to any 22
09999 count tcp from any to any dst-port 22
:~# ipfw show 9999
09999          42           3184 count tcp from any to any dst-port 22
:~# ipfw set move rule 9999 to 2
:~# ipfw -S set 2 show
# DISABLED 09999 93 7036 set 2 count tcp from any to any dst-port 22
:~# ipfw set 2 delete 9999


Now same on 11.1-RELEASE-p4 amd64 amd64 1101001 - generic kernel
with ipfw_load="YES" in /boot/loader.conf

:~ # ipfw add 9999 count tcp from any to any 22
09999 count tcp from any to any dst-port 22
:~ # ipfw show 9999
09999     19      1720 count tcp from any to any dst-port 22
:~ # ipfw set move rule 9999 to 2
:~ # ipfw -S set 2 show
:~ # ipfw set 2 delete 9999
ipfw: rule 9999 not found
~ # ipfw delete 9999

I'm doing some wrong, or bug?



-- dsk
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD11 ipfw sets.

Andrey V. Elsukov
On 13.02.2018 14:14, [hidden email] wrote:

> Now same on 11.1-RELEASE-p4 amd64 amd64 1101001 - generic kernel
> with ipfw_load="YES" in /boot/loader.conf
>
> :~ # ipfw add 9999 count tcp from any to any 22
> 09999 count tcp from any to any dst-port 22
> :~ # ipfw show 9999
> 09999     19      1720 count tcp from any to any dst-port 22
> :~ # ipfw set move rule 9999 to 2
> :~ # ipfw -S set 2 show
> :~ # ipfw set 2 delete 9999
> ipfw: rule 9999 not found
> ~ # ipfw delete 9999
>
> I'm doing some wrong, or bug?
Hi,

I think this should be fixed in freebsd11-stable.

        https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224555

--
WBR, Andrey V. Elsukov


signature.asc (565 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD11 ipfw sets.

damian@damianek.be
2018-02-13 13:35 GMT+01:00 Andrey V. Elsukov <[hidden email]>:

> On 13.02.2018 14:14, [hidden email] wrote:
> > Now same on 11.1-RELEASE-p4 amd64 amd64 1101001 - generic kernel
> > with ipfw_load="YES" in /boot/loader.conf
> >
> > :~ # ipfw add 9999 count tcp from any to any 22
> > 09999 count tcp from any to any dst-port 22
> > :~ # ipfw show 9999
> > 09999     19      1720 count tcp from any to any dst-port 22
> > :~ # ipfw set move rule 9999 to 2
> > :~ # ipfw -S set 2 show
> > :~ # ipfw set 2 delete 9999
> > ipfw: rule 9999 not found
> > ~ # ipfw delete 9999
> >
> > I'm doing some wrong, or bug?
>
> Hi,
>
> I think this should be fixed in freebsd11-stable.
>
>         https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224555


Thank you.


-- dsk
[hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[hidden email]"