For example, on 12.2 > ipfw add 7110 fwd tablearg,8000 tcp from 'table(5)' to any dst-port 80,8000,8080 ; echo $? ipfw: 65 > ipfw show 7110 ipfw: rule 7110 does not exist > ipfw add 7110 fwd 172.19.1.6,8000 tcp from 'table(5)' to any dst-port 80,8000,8080 ; echo $? 07110 fwd 172.19.1.6,8000 tcp from table(5) to any 80,8000,8080 0 > ipfw show 7110 07110 0 0 fwd 172.19.1.6,8000 tcp from table(5) to any 80,8000,8080 on 11.4 > ipfw add 7110 fwd tablearg,8000 tcp from 'table(5)' to any dst-port 80,8000,8080 ; echo $? 07110 fwd tablearg,8000 tcp from table(5) to any 80,8000,8080 0
FreeBSD 12.2p1 fixes an erratum that looks similar to this one. Are you able to reproduce this problem after updating?
yes. on 12.2-p1 > uname -a FreeBSD localhost 12.2-RELEASE-p1 FreeBSD 12.2-RELEASE-p1 GENERIC amd64 > ipfw add 7110 fwd tablearg,8000 tcp from 'table(5)' to any dst-port 80,8000,8080 ; echo $? ipfw: 65 > ipfw show 7110 ipfw: rule 7110 does not exist
That's a parsing problem. # ipfw add 7110 fwd 0.0.0.0,8000 tcp from 'table(5)' to any dst-port 80,8000,8080 07110 fwd tablearg,8000 tcp from table(5) to any 80,8000,8080 # ipfw add 7110 fwd tablearg tcp from 'table(5)' to any dst-port 80,8000,8080 07110 fwd tablearg tcp from table(5) to any 80,8000,8080 Probably this case was never tested well, because the port is only used when the forward address is a locally bounded one. (According to the man page.) Thank you for notifying this.
Please test this patch: https://reviews.freebsd.org/D30164 As a workaround you may replace "tablearg" by "0.0.0.0" until the code hit your system train.
I have applied the patch and it seems to be ok. But also workaround works well. )) Thanx!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=6cb13813caa09305046e0cecad8bba3ae2287b0d commit 6cb13813caa09305046e0cecad8bba3ae2287b0d Author: Lutz Donnerhacke <donner@FreeBSD.org> AuthorDate: 2021-05-07 18:59:34 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-08 20:52:17 +0000 sbin/ipfw: Fix parsing error in table based forward The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. PR: 252744 MFC: 1 week Reported by: <bugs.freebsd.org@mx.zzux.com> Approved by: nc Tested by: <bugs.freebsd.org@mx.zzux.com> Differential Revision: https://reviews.freebsd.org/D30164 sbin/ipfw/ipfw2.c | 87 +++++++++++++++++++++++++++---------------------------- 1 file changed, 42 insertions(+), 45 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7200fdb9da3ac04ef8e577c947969a0ba8d69128 commit 7200fdb9da3ac04ef8e577c947969a0ba8d69128 Author: Lutz Donnerhacke <donner@FreeBSD.org> AuthorDate: 2021-05-07 18:59:34 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-18 06:10:00 +0000 sbin/ipfw: Fix parsing error in table based forward The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. Includes the fix from D30208. PR: 252744 Reported by: <bugs.freebsd.org@mx.zzux.com> Approved by: nc Tested by: <bugs.freebsd.org@mx.zzux.com> Differential Revision: https://reviews.freebsd.org/D30164 (cherry picked from commit 6cb13813caa09305046e0cecad8bba3ae2287b0d) (cherry picked from commit f6f297871d469daf808f78faead8f950a2c81e36) sbin/ipfw/ipfw2.c | 88 +++++++++++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 45 deletions(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=8addaaa5fb864190882dfcf1a1ad3d7af802dd35 commit 8addaaa5fb864190882dfcf1a1ad3d7af802dd35 Author: Lutz Donnerhacke <donner@FreeBSD.org> AuthorDate: 2021-05-07 18:59:34 +0000 Commit: Lutz Donnerhacke <donner@FreeBSD.org> CommitDate: 2021-05-18 06:14:25 +0000 sbin/ipfw: Fix parsing error in table based forward The argument parser does not recognise the optional port for an "tablearg" argument. Fix simplifies the code by make the internal representation expicit for the parser. Includes the fix from D30208. PR: 252744 Reported by: <bugs.freebsd.org@mx.zzux.com> Approved by: nc Tested by: <bugs.freebsd.org@mx.zzux.com> Differential Revision: https://reviews.freebsd.org/D30164 (cherry picked from commit 6cb13813caa09305046e0cecad8bba3ae2287b0d) (cherry picked from commit f6f297871d469daf808f78faead8f950a2c81e36) sbin/ipfw/ipfw2.c | 88 +++++++++++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 45 deletions(-)