Bug 222953
| Summary: | ipfw fwd tablearg & ipfw -q bugs | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | bugs.freebsd.org | ||||||
| Component: | kern | Assignee: | Andrey V. Elsukov <ae> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | abuse, ae, bugs.freebsd.org | ||||||
| Priority: | --- | ||||||||
| Version: | 11.1-RELEASE | ||||||||
| Hardware: | amd64 | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Created attachment 187126 [details]
Proposed patch for fwd tablearg,port
Can you test this patch? You need to rebuild the ipfw kernel module, or the kernel if IPFIREWALL is build in.
Created attachment 187127 [details]
Proposed patch for ipfw(8)
I have added this corrections to files but how to compile? (In reply to bugs.freebsd.org from comment #3) > I have added this corrections to files but how to compile? You can run these commands: cd /usr/src make -C sys/modules/ipfw make -C sbin/ipfw Then you can unload the unchanged ipfw.ko module and load changed one: kldunload ipfw make -C sys/modules/ipfw load new ipfw(8) binary can be in the sbin/ipfw directory, or if you have builded world in /usr/obj/. thanks! it's working now. ipfw -q table 22 delete 1.2.3.4 ; echo $? 0 and fwd also ok. A commit references this bug: Author: ae Date: Fri Oct 13 11:01:33 UTC 2017 New revision: 324592 URL: https://svnweb.freebsd.org/changeset/base/324592 Log: Return 'errno' value from the table_do_modify_record(), it is expected by table_modify_record(). This makes quiet operations with tables really quiet. PR: 222953 MFC after: 1 week Changes: head/sbin/ipfw/tables.c A commit references this bug: Author: ae Date: Fri Oct 13 11:11:54 UTC 2017 New revision: 324593 URL: https://svnweb.freebsd.org/changeset/base/324593 Log: Fix regression in handling O_FORWARD_IP opcode after r279948. To properly handle 'fwd tablearg,port' opcode, copy sin_port value from sockaddr_in structure stored in the opcode into corresponding hopstore field. PR: 222953 MFC after: 1 week Changes: head/sys/netpfil/ipfw/ip_fw2.c A commit references this bug: Author: ae Date: Fri Oct 20 07:40:12 UTC 2017 New revision: 324790 URL: https://svnweb.freebsd.org/changeset/base/324790 Log: MFC r324593: Fix regression in handling O_FORWARD_IP opcode after r279948. To properly handle 'fwd tablearg,port' opcode, copy sin_port value from sockaddr_in structure stored in the opcode into corresponding hopstore field. PR: 222953 Changes: _U stable/11/ stable/11/sys/netpfil/ipfw/ip_fw2.c A commit references this bug: Author: ae Date: Fri Oct 20 07:42:00 UTC 2017 New revision: 324791 URL: https://svnweb.freebsd.org/changeset/base/324791 Log: MFC r324592: Return 'errno' value from the table_do_modify_record(), it is expected by table_modify_record(). This makes quiet operations with tables really quiet. PR: 222953 Changes: _U stable/11/ stable/11/sbin/ipfw/tables.c Fixed in head/ and stable/11. Thanks! *** Bug 223177 has been marked as a duplicate of this bug. *** |
172.18.201.* - are all on localhost. fwd tablearg,8004 tcp from table(5) to any dst-port 80,8000,8080 > ipfw table 5 list --- table(5), set(0) --- 172.19.0.0/24 172.18.201.2 172.19.0.0/16 172.18.201.1 172.19.2.0/32 172.18.201.5 It's not working on FreeBSD 11.1, while ok on 10.3. By the way, fwd 172.18.201.5,8004 tcp from table(5) to any dst-port 80,8000,8080 is ok. on FreeBSD 11.1 ipfw -q table 22 delete 1.2.3.4 ; echo $? notfound: 1.2.3.4/32 0 ipfw: Deleting record failed: record not found 71 on FreeBSD 10.3 ipfw -q table 22 delete 1.2.3.4 ; echo $? 0