Bug 35939
| Summary: | ipfw(8) needs explicit statement about non-IP packets | ||
|---|---|---|---|
| Product: | Documentation | Reporter: | Gary W. Swearingen <swear> |
| Component: | Books & Articles | Assignee: | freebsd-doc (Nobody) <doc> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Latest | ||
| Hardware: | Any | ||
| OS: | Any | ||
State Changed From-To: open->closed no more relevant, the ipfw manpage now explains clearly which packets are analysed by ipfw and where. |
It would be helpful if ipfw explicitly stated the handling of non-IP packets instead of just implying it by saying that ipfw(8) scans for incoming and outgoing IP packets. The implication is easily missed. Apparently, this has been a source of confusion, especially given the changing nature of the handling of non-IP packets. ================ Fix: In the "Description" section, in the second paragraph, after the first sentence, insert this sentence: (Non-IP packets, e.g., ARP or IPX, are not seen by ipfw(8) at all and so may be considered to be always passed by this firewall.) From my brief conversation with Joost Bekkers I understand that this has not always been the behavior and will not be when he's done, but that's the way it is now, as confirmed by the bridge(8) page. How-To-Repeat: n/a ================