IPFW2 layer2 support broken.
Gary Allan
dragonfly at gallan.plus.com
Sat Jan 8 12:04:49 PST 2005
IPFW2 appears to be broken with respect to filtering layer2 traffic.
When active all incoming packets are dropped.
The logging shows incoming packets being accepted at layer2 but then not
appearing at layer3. Locally generated outgoing packets are processed by
IPFW2 at layer3 and layer2 and do successfully exit the router. (The
resulting incoming traffic is then dropped.)
This is similar to the problem I am experiencing with certain TCP
connections via divert sockets in that the packets vanish after being
processed and accepted by IPFW2.
System Settings
[ Desktop ] -------- [ DragonFly ]
192.168.50.20 192.168.50.1
/etc/make.conf
IPFW2= true
Kernel options
options IPFW2
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=50
options RANDOM_IP_ID
sysctls
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 0
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 50
net.link.ether.ipfw=1
ipfw rules
00100 4 240 allow log ip from any to any layer2
00200 0 0 allow log ip from any to any
65535 0 0 allow ip from any to any
logs
itx kernel: ipfw: 100 Accept ICMP:8.0 192.168.50.20 192.168.50.1 in
via vr0
itx last message repeated 6 times
Regards
G.Allan
More information about the Bugs
mailing list