From richard@ns.gohome.net  Tue Sep 16 14:56:01 2003
Return-Path: <richard@ns.gohome.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 52AB316A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Sep 2003 14:56:01 -0700 (PDT)
Received: from ns.gohome.net (ns.gohome.net [216.239.171.5])
	by mx1.FreeBSD.org (Postfix) with SMTP id B9BE143FD7
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Sep 2003 14:56:00 -0700 (PDT)
	(envelope-from richard@ns.gohome.net)
Received: (qmail 12076 invoked by uid 0); 16 Sep 2003 21:55:59 -0000
Message-Id: <20030916215559.12075.qmail@ns.gohome.net>
Date: 16 Sep 2003 21:55:59 -0000
From: Richard Roderick <richard@gohome.net>
Reply-To: Richard Roderick <richard@gohome.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject:
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         56934
>Category:       conf
>Synopsis:       [patch] rc.firewall rules for natd expect an interface, but it can be an address
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-rc
>State:          feedback
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 16 15:00:35 PDT 2003
>Closed-Date:    
>Last-Modified:  Sat Oct 27 16:16:13 UTC 2012
>Originator:     Richard Roderick
>Release:        FreeBSD 4.8-RELEASE-p3 i386
>Organization:
>Environment:
 System: FreeBSD ns.gohome.net 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #1: Mon Sep 8 23:25:44 PDT 2003 richard@ns.gohome.net:/data/freebsd/obj/data/freebsd/src/sys/NSSMP i386
 
>Description:
 	rc.firewall does not check whether natd_interface is an address when setting up rules for natd.  Not all cases of natd can be dealt with since natd.conf can contain more address, but this seems like a reasonable change.
 
>How-To-Repeat:

>Fix:
 
 My change to OPEN is questionable, but I don't use the open firewall rule so I just put something in.
 My change to SIMPLE is based on the user entered values for oif, inet, and imask. My fw is based on SIMPLE and I have tested it to see that it works.
 
 --- rc.firewall.orig    Tue Sep 16 14:49:31 2003
 +++ rc.firewall Tue Sep 16 14:46:27 2003
 @@ -121,7 +121,13 @@
         case ${natd_enable} in
         [Yy][Ee][Ss])
                 if [ -n "${natd_interface}" ]; then
 -                       ${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
 +                       if echo ${natd_interface} | \ 
 +                               grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
 +                               ${fwcmd} add 50 divert natd all from any to ${natd_interface} in
 +                               ${fwcmd} add 50 divert natd all from not ${natd_interface} to any out
 +                       else
 +                               ${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
 +                       fi
                 fi
                 ;;
         esac
 @@ -236,7 +242,13 @@
         case ${natd_enable} in
         [Yy][Ee][Ss])
                 if [ -n "${natd_interface}" ]; then
 -                       ${fwcmd} add divert natd all from any to any via ${natd_interface}
 +                       if echo ${natd_interface} | \ 
 +                               grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
 +                               ${fwcmd} add divert natd all from any to ${natd_interface} in via ${oif}
 +                               ${fwcmd} add divert natd all from ${inet}:${imask} to any out via ${oif}
 +                       else
 +                               ${fwcmd} add divert natd all from any to any via ${natd_interface}
 +                       fi
                 fi
                 ;;
         esac

>Release-Note:
>Audit-Trail:
Class-Changed-From-To: sw-bug->change-request 
Class-Changed-By: ceri 
Class-Changed-When: Thu Sep 18 11:23:20 PDT 2003 
Class-Changed-Why:  
This is a change-request (according to the original submission). 


Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: ceri 
Responsible-Changed-When: Thu Sep 18 11:23:20 PDT 2003 
Responsible-Changed-Why:  
Reassign misfiled PR. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56934 
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Jan 14 01:09:10 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56934 
State-Changed-From-To: open->feedback 
State-Changed-By: crees 
State-Changed-When: Sat Oct 27 16:16:12 UTC 2012 
State-Changed-Why:  
I'm not convinced that this is an actual problem-- are you saying that 
the value of natd_interface isn't checked for sanity?  For the sake of 
speed it's better to assume that the correct values are put into 
rc.conf, but is there a disastrous side effect that I'm missing if the 
value is incorrect? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56934 
>Unformatted:
