From nobody  Tue Mar 25 13:32:55 1997
Received: (from nobody@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id NAA11008;
          Tue, 25 Mar 1997 13:32:55 -0800 (PST)
Message-Id: <199703252132.NAA11008@freefall.freebsd.org>
Date: Tue, 25 Mar 1997 13:32:55 -0800 (PST)
From: spatula@gulf.net
To: freebsd-gnats-submit@freebsd.org
Subject: IPFW panics upon denying a packet
X-Send-Pr-Version: www-1.0

>Number:         3100
>Category:       kern
>Synopsis:       IPFW panics upon denying a packet
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 25 13:40:03 PST 1997
>Closed-Date:    Mon May 5 19:13:00 PDT 1997
>Last-Modified:  Mon May  5 19:15:23 PDT 1997
>Originator:     Nick Johnson
>Release:        2.2-RELEASE
>Organization:
Gulf Coast Internet Company
>Environment:
FreeBSD blowfish.office.gulf.net 2.2-RELEASE FreeBSD 2.2-RELEASE #0: 
Tue Mar 18 10:43:58 CST 1997     
root@blowfish.office.gulf.net:/usr/src/sys/compile/N2  i386

>Description:
When machines configured with ipfw receive a packet that would be 
denied, the kernel panics.  The problem also exists in 3.0 snap, but not
in 2.1.x
>How-To-Repeat:
Compile ipfw support into the kernel and do something like this:
ipfw -f flush
ipfw add allow all from xxx.xxx.xxx.xxx to any
ipfw deny icmp from any to xxx.xxx.xxx.xxx
ping freebsd.org
  Upon receiving the returning icmp packet, the kernel will bomb.
>Fix:
unknown.  A workaround is to not deny packets.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: alex 
State-Changed-When: Mon May 5 19:13:00 PDT 1997 
State-Changed-Why:  
Fixed in rev 1.57 of ip_fw.c. 
>Unformatted:
