From hsn@netmag.cz  Tue Feb  1 17:19:58 2005
Return-Path: <hsn@netmag.cz>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8089216A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  1 Feb 2005 17:19:58 +0000 (GMT)
Received: from smtp2.vol.cz (smtp2.vol.cz [195.250.128.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 412DB43D1D
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  1 Feb 2005 17:19:57 +0000 (GMT)
	(envelope-from hsn@netmag.cz)
Received: from sanatana.dharma (volny-ipt-4-224.dialup.vol.cz [62.177.67.224])
	by smtp2.vol.cz (8.12.9p2/8.12.9) with ESMTP id j11HJs8T056099
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 1 Feb 2005 18:19:55 +0100 (CET)
	(envelope-from hsn@netmag.cz)
Received: from hsn@localhost
	by sanatana.dharma (Exim 4.42_0 FreeBSD) id 1CvusG-000GMG-8N
	; Tue, 01 Feb 2005 11:03:08 +0100
Message-Id: <E1CvusG-000GMG-8N@sanatana.dharma>
Date: Tue, 01 Feb 2005 11:03:08 +0100
From: Radim Kolar <hsn@netmag.cz>
Reply-To: Radim Kolar <hsn@netmag.cz>
To: FreeBSD-gnats-submit@freebsd.org
Cc: <hsn@netmag.cz>
Subject: ipfw antispoof incorrectly blocks broadcasts
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         76971
>Category:       kern
>Synopsis:       [ipfw] ipfw antispoof incorrectly blocks broadcasts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    oleg
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 01 17:20:16 GMT 2005
>Closed-Date:    Sun Feb 12 12:47:56 GMT 2006
>Last-Modified:  Sun Feb 12 12:47:56 GMT 2006
>Originator:     Radim Kolar
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
sd
>Environment:
System: FreeBSD sanatana.dharma 5.3-STABLE FreeBSD 5.3-STABLE #3: Sat Jan 29 08:58:45 CET 2005 root@sanatana.dharma:/usr/obj/usr/src/sys/UP i386

>Description:
Anti spoof ipfw check rule blocks incoming broadcast from our host.
This confuses many apps using broadcasts, because they expect to receive
their own messages. Broadcast should not be Deny, because it arrives on
good network interface.
	
>How-To-Repeat:
ipfw rule

00110 3 624 deny log logamount 200 ip from any to any not antispoof

incorrectly blocks broadcasts generated by local applications, such as
rwho, routed and so on.

Feb  1 10:56:58 sanatana kernel: ipfw: 110 Deny UDP 192.168.1.2:513 192.168.1.255:513 in via ed0

sanatana# ifconfig ed0
ed0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
>Fix:
	
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: arved 
Responsible-Changed-When: Tue May 10 13:20:47 GMT 2005 
Responsible-Changed-Why:  
Over to freebsd-ipfw mailinglist 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76971 
State-Changed-From-To: open->closed 
State-Changed-By: yar 
State-Changed-When: Sun Feb 12 12:46:00 UTC 2006 
State-Changed-Why:  
oleg@ has fixed this bug in all active branches.  Thanks! 


Responsible-Changed-From-To: freebsd-ipfw->oleg 
Responsible-Changed-By: yar 
Responsible-Changed-When: Sun Feb 12 12:46:00 UTC 2006 
Responsible-Changed-Why:  
oleg@ has fixed this bug in all active branches.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=76971 
>Unformatted:
