tag/untag

From: Mikhail Holt <mikhail.k.holt_at_gmail.com>
Date: Wed, 08 Nov 2023 07:26:18 UTC 
Hello List,

On a recent Stable 13 test host I, by accident, found that:

/sbin/ipfw -q add 0031 allow              tcp from 192.168.64.0/24 to me 
dst-port ssh in via igb3 setup keep-state   WORKS

/sbin/ipfw -q add 0031 allow log          tcp from 192.168.64.0/24 to me 
dst-port ssh in via igb3 setup keep-state   WORKS

/sbin/ipfw -q add 0031 allow log tag   10 tcp from 192.168.64.0/24 to me 
dst-port ssh in via igb3 setup keep-state   WORKS

/sbin/ipfw -q add 0031 allow log untag 10 tcp from 192.168.64.0/24 to me 
dst-port ssh in via igb3 setup keep-state   WORKS

/sbin/ipfw -q add 0031 allow     untag 10 tcp from 192.168.64.0/24 to me 
dst-port ssh in via igb3 setup keep-state   DOES NOT WORK?
- A dynamic rule is created as per the rules that work.
- Packets are logged by a deny all rule which of course is never reached 
by the rules that work.

Not a real issue for me but thought it worth noting.

Mik.