some ipfw filter does not function under Release 6.3
Jin Guojun[VFF]
jguojun at gmail.com
Sun Nov 16 20:36:34 PST 2008
Ian Smith wrote:
>On Sun, 16 Nov 2008, Jin Guojun[VFF] wrote:
> > Ian Smith wrote:
> >
> > > On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote:
> > >
> > > > I think this is a bug in ipfw because after change the rule order, the
> > > > problem persists:
> > > > 00566 26 3090 deny ip from 221.192.199.36 to any
> > > > 65330 2018 983473 allow tcp from any to any established
> > > > 65535 0 0 deny ip from any to any
> > >
>.... snapped
>
> > I have found the problem due to the NIC naming change after motherboard
> > upgrading.
> > The em0 was LAN port, but now it is WAN port. So, the following rule caused
> > Sync coming in:
> >
> > 00123 12 528 allow tcp from any to 192.168.0.0/16 via em0 setup
>
>Ahah!
>
> > This is my configuration fault, and we can close PR kern/128902.
> >
> > Thanks,
> > -Jin
>
>Glad you found it so soon, Jin; that was one very short-lived PR :)
>
>
This is kind hard one to catch since this machine was tested and working
before.
Traced many machines with R-6.1 and R-6.2 around country and found no
problem.
The recent change to this machine is a AMD to a P4 motherboard swapping
for better memory
bandwidth, but overlooked the NIC names changed.
Now we had historical information for what could cause such failure.
-Jin
More information about the freebsd-questions
mailing list