Re: Fwd: 5.2-RC + ipfw

• Previous message: Luigi Rizzo: "Re: how to saturate 100Mbit"
• In reply to: Nate Grey: "Fwd: 5.2-RC + ipfw"
• Next in thread: Nate Grey: "Re: Fwd: 5.2-RC + ipfw"
• Reply: Nate Grey: "Re: Fwd: 5.2-RC + ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sat, 13 Dec 2003 21:47:07 +0300 (MSK)
To: Nate Grey <NateBSD@yahoo.it>

[ CC: Luigi ]

On Sat, 13 Dec 2003, 11:49-0000, Nate Grey wrote:

> Hello,
>
> on 5.2-RC I get this error from ipfw:
>
> ipfw in free(): error: modified (chunk -) pointer
> Aboirt trap (core dumped)
>
> examining my firewall script I noticed that error occurs when ipfw try to
> load this rules
>
> fwcmd="/sbin/ipfw -q/"
> ${fwcmd} add 310 set 1 deny ip from $bad_guys to any in recv ep0
> ${fwcmd} add 310 set 2 deny ip from any to $bad_guys out via ep0
>
> badguys are:
>
> bad_guys="(\
> 127.0.0.0/8 or \
> 192.168.0.1/16 or \
> 10.0.0.0/8 or \
> 172.16.0.0/12 or \
> 0.0.0.0/8 or \
> 169.254.0.0/16 or \
> 192.0.2.0/24 or \
> 224.0.0.0/4 \
> )"
>
> anyway, according to `ipfw sh` output the rules are loaded.

Please try an enclosed patch or put a whitespace right after the '('
before '\'.

Index: ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.42
diff -u -r1.42 ipfw2.c
--- ipfw2.c 31 Oct 2003 18:31:55 -0000 1.42
+++ ipfw2.c 13 Dec 2003 18:42:18 -0000
@@ -2901,15 +2901,14 @@
                 goto done;

 #define OR_START(target) \
- if (ac && (*av[0] == '(' || *av[0] == '{')) { \
+ if (ac && ( \
+ !strncmp(*av, "(", strlen(*av)) || \
+ !strncmp(*av, "{", strlen(*av)) )) { \
                 if (open_par) \
                         errx(EX_USAGE, "nested \"(\" not allowed\n"); \
                 prev = NULL; \
                 open_par = 1; \
- if ( (av[0])[1] == '\0') { \
- ac--; av++; \
- } else \
- (*av)++; \
+ ac--; av++; \
         } \
         target: \

%%%

-- 
Maxim Konovalov, maxim@macomnet.ru, maxim@FreeBSD.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Luigi Rizzo: "Re: how to saturate 100Mbit"
• In reply to: Nate Grey: "Fwd: 5.2-RC + ipfw"
• Next in thread: Nate Grey: "Re: Fwd: 5.2-RC + ipfw"
• Reply: Nate Grey: "Re: Fwd: 5.2-RC + ipfw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Fwd: 5.2-RC + ipfw ... Aboirt trap ... examining my firewall script I noticed that error occurs when ipfw try to ... load this rules ... (freebsd-net) Re: [PATCH] ng_tag - new netgraph node, please test (L7 filtering possibility) ... > I can't load the kld on my Sun Sparc, I think I messed up ld yesterday ... so exact tags representation can change each time ... (for this reason ipfw tags were made incompatible with pf), ... > I'm particularly interested in this for doing packed shaping, ... (freebsd-current) Re: Simplest way to block a single IP? ... > I've got a system that's sending a ton of referral spam to websites on ... If that's *really* all you want to do, setup your kernel config to ... rule to your firewall script. ... ipfw -f flush ... (freebsd-questions) Re: make buildkernel failed related to ip_divert module ... Then you can load everything as module. ... unless you want to use 'ipfw fwd'. ... interface and 192.168.10.1/24 on the other interface with a default ... That is the reason for the check. ... (freebsd-current) IPFW2 script with natd and loadsharing ... in the same IPFW2 firewall script. ... ipfw -f -q flush ... # Package going in the download-direction are translated by NATD ... ipfw add 100 divert natd ip from any to 192.168.10.248 // Download ... (freebsd-questions)