Project

General

Profile

Actions

Bug #1958

closed

CP ipfw ruleset has two rules with the same number

Added by Dim Hatz over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Captive Portal
Target version:
-
Start date:
10/14/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Not at all sure if it's an issue or not (haven't used ipfw before), but I've noticed that on my system 'ipfw show' prints two rules with the same rule number (00003). These are auto-created rules by the MAC-passthrough feature of pfsense's webGUI.

ipfw show | head

00002 423281 626842533 allow ip from any to any MAC 12:12:12:12:12:12 any
00003 275666  14849444 allow ip from any to any MAC any 12:12:12:12:12:12
00003  70157  46820607 allow ip from any to any MAC 00:ab:ab:ab:ab:01 any
00004  81914  40592665 allow ip from any to any MAC any 00:ab:ab:ab:ab:01
65291      0         0 allow pfsync from any to any
65292      0         0 allow carp from any to any
65301  30282   1392612 allow ip from any to any layer2 mac-type 0x0806
65302      0         0 allow ip from any to any layer2 mac-type 0x888e
65303      0         0 allow ip from any to any layer2 mac-type 0x88c7

I'm attaching /tmp/ipfw.cp.rules and excerpts from config.xml and 'ipfw show' (actual MAC addresses changed)


Files

ipfw.cp.rules (2.06 KB) ipfw.cp.rules Dim Hatz, 10/14/2011 08:04 PM
ipfw-show.txt (898 Bytes) ipfw-show.txt Dim Hatz, 10/14/2011 08:04 PM
config.xml (809 Bytes) config.xml Dim Hatz, 10/14/2011 08:04 PM
Actions #1

Updated by Chris Buechler over 12 years ago

  • Affected Version set to 2.0

notes from originator:

ipfw show | head

00002   590   305766 allow ip from any to any MAC 00:ab:ab:ab:ab:01 any
00003   496   103391 allow ip from any to any MAC any 00:ab:ab:ab:ab:01
00004 89123 42150341 allow ip from any to any MAC any 00:ab:ab:ab:ab:01
65291     0        0 allow pfsync from any to any
65292     0        0 allow carp from any to any
65301 35959  1653682 allow ip from any to any layer2 mac-type 0x0806
65302     0        0 allow ip from any to any layer2 mac-type 0x888e
65303     0        0 allow ip from any to any layer2 mac-type 0x88c7

and re-adding the MAC (from webGUI) produces

ipfw show | head

00002  1832   961552 allow ip from any to any MAC 00:ab:ab:ab:ab:01 any
00003  1499   310517 allow ip from any to any MAC any 00:ab:ab:ab:ab:01
00004 89123 42150341 allow ip from any to any MAC any 00:ab:ab:ab:ab:01
00004     0        0 allow ip from any to any MAC 12:12:12:12:12:12 any
00005     0        0 allow ip from any to any MAC any 12:12:12:12:12:12
65291     0        0 allow pfsync from any to any
65292     0        0 allow carp from any to any
65301 36437  1675670 allow ip from any to any layer2 mac-type 0x0806
65302     0        0 allow ip from any to any layer2 mac-type 0x888e
65303     0        0 allow ip from any to any layer2 mac-type 0x88c7

Actions #2

Updated by Chris Buechler over 12 years ago

  • Status changed from New to Closed

forgot this was here, opened #1976 instead which has the specific problem.

Actions

Also available in: Atom PDF