On 03:50+0300, Jan 28, 2003, Oleg Baranov wrote:
> It looks like firewall in 5.0-RELEASE doesn't respect uid option.
> I migrated from 4.7 where the following lines worked fine:
>
> allow tcp from me to any uid 500 setup
> allow udp from me to any uid 500 keep-state
>
> I couldn't get these lines working on 5.0 (packets don't match these rules).
> it's a little strange thing - the following lines DO work, but they
> match for ANY user on the system:
>
> allow tcp from me to any uid 0 setup
> allow udp from me to any uid 0 keep-state
>
> also the counters are updated in a mysterious way...
> it's a very confusing thing for me. can anyone help to solve the problem
> plz?
Please try a patch below.
Index: sys/netinet/ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.25
diff -u -r1.25 ip_fw2.c
--- sys/netinet/ip_fw2.c 21 Jan 2003 08:56:03 -0000 1.25
+++ sys/netinet/ip_fw2.c 29 Jan 2003 11:50:32 -0000
@@ -1515,7 +1515,7 @@
#endif
if (cmd->opcode == O_UID) {
match =
- socheckuid(pcb->inp_socket,
+ !socheckuid(pcb->inp_socket,
(uid_t)((ipfw_insn_u32 *)cmd)->d[0]);
} else {
match = groupmember(
%%%
--
Maxim Konovalov, [EMAIL PROTECTED], [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
