From swear@blarg.net Fri Mar 15 18:06:40 2002 Return-Path: Received: from lists.blarg.net (lists.blarg.net [206.124.128.17]) by hub.freebsd.org (Postfix) with ESMTP id 51F6C37B404 for ; Fri, 15 Mar 2002 18:06:39 -0800 (PST) Received: from thig.blarg.net (thig.blarg.net [206.124.128.18]) by lists.blarg.net (Postfix) with ESMTP id F1AC7BE6B for ; Fri, 15 Mar 2002 18:06:38 -0800 (PST) Received: from localhost.localdomain ([206.124.139.115]) by thig.blarg.net (8.9.3/8.9.3) with ESMTP id SAA13549 for ; Fri, 15 Mar 2002 18:06:27 -0800 Received: (from jojo@localhost) by localhost.localdomain (8.11.6/8.11.3) id g2G29CQ65838; Fri, 15 Mar 2002 18:09:12 -0800 (PST) (envelope-from swear@blarg.net) Message-Id: Date: 15 Mar 2002 18:09:12 -0800 From: "Gary W. Swearingen" Reply-To: swear@blarg.net To: FreeBSD-gnats-submit@freebsd.org Subject: ipfw(8) needs explicit statement about non-IP packets X-GNATS-Notify: >Number: 35939 >Category: docs >Synopsis: ipfw(8) needs explicit statement about non-IP packets >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: closed >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Mar 15 18:10:01 PST 2002 >Closed-Date: Sun Nov 17 15:39:49 PST 2002 >Last-Modified: Sun Nov 17 15:39:49 PST 2002 >Originator: Gary W. Swearingen >Release: FreeBSD 4.5-STABLE i386 >Organization: none >Environment: n/a ================ >Description: It would be helpful if ipfw explicitly stated the handling of non-IP packets instead of just implying it by saying that ipfw(8) scans for incoming and outgoing IP packets. The implication is easily missed. Apparently, this has been a source of confusion, especially given the changing nature of the handling of non-IP packets. ================ >How-To-Repeat: n/a ================ >Fix: In the "Description" section, in the second paragraph, after the first sentence, insert this sentence: (Non-IP packets, e.g., ARP or IPX, are not seen by ipfw(8) at all and so may be considered to be always passed by this firewall.) From my brief conversation with Joost Bekkers I understand that this has not always been the behavior and will not be when he's done, but that's the way it is now, as confirmed by the bridge(8) page. >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: luigi State-Changed-When: Sun Nov 17 15:39:19 PST 2002 State-Changed-Why: no more relevant, the ipfw manpage now explains clearly which packets are analysed by ipfw and where. http://www.freebsd.org/cgi/query-pr.cgi?pr=35939 >Unformatted: