Date: Thu, 15 Feb 2001 13:03:42 +0000 From: Chris Elsworth <chrise@demon.net> To: stable@freebsd.org Subject: ipfw query.. Message-ID: <20010215130342.A95395@demon.net>
next in thread | raw e-mail | index | archive | help
Hi, I'm sure I'm doing something really fundamentally wrong here, but if I do this with ipfw: 00300 0 0 pipe 15 ip from any to 195.11.8.227 00400 0 0 pipe 20 ip from 195.11.8.227 to any and then later on: 03000 0 0 unreach host tcp from any to 195.11.8.227 3306 I find that rules going through the pipe (ie, everything, I want to count the packets/bytes and restrict when needs be) does not go through any further rules, so it ignores the port 3306 unreachable. The manpage says to set net.inet.ip.fw.one_pass to 0, and I have done so: gw-0# sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 What am I missing? Why doesn't the packet carry on going through the rules after going through the pipe? Cheers for any tips -- Chris Elsworth tel: 020 8371 1041 _ . Systems Administrator mob: 07968 324 693 demon @ thus . . Web & Hosting Team chrise@demon.net http://www.demon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010215130342.A95395>