From owner-freebsd-bugs  Sat Jul 13 12:50:10 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3A33F37B401
	for <freebsd-bugs@hub.freebsd.org>; Sat, 13 Jul 2002 12:50:05 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F000E43E5E
	for <freebsd-bugs@hub.freebsd.org>; Sat, 13 Jul 2002 12:50:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6DJo4JU036799
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 13 Jul 2002 12:50:04 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6DJo3SO036797;
	Sat, 13 Jul 2002 12:50:03 -0700 (PDT)
Date: Sat, 13 Jul 2002 12:50:03 -0700 (PDT)
Message-Id: <200207131950.g6DJo3SO036797@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
Subject: Re: kern/40530: stuck ipfw rule
Reply-To: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR kern/40530; it has been noted by GNATS.

From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/40530: stuck ipfw rule
Date: Sat, 13 Jul 2002 16:52:39 -0300

 From ipfw(8) man page:
 
      A configuration always includes a DEFAULT rule (numbered 65535) which
      cannot be modified, and matches all packets.  The action associated with
      the default rule can be either deny or allow depending on how the kernel
      is configured.
 
 You might want to look at rc.conf(5) (firewall_type) aswell.
 
 ppl
 
 On Sat, Jul 13, 2002 at 11:10:27AM -0700, mike wrote:
 > If i do ipfw flush there is still a rule left 65535 502  63182
 > deny ip from any to any
 >
 > No matter what allow rules come before this it still blocks alot of traffic?
 >
 > Before, when I did ipfw flush all rules would go away?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message