From owner-freebsd-current  Mon Mar 25 07:01:53 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA01274
          for current-outgoing; Mon, 25 Mar 1996 07:01:53 -0800 (PST)
Received: from s1.GANet.NET (s1.GANet.NET [199.18.201.2])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA01265
          for <freebsd-current@FreeBSD.ORG>; Mon, 25 Mar 1996 07:01:50 -0800 (PST)
Received: (from ec0@localhost) by s1.GANet.NET (8.6.11/8.6.11) id KAA02367; Mon, 25 Mar 1996 10:00:14 -0500
Date: Mon, 25 Mar 1996 10:00:13 -0500 (EST)
From: Eric Chet <ec0@s1.GANet.NET>
To: Jian-Da Li <jdli@FreeBSD.csie.NCTU.edu.tw>
cc: freebsd-current@FreeBSD.ORG
Subject: Re: 2.2-960323-SNAP: ipfw problem
In-Reply-To: <199603251332.VAA00749@FreeBSD.csie.NCTU.edu.tw>
Message-ID: <Pine.SOL.3.91.960325095339.14170A-100000@s1>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 25 Mar 1996, Jian-Da Li wrote:

> 
> 	Hi :
> 
> 	I just upgraded to 960323 from 960212, and my network was dead.
> 	After try&error for 2 hours, I found that if I add IPFW-related
> 	functions into kernel, my network will die even localhost.
> 	The problem is, my ipfw list is empty, it should not block any
> 	host.
	
	Hello
	The latest implementation of ipfw is to block everything if your
list is empty.  It makes sense, you put a firewall in place but you did
not tell it which ip's to not firewall.

Eric J. Chet (ejc@nasvr1.cb.att.com || ec0@ganet.net)
Lucent Technologies, Bell Labs Innovations
Columbus, Ohio 43213  RM 1E222