From owner-freebsd-ipfw Mon Feb 10 10:47:39 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 33C6837B401 for ; Mon, 10 Feb 2003 10:47:38 -0800 (PST) Received: from mail.agtel.net (babylon.agtel.net [212.111.64.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id A87CB43FB1 for ; Mon, 10 Feb 2003 10:47:36 -0800 (PST) (envelope-from jema@sendmail.ru) Received: from [195.19.9.199] (account ) by mail.agtel.net (CommuniGate Pro WebUser 4.0.3) with HTTP id 24345945 for ; Mon, 10 Feb 2003 21:47:33 +0300 From: "Andy Jema" Subject: ipfw2 bug? To: freebsd-ipfw@freebsd.org X-Mailer: CommuniGate Pro Web Mailer v.4.0.3 Date: Mon, 10 Feb 2003 21:47:33 +0300 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="KOI8-R"; format="flowed" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I try to use the folowing ruleset: ipfw add check-state ipfw add allow tcp from me to any keep-state out via fxp0 setup ipfw add allow udp from me to any keep-state out via fxp0 ipfw add allow icmp from me to any keep-state out via fxp0 ipfw add 65435 deny log ip from any to any but in attempt of tracerouting of any external host i'm getting the denying message in log Feb 11 21:25:04 nss1 /ns1: ipfw: 65435 Deny ICMP:11.0 in via fxp0 At the same time when i use the common rule like ipfw check-state ipfw add allow ip from me to any keep-state out via fxp0 all works fine What's the deal? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message