Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Dec 2002 12:49:32 +0100
From:      Jens Rehsack <rehsack@liwing.de>
To:        Ronan Lucio <ronan@melim.com.br>
Cc:        James Pace <jepace@pobox.com>, freebsd-questions@freebsd.org
Subject:   Re: ipfw and rule 65535
Message-ID:  <3E01B24C.8060601@liwing.de>
References:  <20021217183421.I3893-100000@tigger.pacehouse.com> <01a801c2a74f$c0ef04e0$34a8a8c0@melim.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ronan Lucio wrote:
> There are some kind of packets that isn´t IP packets.
> I don´t known exactly whichs, but a good read in
> 
> man tcpdump
> man ipfw
> man bridge
> 
> will make you make you undestand it better
> 
> Ronan
> 

I don't know how it's in ipfw, but ipf uses the last matching rule if no 
"quick" keyword is used.

less /etc/ipf.rules
--- BEGIN
block in all
block out all

pass in on xl0 from 10.0.0.0/24 to any

pass in quick on lo0 from 127.0.0.0/8 to 127.0.0.0/8
pass out quick on lo0 from 127.0.0.0/8 to 127.0.0.0/8
--- END

means: anything get's blocked except what's coming in on xl0 with ip 
10.0.0.0/24 and what's going over the lo0 device using loopback addresses.

less /etc/ipf.rules
--- BEGIN
block in quick all

pass in on xl0 from 10.0.0.0/24 to any
--- END

will match anything at start and nothing gets in - never!

Jens

>>Here is the end of the output from 'ipfw show':
>>
>>04000   0     0 deny log ip from any to any
>>65535  91  8227 deny     ip from any to any
>>
>>Can anyone explain why the last rule is getting hit?  I was under the
>>impression that the rules are traversed in order, so 4000 should catch
>>anything that -1 would.
>>
>>This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002
>>
>>Thanks!
>>
>>-James
>>
>>--
>>James Pace <jepace@pobox.com>
>>
>>
>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>with "unsubscribe freebsd-questions" in the body of the message
>>
>>
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 



-- 
L     i  W     W     W  i                 Jens Rehsack
L        W     W     W
L     i   W   W W   W   i  nnn    gggg    LiWing IT-Services
L     i    W W   W W    i  n  n  g   g
LLLL  i     W     W     i  n  n  g   g    Friesenstraße 2
                                   gggg    06112 Halle
                                      g
                                  g   g
Tel.:  +49 - 3 45 - 5 17 05 91    ggg     e-Mail: <rehsack@liwing.de>
Fax:   +49 - 3 45 - 5 17 05 92            http://www.liwing.de/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E01B24C.8060601>