From owner-freebsd-questions Thu Dec 19 4: 5:30 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A5FA37B401 for ; Thu, 19 Dec 2002 04:05:29 -0800 (PST) Received: from sima.sita.kiev.ua (sima.sita.kiev.ua [193.193.223.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id C20B043ED8 for ; Thu, 19 Dec 2002 04:05:21 -0800 (PST) (envelope-from ay@sita.kiev.ua) Received: (from ay@localhost) by sima.sita.kiev.ua (8.Who.Cares/8.Who.Cares) id gBJC5De16443; Thu, 19 Dec 2002 14:05:13 +0200 (EET) (envelope-from ay) Date: Thu, 19 Dec 2002 14:05:13 +0200 (EET) Message-Id: <200212191205.gBJC5De16443@sima.sita.kiev.ua> From: ay@sita.kiev.ua To: freebsd-questions@freebsd.org Subject: Re: ipfw and rule 65535 Organization: SitaNet User-Agent: tin/1.4.1-19991201 ("Polish") (UNIX) (FreeBSD/4.5-RELEASE (i386)) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In article <20021217183421.I3893-100000@tigger.pacehouse.com.lucky.freebsd.questions> you wrote: > Here is the end of the output from 'ipfw show': > 04000 0 0 deny log ip from any to any > 65535 91 8227 deny ip from any to any > Can anyone explain why the last rule is getting hit? I was under the > impression that the rules are traversed in order, so 4000 should catch > anything that -1 would. Rule 65535 is added automatically due to kernel config option IPFILTER_DEFAULT_TO_??? default is to deny any connections, that are not permitted in rc.firewall. -- AY7-UANIC || AY15-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message