Date: Thu, 19 Dec 2002 14:17:39 +0100 From: Roman Neuhauser <neuhauser@bellavista.cz> To: James Pace <jepace@pobox.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw and rule 65535 Message-ID: <20021219131739.GM45336@freepuppy.bellavista.cz> In-Reply-To: <20021217183421.I3893-100000@tigger.pacehouse.com> References: <20021217183421.I3893-100000@tigger.pacehouse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
# jepace@pobox.com / 2002-12-17 18:37:34 -0800:
>
> Here is the end of the output from 'ipfw show':
>
> 04000 0 0 deny log ip from any to any
> 65535 91 8227 deny ip from any to any
>
> Can anyone explain why the last rule is getting hit? I was under the
> impression that the rules are traversed in order, so 4000 should catch
> anything that -1 would.
>
> This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002
Isn't that packets that hit the interface after it came up, but
before the ruleset was loaded?
kernel loads -> ipfw add 65535 deny all from any to any
/etc/rc.network -> ifconfig ...
/etc/rc.network -> load the ipfw ruleset
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021219131739.GM45336>