From owner-freebsd-questions  Thu Dec 19  5:17:43 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A48C37B401
	for <freebsd-questions@freebsd.org>; Thu, 19 Dec 2002 05:17:42 -0800 (PST)
Received: from mail.bellavista.cz (mail.bellavista.cz [62.168.44.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A65443ED4
	for <freebsd-questions@freebsd.org>; Thu, 19 Dec 2002 05:17:41 -0800 (PST)
	(envelope-from neuhauser@bellavista.cz)
Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10])
	by mail.bellavista.cz (Postfix) with ESMTP
	id BEC5855; Thu, 19 Dec 2002 15:13:40 +0100 (CET)
Received: by freepuppy.bellavista.cz (Postfix, from userid 1001)
	id 016D12FDCD0; Thu, 19 Dec 2002 14:17:39 +0100 (CET)
Date: Thu, 19 Dec 2002 14:17:39 +0100
From: Roman Neuhauser <neuhauser@bellavista.cz>
To: James Pace <jepace@pobox.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: ipfw and rule 65535
Message-ID: <20021219131739.GM45336@freepuppy.bellavista.cz>
Mail-Followup-To: James Pace <jepace@pobox.com>,
	freebsd-questions@freebsd.org
References: <20021217183421.I3893-100000@tigger.pacehouse.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20021217183421.I3893-100000@tigger.pacehouse.com>
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

# jepace@pobox.com / 2002-12-17 18:37:34 -0800:
> 
> Here is the end of the output from 'ipfw show':
> 
> 04000   0     0 deny log ip from any to any
> 65535  91  8227 deny     ip from any to any
> 
> Can anyone explain why the last rule is getting hit?  I was under the
> impression that the rules are traversed in order, so 4000 should catch
> anything that -1 would.
> 
> This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002

    Isn't that packets that hit the interface after it came up, but
    before the ruleset was loaded?

    kernel loads -> ipfw add 65535 deny all from any to any
    /etc/rc.network -> ifconfig ...
    /etc/rc.network -> load the ipfw ruleset

-- 
If you cc me or remove the list(s) completely I'll most likely ignore
your message.    see http://www.eyrie.org./~eagle/faqs/questions.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message