Date: Tue, 13 Dec 2005 16:14:30 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: puzzling "ipfw show" output Message-ID: <200512131514.jBDFEUcu025274@lurza.secnetix.de> In-Reply-To: <439D3053.3020504@optusnet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Graham Menhennitt <gmenhennitt@optusnet.com.au> wrote: > I got the following output from "ipfw show" in my daily security run output email. > > +++ /tmp/security.yri47lgA Mon Dec 12 03:01:45 2005 > +00522 3530 1204158 deny ip from 10.0.0.0/8 to any via sis1 > +02522 18 784 deny tcp from any to any in via sis1 setup > +65530 0 0 deny ip from any to any > +65535 2 688 deny ip from any to any > > Could somebody please explain to me how those packets got past rule 65530 to be > stopped by (the identical) rule 65535? In addition to the explanations already given, the above output from "ipfw show" could also be caused by a rule saying "skip 65535" somewhere. ;-) Of course, I assume that you wrote the whole rule set yourself, so you would be aware of such a skip rule. I just wanted to mention the possibility that rules need not be evaluated in strict numerical order. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "C++ is the only current language making COBOL look good." -- Bertrand Meyer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512131514.jBDFEUcu025274>