From owner-freebsd-net@FreeBSD.ORG Wed Sep 29 06:48:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 089AD16A4CE; Wed, 29 Sep 2004 06:48:28 +0000 (GMT) Received: from proxy.nelsonbay.com (proxy.nelsonbay.com [203.222.55.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BC5043D55; Wed, 29 Sep 2004 06:48:25 +0000 (GMT) (envelope-from leon@nelsonbay.com) Received: from bell.nelsonbay.com (bell.nelsonbay.com [203.222.55.34]) by proxy.nelsonbay.com (8.12.9/8.12.9) with ESMTP id i8T6mOhn089975; Wed, 29 Sep 2004 16:48:24 +1000 (EST) (envelope-from leon@nelsonbay.com) Received: (from root@localhost) by bell.nelsonbay.com (8.12.11/8.12.11) id i8T6mOqJ072146; Wed, 29 Sep 2004 16:48:24 +1000 (EST) (envelope-from leon@nelsonbay.com) Received: from bell.nelsonbay.com (localhost [127.0.0.1]) by bell.nelsonbay.com (8.12.11/8.12.11) with ESMTP id i8T6mNTb072106; Wed, 29 Sep 2004 16:48:23 +1000 (EST) (envelope-from leon@nelsonbay.com) Received: from localhost (leon@localhost)i8T6mNv5072102; Wed, 29 Sep 2004 16:48:23 +1000 (EST) X-Authentication-Warning: bell.nelsonbay.com: leon owned process doing -bs Date: Wed, 29 Sep 2004 16:48:23 +1000 (EST) From: Leon Garde X-X-Sender: leon@localhost To: freebsd-net@freebsd.org, freebsd-bugs@freebsd.org Message-ID: <20040929162559.P31282@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=1.0 required=5.0 tests=SARE_SUB_RAND_LETTRS4 autolearn=no version=2.64 X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on bell.nelsonbay.com X-scanner: scanned by Inflex 1.0.12.3 Subject: IPFW and 5.2.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 06:48:28 -0000 Any explanation or fix for my problem with ipfw ... yes I did search the mailing list archives, couldnt find anything relevant. Kernel 5.2.1, freshly loaded off CD, as in rm -rf /usr/src/* ../install.sh base ../install.sh tools ../install.sh sys cp ~leon/GUASS /usr/src/sys/i386/conf/GUASS cd /usr/src make buildkernel KERNCONF=GUASS make installkernel KERNCONF=GUASS reboot Its a relatively fresh install of 5.2.1.. and a picobsd style install derived from same. guass# ipfw -a list 00001 0 0 deny ip from any to 203.222.55.37 via rl0 65535 1287 499525 allow ip from any to any guass# ping 203.222.55.37 PING 203.222.55.37 (203.222.55.37): 56 data bytes 64 bytes from 203.222.55.37: icmp_seq=0 ttl=255 time=0.281 ms 64 bytes from 203.222.55.37: icmp_seq=1 ttl=255 time=0.207 ms < packets are flowing by rl0, despite the ipfw rule to stop them !, rl0 being the only network interface 'connected' ) guass# ipfw delete 1 guass# ipfw add 1 deny ip from any to any guass# ping 203.222.55.37 < No answer, like u would hope> Yes, I have searched archives. Why does "via rl0" , "in recv rl0" , "out xmit rl0" , (or via wi0, in recv wi0, out xmit wi0 ) Is it a known bug ? Can't think of anything else relevant to add. ipfw seems seriously broken in 5.2.1 ??? ------------------------ Leon leon@nelsonbay.com Ph 02 4984 1422