From owner-freebsd-stable@FreeBSD.ORG  Mon Dec 12 08:39:48 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3314F16A420
	for <freebsd-stable@freebsd.org>; Mon, 12 Dec 2005 08:39:48 +0000 (GMT)
	(envelope-from trond@ramstind.gtf.ol.no)
Received: from ramstind.gtf.ol.no (ramstind.gtf.ol.no [128.39.174.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6006143D58
	for <freebsd-stable@freebsd.org>; Mon, 12 Dec 2005 08:39:47 +0000 (GMT)
	(envelope-from trond@ramstind.gtf.ol.no)
Received: from ramstind.gtf.ol.no (Ximalas@localhost [127.0.0.1])
	by ramstind.gtf.ol.no (8.12.9/8.12.9) with ESMTP id jBC8djjA053085
	for <freebsd-stable@freebsd.org>; Mon, 12 Dec 2005 09:39:45 +0100 (CET)
	(envelope-from trond@ramstind.gtf.ol.no)
Received: from localhost (trond@localhost)
	by ramstind.gtf.ol.no (8.12.9/8.12.3/Submit) with ESMTP id
	jBC8djIR053082
	for <freebsd-stable@freebsd.org>; Mon, 12 Dec 2005 09:39:45 +0100 (CET)
Date: Mon, 12 Dec 2005 09:39:44 +0100 (CET)
From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
To: FreeBSD stable <freebsd-stable@freebsd.org>
In-Reply-To: <439D3053.3020504@optusnet.com.au>
Message-ID: <20051212092932.T40542@ramstind.gtf.ol.no>
References: <439D3053.3020504@optusnet.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Subject: Re: puzzling "ipfw show" output
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2005 08:39:48 -0000

On Mon, 12 Dec 2005 19:09+1100, Graham Menhennitt wrote:

> The only explanation I have is that the packets arrived between the
> time when the machine started accepting incoming packets and when
> the rules were loaded in /etc/rc.d/ipfw.

You just explained this yourself.

One solution to this small problem could be to change part of the boot
sequence into this:

a. Create VLAN interfaces etc if configured, assign IP addresses to
   each configured interface, but do not UP them.

b. Load the firewall rules, and optionally turn on forwarding.

c. Set all configured interfaces to UP.

One last question:

Why do you need rule 65530 when the built-in rule 65535 does the same
job?

-- 
----------------------------------------------------------------------
Trond Endrestøl                          |   trond@fagskolen.gjovik.no
Patron of The Art of Computer Programming|   FreeBSD 4.8-S & Pine 4.55