From owner-freebsd-questions Thu May 21 00:17:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA13900 for freebsd-questions-outgoing; Thu, 21 May 1998 00:17:45 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [194.93.177.113]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA13316 for ; Thu, 21 May 1998 00:14:31 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.8.8/8.8.8) id KAA17634; Thu, 21 May 1998 10:14:26 +0300 (EEST) (envelope-from ru) Message-ID: <19980521101425.B17484@ucb.crimea.ua> Date: Thu, 21 May 1998 10:14:25 +0300 From: Ruslan Ermilov To: "'questions@freebsd.org'" Subject: Re: ipfw: is this a bug ? Mail-Followup-To: "'questions@freebsd.org'" References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91i In-Reply-To: ; from Raul Zighelboim on Wed, May 20, 1998 at 03:12:47PM -0500 X-Operating-System: FreeBSD 2.2.6-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, May 20, 1998 at 03:12:47PM -0500, Raul Zighelboim wrote: > > I see the following output at the end of 'ipfw show' and cannot > understand why a rule will match 65535 but not 03600. > > 03600 0 0 deny log ip from any to any > 65535 248 81372 deny ip from any to any The rule 65535 exists always (it may be ``allow'' if you're compiled your kernel with IPFIREWALL_DEFAULT_TO_ACCEPT). When the firewall is initialized (/etc/rc.firewall), it takes some time. At this time rule 3600 doesn't yet exist, and packets will be dropped with rule 65535. -- Ruslan Ermilov System Administrator ru@ucb.crimea.ua United Commercial Bank +380-652-247647 Simferopol, Crimea 2426679 ICQ Network, UIN To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message