From owner-freebsd-stable@FreeBSD.ORG Wed May 28 22:43:10 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7002106564A for ; Wed, 28 May 2008 22:43:10 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id 9F7C58FC0A for ; Wed, 28 May 2008 22:43:10 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay13.apple.com (relay13.apple.com [17.128.113.29]) by mail-out4.apple.com (Postfix) with ESMTP id 700F72E8FFCC; Wed, 28 May 2008 15:43:10 -0700 (PDT) Received: from relay13.apple.com (unknown [127.0.0.1]) by relay13.apple.com (Symantec Mail Security) with ESMTP id 552FE28098; Wed, 28 May 2008 15:43:10 -0700 (PDT) X-AuditID: 1180711d-a8b91bb000000ed7-5b-483ddffc9ec8 Received: from cswiger1.apple.com (cswiger1.apple.com [17.227.140.124]) by relay13.apple.com (Apple SCV relay) with ESMTP id 7C7A128085; Wed, 28 May 2008 15:43:08 -0700 (PDT) Message-Id: <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> From: Chuck Swiger To: Robert Blayzor In-Reply-To: Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Wed, 28 May 2008 15:43:08 -0700 References: X-Mailer: Apple Mail (2.919.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 May 2008 22:43:10 -0000 Hi-- You didn't mention which version of FreeBSD you are running-- that's rather important info. On May 28, 2008, at 3:13 PM, Robert Blayzor wrote: > ipfw: > > 00200 allow tcp from any to me 80 setup > 00200 allow icmp from any to me icmptype 0,3,8,11 > 00200 deny log ip from any to me Also, surely these can't be the only IPFW rules you are using? If you want to use stateful rules, you need a keep-state argument, and you shouldn't be combining allow rules and deny rules into the same ruleset number... -- -Chuck