From owner-freebsd-security  Thu Feb 24  9:25:14 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mail.caprice.mb.ca (caprice.mb.ca [205.200.216.3])
	by hub.freebsd.org (Postfix) with ESMTP id CC53737C257
	for <freebsd-security@FreeBSD.ORG>; Thu, 24 Feb 2000 09:25:01 -0800 (PST)
	(envelope-from grub@grub.net)
Received: from grub.net (grub@grub.caprice.mb.ca [205.200.216.10])
	by mail.caprice.mb.ca (8.9.3/8.9.3) with ESMTP id LAA01547;
	Thu, 24 Feb 2000 11:24:55 GMT
	(envelope-from grub@grub.net)
Message-ID: <38B56A49.74D5C091@grub.net>
Date: Thu, 24 Feb 2000 11:28:41 -0600
From: Gordon Grieder <grub@grub.net>
Organization: blah
X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.3-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Alexander Karptsov <karp@visti.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: mysterious behaviour of the ipfw ...
References: <Pine.BSF.4.10.10002241850130.23104-100000@lab.visti.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Alexander Karptsov wrote:
> 
>    Hi !
> 
> My perl script, which gets counters' statistics from "ipfw show |",
> mysteriously warns me from time to time. When I added debug mode to it
> I saw next (please note:  my ipfw begins with rule number 100
> and ip number 10/8):
[snip]


I'm just starting to look into this odd behaviour that has been
affecting a machine here for a couple of weeks, I wonder if it's related
to your problem.

FreeBSD 3.1-RELEASE (yeah, yeah) and IPFW.

ipfw show returns:
00100   0            0 allow ip from any to any via lo0
00000 127 858993459455 deny 161 from any to any
00000   0            0 deny ip from 0.0.0.0:103.102.181.56 to any


My rules are not showing up but are indeed in effect.  I have no idea
about this rule 00000 that should not be there.

Each time I show the status, the information for rule 00000 seems to
change.

5 pastes from 5 ipfw shows:
00000 127 858993459455 deny 233 from any to any
00000 127 858993459455 deny udp from any 0,0,0,0,0,0,0,0,0,0,0 to any
0,0,0,0,0,0,0,0,0,0,0,0,0,0
00000 127 858993459455 deny kryptolan from any to any
00000 127 858993459455 deny scps from any to any
00000 127 858993459455 deny 241 from any to any

Any ideas are welcome, and yes, I will be upgrading to 3.4.  I'm just
curious as to what is causing this.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message