From owner-freebsd-current  Tue Jun 27 11:36:27 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA27673
          for current-outgoing; Tue, 27 Jun 1995 11:36:27 -0700
Received: from asstdc.scgt.oz.au (root@asstdc.scgt.oz.au [202.14.234.65])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA27656
          ; Tue, 27 Jun 1995 11:36:08 -0700
Received: (from imb@localhost)
	by asstdc.scgt.oz.au (8.6.12/BSD4.4)
	id EAA01749; Wed, 28 Jun 1995 04:35:40 +1000
From: michael butler <imb@scgt.oz.au>
Message-Id: <199506271835.EAA01749@asstdc.scgt.oz.au>
Subject: Re: ipfw - addf reject = panic
To: paul@freebsd.org
Date: Wed, 28 Jun 1995 04:35:36 +1000 (EST)
Cc: current@freebsd.org
In-Reply-To: <199506271640.RAA01451@freebsd.netcraft.co.uk> from "Paul Richards" at Jun 27, 95 05:40:58 pm
X-Mailer: ELM [version 2.4 PL24beta]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 455       
Sender: current-owner@freebsd.org
Precedence: bulk

Paul Richards writes:

> Ehh? I'm using ipfw, the kernel firewall code, not the user-mode PPP
> filtering code.

Oh, OK .. sorry, I misunderstood.
 
> I think the layering is (is this right?)
 
> modem <-> user PPP <-> tun <-> IP layer <-> ipfw <-> TCP
 
Yup ..

> so ipfw is always common.

 .. and, having just tested it with user-mode PPP instead of kernel PPP,
"ipfw addf reject .." will still panic the box it's running on. "deny"
doesn't,

	michael