From owner-freebsd-net@FreeBSD.ORG Tue Dec 2 03:19:54 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 769C416A4CE for ; Tue, 2 Dec 2003 03:19:54 -0800 (PST) Received: from srv1.lonline.com.br (srv1.lonline.com.br [200.211.46.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1D7D43FE5 for ; Tue, 2 Dec 2003 03:19:52 -0800 (PST) (envelope-from tpeixoto@widesoft.com.br) Received: from widesoft.com.br (200-148-158-68.netconsultoria.com.br [200.148.158.68] (may be forged)) by srv1.lonline.com.br (8.12.9/8.12.2) with ESMTP id hB2BJnDU032459 for ; Tue, 2 Dec 2003 09:19:50 -0200 (BRST) Message-ID: <3FCC7555.EEBB49FA@widesoft.com.br> Date: Tue, 02 Dec 2003 09:19:49 -0200 From: "Tobias P. Santos" X-Mailer: Mozilla 4.79 [en] (Win95; U) X-Accept-Language: pt-BR,en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: IPFW issue: skip past end of rules X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 11:19:54 -0000 Hello, I have a gateway limiting the bandwidth of my customers. Everything is working fine, but I got some messages in the log file, see: [...] Dec 1 15:04:55 proxy /kernel: +++ ipfw: ouch!, skip past end of rules, denying packet Dec 1 15:06:17 proxy last message repeated 90 times Dec 1 15:19:24 proxy last message repeated 41 times Dec 1 15:33:58 proxy last message repeated 142 times Dec 1 15:38:57 proxy last message repeated 121 times [...] Here are my rules: 00100 344 101154 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 450 18000 deny ip from 127.0.0.0/8 to any 00400 9971 1390018 pipe 1 ip from any to any MAC any 00:00:00:00:00:00 in 00500 12282 11562920 pipe 2 ip from any to any MAC 00:00:00:00:00:00 any out 00600 0 0 pipe 3 ip from any to any MAC any 11:11:11:11:11:11 in 00700 0 0 pipe 4 ip from any to any MAC 11:11:11:11:11:11 any out 00800 0 0 pipe 5 ip from any to any MAC any 22:22:22:22:22:22 in 00900 0 0 pipe 6 ip from any to any MAC 22:22:22:22:22:22 any out 01000 0 0 pipe 7 ip from any to any MAC any 33:33:33:33:33:33 in 01100 0 0 pipe 8 ip from any to any MAC 33:33:33:33:33:33 any out 01200 2336717 1482414132 divert 8668 ip from any to any via vr0 65000 9272277 5914106630 allow ip from any to any 65535 318 177373 deny ip from any to any Am I missing something? I can't find information about this issue anywhere. Thank you in advance! Best regards, Tobias.