From owner-freebsd-questions Sat Feb 2 0:38:40 2002 Delivered-To: freebsd-questions@freebsd.org Received: from omahpop2.omah.uswest.net (omahpop2.omah.uswest.net [204.26.64.2]) by hub.freebsd.org (Postfix) with SMTP id 63C6A37B416 for ; Sat, 2 Feb 2002 00:38:38 -0800 (PST) Received: (qmail 10050 invoked by alias); 2 Feb 2002 08:38:36 -0000 Delivered-To: fixup-freebsd-questions@FreeBSD.ORG@fixme Received: (qmail 10041 invoked by uid 0); 2 Feb 2002 08:38:36 -0000 Received: from omah6400gw2poolc106.omah.uswest.net (HELO kristen.shadowdale.net) (63.227.158.106) by omahpop2.omah.uswest.net with SMTP; 2 Feb 2002 08:38:36 -0000 Date: Sat, 2 Feb 2002 02:38:36 -0600 (CST) From: Bovine Unit #243 To: cjclark@alum.mit.edu Cc: FreeBSD Questions Subject: Re: reset TCP in ipfw In-Reply-To: <20020131213029.I152@gohan.cjclark.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > ... > > 10000 divert 6668 ip from any to any via fxp0 > > ... > > 49990 reset tcp log from any to any in recv fxp0 > > 49999 deny tcp log from any to any in recv fxp0 > > > > Well, the problem with that reset is that it's being blocked by the very > > next rule. Dang! I did not know firewall would block its own action. > > Hmm... > > Hmmm? How is the firewall blocking its own action? I'm not sure if you > are interpreting your logs correctly. I don't see how anything could > ever match rule 49999. Woo. Me bad! That rule should read: 49999 deny tcp log from any to any via fxp0 My fingers slipped. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message