From owner-freebsd-security Sat Jan 20 4:57:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145]) by hub.freebsd.org (Postfix) with ESMTP id 53B8E37B400 for ; Sat, 20 Jan 2001 04:57:11 -0800 (PST) Received: from ibmka ([192.168.0.6]) by internethelp.ru (8.9.3/8.9.3) with SMTP id PAA44209 for ; Sat, 20 Jan 2001 15:57:02 +0300 (MSK) Message-ID: <000b01c082e0$0b32d5e0$0600a8c0@ibmka.internethelp.ru> From: "Nickolay A. Kritsky" To: Subject: Strange ipfw behavior Date: Sat, 20 Jan 2001 15:53:53 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all. i am running FreeBSD box with ipfw and natd. can you help me explaining some strange behavior of ipfw: box# ipfw show 2600 13 728 deny log ip from any to any 65535 75 23790 deny ip from any to any some explanations needed: rule 2600 is the last rule in my rc.firewall script. It is applied when packet coming through ipfw does not match any other rules - then packet is denied and logged. My question to FreeBSD gurus is: why are some packets still reaching rule 65535 despite rule 2600? Please help me, or show me another mailing list where i can ask this question - i posted it to security, because i consider all ipfw question as security-related (after all, firewalls are for security - that's my opinion). i am running 3.3-RELEASE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message