From owner-freebsd-net@FreeBSD.ORG Fri Apr 4 09:09:29 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 008361065672 for ; Fri, 4 Apr 2008 09:09:29 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id AD7CB8FC22 for ; Fri, 4 Apr 2008 09:09:28 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1JhhvL-0007KH-2O for freebsd-net@freebsd.org; Fri, 04 Apr 2008 09:09:27 +0000 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Apr 2008 09:09:27 +0000 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Apr 2008 09:09:27 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org From: Ivan Voras Date: Fri, 04 Apr 2008 11:09:19 +0200 Lines: 35 Message-ID: References: <47F57437.6040400@elischer.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5E3D2D59E7F4BE98E6F221EF" X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 2.0.0.6 (X11/20071022) In-Reply-To: <47F57437.6040400@elischer.org> X-Enigmail-Version: 0.95.0 Sender: news Subject: Re: Trouble with IPFW or TCP? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2008 09:09:29 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5E3D2D59E7F4BE98E6F221EF Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Julian Elischer wrote: > Ivan Voras wrote: >> In which case would an ipfw ruleset like this: >> >> 00100 114872026 40487887607 allow ip from any to any via lo0 >> 00200 0 0 deny ip from any to 127.0.0.0/8 >> 00300 0 0 deny ip from 127.0.0.0/8 to any >> 00600 1585 112576 deny ip from table(0) to me > ipfw add 700 check-state Predictably, adding check-state doesn't do anything new. Additionally, the counters of check-state are always 0 (I don't know if this is good or not). --------------enig5E3D2D59E7F4BE98E6F221EF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH9fA/ldnAQVacBcgRAvoDAJ94W3FvLXT0m5UUy5O7+zfY5arE1gCffhXa 8TGZKzSarV3FSkpNFjS6QGk= =faaQ -----END PGP SIGNATURE----- --------------enig5E3D2D59E7F4BE98E6F221EF--