From owner-freebsd-stable Thu Dec 19 19:51:42 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B66837B405 for ; Thu, 19 Dec 2002 19:51:41 -0800 (PST) Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7EFA43EEA for ; Thu, 19 Dec 2002 19:51:37 -0800 (PST) (envelope-from eugen@kuzbass.ru) Received: from kuzbass.ru (kost [213.184.65.82]) by www.svzserv.kemerovo.su (8.12.6/8.12.6) with ESMTP id gBK3pTDf092371; Fri, 20 Dec 2002 10:51:30 +0700 (KRAT) (envelope-from eugen@kuzbass.ru) Message-ID: <3E0293B1.2D1AC05E@kuzbass.ru> Date: Fri, 20 Dec 2002 10:51:13 +0700 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.79 [en] (Win95; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: James Pace Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfw and rule 65535 References: <20021218132335.D3893-100000@tigger.pacehouse.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG James Pace wrote: > > (No reply in -questions, so trying here. Thanks.) > > Here is the end of the output from 'ipfw show': > > 04000 0 0 deny log ip from any to any > 65535 91 8227 deny ip from any to any > > Can anyone explain why the last rule is getting hit? I was under the > impression that the rules are traversed in order, so 4000 should catch > anything that 65535 would. > > This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002 There were packets arrived when rule 4000 did not exist yet. Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message