Date: Sat, 4 Oct 1997 10:00:01 -0700 (PDT) From: David Muir Sharnoff <muir@idiom.com> To: freebsd-bugs Subject: Re: kern/4687: ipfw accept ignored. Message-ID: <199710041700.KAA23696@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/4687; it has been noted by GNATS. From: David Muir Sharnoff <muir@idiom.com> To: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: kern/4687: ipfw accept ignored. Date: Sat, 4 Oct 1997 09:56:43 -0700 (PDT) * > % ipfw -a list | grep 111 * > 13000 24 2016 allow udp from 209.66.121.0/27 to 140.174.82.0/26 111 in via ethb17 * > 13000 24 2016 deny log udp from any to 140.174.82.0/26 111 * * If you look at the second rule carefully, you'll see that you have not * defined a direction on it. What is happening is that the packet is * accepted *in* using the first rule, and denied from leaving (as this is * a router) by the second rule. * * Fix: Add *in* keyword to deny rule (you don't need to specify an interface). Ah, I see! I didn't realize the packet got tested twice. It makes sense in retrospect. Thank you for the clue. -Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710041700.KAA23696>