From owner-freebsd-questions  Mon Jan 20  7:10:38 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E4FF837B401
	for <questions@freebsd.org>; Mon, 20 Jan 2003 07:10:37 -0800 (PST)
Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4DD3843F13
	for <questions@freebsd.org>; Mon, 20 Jan 2003 07:10:36 -0800 (PST)
	(envelope-from toomas.aas@raad.tartu.ee)
Received: Message by Barricade lv.raad.tartu.ee  with ESMTP id h0KFAUn00328;
	Mon, 20 Jan 2003 17:10:30 +0200
Message-Id: <200301201510.h0KFAUn00328@lv.raad.tartu.ee>
Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48);
    20 Jan 03 17:09:53 +0200
Received: from SpoolDir by INFO (Mercury 1.48); 20 Jan 03 17:09:44 +0200
From: "Toomas Aas" <toomas.aas@raad.tartu.ee>
Organization: Tartu City Government
To: "john" <john@johncglass.com>, questions@freebsd.org
Date: Mon, 20 Jan 2003 17:09:42 +0200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: IPFW stateful ruleset problems on 4.7 STABLE
In-reply-to: <761D45700A1C344585688C2E85D0895B043233@controller>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hi!

> Jan 19 17:09:25 postfix /kernel: ipfw: 22500 Deny TCP 207.124.361.215:2345 10.10.10.10:80 in via sis0
> Jan 19 17:09:26 postfix /kernel: ipfw: 22500 Deny TCP 154.951.221.81:4376 10.10.10.10:80 in via sis0
> Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 158.113.207.162:55639 10.10.10.10:80 in via sis0
> Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 127.113.227.62:55639 10.10.10.10:80 in via sis0

I'm not an expert on ipfw, but I did have similar problems with 
ipfilter: even though I used 'keep state flags S' to allow incoming 
connections to port 80, there were a lot of dropped packets with 
various flags (sans S). Nobody complained about not being able to view 
the website, though. I don't know what might be the cause of this. 
Finally, I just ceased keeping state on port 80 connections.
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* I take my wife everywhere, but she keeps finding her way back.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message