From owner-freebsd-questions@FreeBSD.ORG Mon Jun 2 09:07:17 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9884937B401 for ; Mon, 2 Jun 2003 09:07:17 -0700 (PDT) Received: from nightmare.dreamchaser.org (pm7-2.blackfoot.net [12.32.36.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB0C043F3F for ; Mon, 2 Jun 2003 09:07:15 -0700 (PDT) (envelope-from freebsd@dreamchaser.org) Received: from dreamchaser.org (imagination.dreamchaser.org. [12.32.36.74]) h52FFAk01302 for ; Mon, 2 Jun 2003 09:15:11 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Message-ID: <3EDB7503.2070403@dreamchaser.org> Date: Mon, 02 Jun 2003 10:02:11 -0600 From: Gary Aitken User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-US, es To: FreeBSD-questions@freebsd.org References: <20030531000201.26C2C37B404@hub.freebsd.org> Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: ipfw final rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jun 2003 16:07:17 -0000 I was considering turning on bridging, which requires the final ipfw rule to be allow, not deny. So I added a deny rule at 65534, but temporarily left the default deny rule in place in the kernel. Interestingly, my log shows the following: > 65534 582 58547 deny ip from any to any > 65535 3 234 deny ip from any to any This looks like an impossible situation, since the last 3 should have been caug ht by the previous rule. I presume those last three denied packets are really not ip packets at all, but some other packet like arp? Gary