Date: Thu, 26 Mar 1998 16:40:03 -0800 (PST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: freebsd-bugs Subject: Re: i386/6141: IPFW Rules mixup - wrong rule numbers are filtering packets Message-ID: <199803270040.QAA23129@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR i386/6141; it has been noted by GNATS. From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Charlie Root <root@proxy.metro.tas.com.au> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: i386/6141: IPFW Rules mixup - wrong rule numbers are filtering packets Date: Fri, 27 Mar 1998 11:33:42 +1100 (EST) > We use the rules to log how much traffic travels out on a particular > port. additionally we also block other ports. The rules seem > to be getting mixed up so some of the allowed ports are being > reported as being blocked. > > Mar 27 09:55:22 proxy /kernel: ipfw: 5300 Deny TCP 147.109.237.5:8080 > 147.109.165.35:1525 in via ed0 > Mar 27 09:56:26 proxy /kernel: ipfw: 5300 Deny TCP 147.109.237.5:8080 > 147.109.165.35:1525 in via ed0 > > Here are the relevant rules: > $fwcmd add 5300 deny log tcp from any to any 1525 in via $Out > $fwcmd add 15900 pass tcp from any 8080 to any out via $In > $fwcmd add 16000 pass tcp from any to any 8080 out via $Out > $fwcmd add 16100 pass tcp from any 8080 to any in via $In It looks to me like it is doing things correctly, as far as the ruleset is written. Why are you denying 1525? Do you have the $Out and $In round the wrong way in 5300 and 15900? You do realise that rules are parsed in numeric order, don't you? Danny To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199803270040.QAA23129>