From owner-freebsd-bugs@FreeBSD.ORG Wed Sep 29 11:56:46 2004 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C2A216A4CE; Wed, 29 Sep 2004 11:56:46 +0000 (GMT) Received: from xout.mail.su29.ru (xout.mail.su29.ru [81.200.3.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FA9143D1F; Wed, 29 Sep 2004 11:56:46 +0000 (GMT) (envelope-from _pppp@mail.ru) Received: from [81.200.13.122] (helo=[192.168.28.30]) by mail.su29.ru with esmtp (Exim 4.42 (FreeBSD)) id 1CCd4f-00096x-AO; Wed, 29 Sep 2004 15:56:45 +0400 From: dima <_pppp@mail.ru> To: Leon Garde In-Reply-To: <20040929162559.P31282@localhost> References: <20040929162559.P31282@localhost> Content-Type: text/plain Organization: SU29 Telecom Message-Id: <1096459000.2423.17.camel@pppp> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 29 Sep 2004 15:56:40 +0400 Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-bugs@freebsd.org Subject: Re: IPFW and 5.2.1 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2004 11:56:46 -0000 > guass# ipfw -a list > 00001 0 0 deny ip from any to 203.222.55.37 via rl0 > 65535 1287 499525 allow ip from any to any > > guass# ping 203.222.55.37 > PING 203.222.55.37 (203.222.55.37): 56 data bytes > 64 bytes from 203.222.55.37: icmp_seq=0 ttl=255 time=0.281 ms > 64 bytes from 203.222.55.37: icmp_seq=1 ttl=255 time=0.207 ms > > < packets are flowing by rl0, despite the ipfw rule to stop them !, > rl0 being the only network interface 'connected' ) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Are you sure your ping requests/replies really go via rl0? Try to use the ruleset like this: # ipfw add deny ip from any to 203.222.55.37 via rl0 # ipfw add deny ip from any to 203.222.55.37 via lo0 :) > > guass# ipfw delete 1 > > guass# ipfw add 1 deny ip from any to any > > guass# ping 203.222.55.37 > > < No answer, like u would hope> > > > Yes, I have searched archives. > > > Why does "via rl0" , "in recv rl0" , "out xmit rl0" , > (or via wi0, in recv wi0, out xmit wi0 ) > > > Is it a known bug ? > > Can't think of anything else relevant to add. > ipfw seems seriously broken in 5.2.1 ???