Date: Wed, 29 Sep 2004 15:56:40 +0400 From: dima <_pppp@mail.ru> To: Leon Garde <leon@nelsonbay.com> Cc: freebsd-bugs@freebsd.org Subject: Re: IPFW and 5.2.1 Message-ID: <1096459000.2423.17.camel@pppp> In-Reply-To: <20040929162559.P31282@localhost> References: <20040929162559.P31282@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
> guass# ipfw -a list > 00001 0 0 deny ip from any to 203.222.55.37 via rl0 > 65535 1287 499525 allow ip from any to any > > guass# ping 203.222.55.37 > PING 203.222.55.37 (203.222.55.37): 56 data bytes > 64 bytes from 203.222.55.37: icmp_seq=0 ttl=255 time=0.281 ms > 64 bytes from 203.222.55.37: icmp_seq=1 ttl=255 time=0.207 ms > > < packets are flowing by rl0, despite the ipfw rule to stop them !, > rl0 being the only network interface 'connected' ) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Are you sure your ping requests/replies really go via rl0? Try to use the ruleset like this: # ipfw add deny ip from any to 203.222.55.37 via rl0 # ipfw add deny ip from any to 203.222.55.37 via lo0 :) > > guass# ipfw delete 1 > > guass# ipfw add 1 deny ip from any to any > > guass# ping 203.222.55.37 > > < No answer, like u would hope> > > > Yes, I have searched archives. > > > Why does "via rl0" , "in recv rl0" , "out xmit rl0" , > (or via wi0, in recv wi0, out xmit wi0 ) > > > Is it a known bug ? > > Can't think of anything else relevant to add. > ipfw seems seriously broken in 5.2.1 ???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1096459000.2423.17.camel>