From owner-freebsd-bugs@FreeBSD.ORG  Thu May  6 01:40:20 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A0D0816A4CF
	for <freebsd-bugs@hub.freebsd.org>;
	Thu,  6 May 2004 01:40:20 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DA02943D69
	for <freebsd-bugs@hub.freebsd.org>;
	Thu,  6 May 2004 01:40:17 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i468eHYT079204	for <freebsd-bugs@freefall.freebsd.org>;
	Thu, 6 May 2004 01:40:17 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i468eHwD079203;
	Thu, 6 May 2004 01:40:17 -0700 (PDT)
	(envelope-from gnats)
Date: Thu, 6 May 2004 01:40:17 -0700 (PDT)
Message-Id: <200405060840.i468eHwD079203@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Maxim Konovalov <maxim@macomnet.ru>
Subject: Re: kern/66319: ipfw count rule disabling new connections
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Maxim Konovalov <maxim@macomnet.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2004 08:40:20 -0000

The following reply was made to PR kern/66319; it has been noted by GNATS.

From: Maxim Konovalov <maxim@macomnet.ru>
To: Zachery Hostens <openhalo@openhalo.net>
Cc: bug-followup@freebsd.org
Subject: Re: kern/66319: ipfw count rule disabling new connections
Date: Thu, 6 May 2004 12:35:15 +0400 (MSD)

 On Thu, 6 May 2004, 00:39-0700, Zachery Hostens wrote:
 
 >
 > >Number:         66319
 > >Category:       kern
 > >Synopsis:       ipfw count rule disabling new connections
 
 [...]
 > FreeBSD avalanche.mchsi.com 5.2-CURRENT FreeBSD 5.2-CURRENT #4: Mon May  3 22:07:04 CDT 2004     root@avalanche.mchsi.com:/usr/obj/usr/src/sys/AVALANCHE  i386
 > >Description:
 > i was attempting to add a rule to ipfw to count syn packets coming
 > in ipfw add 01000 count tcp from any to me setup (i also tried to
 > any) when i would try to connect to the box from another machine i
 > would always get this: extort@fate extort $ ssh avalanche ssh:
 > connect to host avalanche port 22: Network is unreachable
 >
 > now the counter would count connection tries correctly, just not
 > allow me to connect.  as soon as i remove the rule i can ssh
 > perfectly fine.
 >
 > src-all was cvsup'd within 1 day of being compiled.  If you need to
 > see the kernel config and/or rc.conf or any other settings i have
 > set, please feel free to email me.
 > >How-To-Repeat:
 > ipfw add # count tcp to any from [any|me]
 
 It doesn't look like a valid ipfw(4) rule.
 
 $ ipfw -n add 1 count tcp to any from any
 ipfw: missing ``from''
 
 I believe you mean something like that:
 
 # ipfw add 1 count tcp from any to any
 00001 count tcp from any to any
 
 $ telnet relay1.demos.su 25
 Trying 194.87.0.16...
 Connected to relay1.demos.su.
 Escape character is '^]'.
 
 So, I cannot reproduce.  Could you please show the whole ruleset?
 
 -- 
 Maxim Konovalov