From owner-freebsd-stable Fri Dec 20 12:57:35 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C5A137B401 for ; Fri, 20 Dec 2002 12:57:33 -0800 (PST) Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6422043EEC for ; Fri, 20 Dec 2002 12:57:32 -0800 (PST) (envelope-from dan@obluda.cz) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by smtp1.vol.cz (8.12.6/8.12.6) with ESMTP id gBKKutRU044225 for ; Fri, 20 Dec 2002 21:57:10 +0100 (CET) (envelope-from dan@obluda.cz) Message-ID: <3E02E528.1000300@obluda.cz> Date: Fri, 20 Dec 2002 10:38:48 +0100 From: Dan Lukes User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2b) Gecko/20021106 X-Accept-Language: en, cs MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: ipfw and rule 65535 References: <20021218132335.D3893-100000@tigger.pacehouse.com> In-Reply-To: <20021218132335.D3893-100000@tigger.pacehouse.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG James Pace wrote, On 12/18/02 22:25: > (No reply in -questions, so trying here. Thanks.) > > Here is the end of the output from 'ipfw show': > > 04000 0 0 deny log ip from any to any > 65535 91 8227 deny ip from any to any > > Can anyone explain why the last rule is getting hit? I was under the > impression that the rules are traversed in order, so 4000 should catch > anything that 65535 would. From the booting time, just before the rule 4000 has been loaded ? During reloads of firewall (as the firewall table is flushed for a short time). It didn't explain why the rule 4000 has no hit - unless you reloaded firewall just before you grab the sample. Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message