From owner-freebsd-stable Thu Feb 15 5: 3:45 2001 Delivered-To: freebsd-stable@freebsd.org Received: from ultrakill.noc.demon.net (ultrakill.noc.demon.net [195.11.55.73]) by hub.freebsd.org (Postfix) with ESMTP id 3C82337B4EC for ; Thu, 15 Feb 2001 05:03:43 -0800 (PST) Received: from chrise by ultrakill.noc.demon.net with local (Exim 3.20 #1) id 14TO4U-000OpH-00 for stable@freebsd.org; Thu, 15 Feb 2001 13:03:42 +0000 Date: Thu, 15 Feb 2001 13:03:42 +0000 From: Chris Elsworth To: stable@freebsd.org Subject: ipfw query.. Message-ID: <20010215130342.A95395@demon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I'm sure I'm doing something really fundamentally wrong here, but if I do this with ipfw: 00300 0 0 pipe 15 ip from any to 195.11.8.227 00400 0 0 pipe 20 ip from 195.11.8.227 to any and then later on: 03000 0 0 unreach host tcp from any to 195.11.8.227 3306 I find that rules going through the pipe (ie, everything, I want to count the packets/bytes and restrict when needs be) does not go through any further rules, so it ignores the port 3306 unreachable. The manpage says to set net.inet.ip.fw.one_pass to 0, and I have done so: gw-0# sysctl net.inet.ip.fw.one_pass net.inet.ip.fw.one_pass: 0 What am I missing? Why doesn't the packet carry on going through the rules after going through the pipe? Cheers for any tips -- Chris Elsworth tel: 020 8371 1041 _ . Systems Administrator mob: 07968 324 693 demon @ thus . . Web & Hosting Team chrise@demon.net http://www.demon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message