Date: Thu, 15 Feb 2001 13:53:10 +0000 From: Bradley Kite <bradley@rug-rats.org> To: Chris Elsworth <chrise@demon.net> Cc: stable@FreeBSD.ORG Subject: Re: ipfw query.. Message-ID: <20010215135309.A23654@rug-rats.org> In-Reply-To: <20010215130342.A95395@demon.net>; from chrise@demon.net on Thu, Feb 15, 2001 at 01:03:42PM %2B0000 References: <20010215130342.A95395@demon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sure there is a flag you can append to the end of the pipe rules, that tell ipfw to continue going through the rules instead of stopping when they match. I cant remember what the flag is tho, sorry :-( -- Brad On Thu, Feb 15, 2001 at 01:03:42PM +0000, Chris Elsworth wrote: > Hi, > > I'm sure I'm doing something really fundamentally wrong here, but if I do > this with ipfw: > > > 00300 0 0 pipe 15 ip from any to 195.11.8.227 > 00400 0 0 pipe 20 ip from 195.11.8.227 to any > > and then later on: > > 03000 0 0 unreach host tcp from any to 195.11.8.227 3306 > > > I find that rules going through the pipe (ie, everything, I want to count > the packets/bytes and restrict when needs be) does not go through any > further rules, so it ignores the port 3306 unreachable. > > The manpage says to set net.inet.ip.fw.one_pass to 0, and I have done so: > > gw-0# sysctl net.inet.ip.fw.one_pass > net.inet.ip.fw.one_pass: 0 > > > What am I missing? Why doesn't the packet carry on going through the rules > after going through the pipe? > > > Cheers for any tips > > -- > Chris Elsworth tel: 020 8371 1041 _ . > Systems Administrator mob: 07968 324 693 demon @ thus . . > Web & Hosting Team chrise@demon.net http://www.demon.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010215135309.A23654>