From owner-freebsd-stable Thu Feb 15 5:47:42 2001 Delivered-To: freebsd-stable@freebsd.org Received: from rug-rats.org (bob.rug-rats.org [212.57.33.76]) by hub.freebsd.org (Postfix) with ESMTP id 8DF5D37B401 for ; Thu, 15 Feb 2001 05:47:31 -0800 (PST) Received: (from bradley@localhost) by rug-rats.org (8.11.1/8.9.3) id f1FDrAl23678; Thu, 15 Feb 2001 13:53:10 GMT (envelope-from bradley) Date: Thu, 15 Feb 2001 13:53:10 +0000 From: Bradley Kite To: Chris Elsworth Cc: stable@FreeBSD.ORG Subject: Re: ipfw query.. Message-ID: <20010215135309.A23654@rug-rats.org> Reply-To: bradley@rug-rats.org References: <20010215130342.A95395@demon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20010215130342.A95395@demon.net>; from chrise@demon.net on Thu, Feb 15, 2001 at 01:03:42PM +0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm sure there is a flag you can append to the end of the pipe rules, that tell ipfw to continue going through the rules instead of stopping when they match. I cant remember what the flag is tho, sorry :-( -- Brad On Thu, Feb 15, 2001 at 01:03:42PM +0000, Chris Elsworth wrote: > Hi, > > I'm sure I'm doing something really fundamentally wrong here, but if I do > this with ipfw: > > > 00300 0 0 pipe 15 ip from any to 195.11.8.227 > 00400 0 0 pipe 20 ip from 195.11.8.227 to any > > and then later on: > > 03000 0 0 unreach host tcp from any to 195.11.8.227 3306 > > > I find that rules going through the pipe (ie, everything, I want to count > the packets/bytes and restrict when needs be) does not go through any > further rules, so it ignores the port 3306 unreachable. > > The manpage says to set net.inet.ip.fw.one_pass to 0, and I have done so: > > gw-0# sysctl net.inet.ip.fw.one_pass > net.inet.ip.fw.one_pass: 0 > > > What am I missing? Why doesn't the packet carry on going through the rules > after going through the pipe? > > > Cheers for any tips > > -- > Chris Elsworth tel: 020 8371 1041 _ . > Systems Administrator mob: 07968 324 693 demon @ thus . . > Web & Hosting Team chrise@demon.net http://www.demon.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message