From owner-freebsd-security@FreeBSD.ORG Sat Apr 30 14:56:30 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D49516A4CE for ; Sat, 30 Apr 2005 14:56:30 +0000 (GMT) Received: from secnap2.secnap.com (secnap2.secnap.net [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDD7643D5A for ; Sat, 30 Apr 2005 14:56:29 +0000 (GMT) (envelope-from scheidell@secnap.net) MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 Date: Sat, 30 Apr 2005 10:56:29 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: IPFW disconnections and resets Thread-Index: AcVMtgRILp+v9UV2RfKrXRpXMqy/jQA3mOaw From: "Michael Scheidell" To: "Siddhartha Jain" , Subject: RE: IPFW disconnections and resets X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2005 14:56:30 -0000 > -----Original Message----- > From: owner-freebsd-security@freebsd.org=20 > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of=20 > Siddhartha Jain > Sent: Friday, April 29, 2005 8:21 AM > To: freebsd-security@freebsd.org > Subject: Re: IPFW disconnections and resets >=20 > Just out of curiosity, why is that IPFW behaves this way and=20 > PF and IPF don't? >=20 > - Siddhartha I think if you recompile kernel with: options IPFIREWALL_DEFAULT_TO_ACCEPT (default is to deny) then it will work like pf and ipf. Think about it, if default is to deny, and you just flushed all the rules, it did exactlay what you told it to do: deny all connections by default. This also may explain the one thag gets dropped 1% of the time.