From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 5 03:13:18 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1EB1C37B401 for ; Thu, 5 Jun 2003 03:13:18 -0700 (PDT) Received: from smtp.hotbox.ru (smtp.hotbox.ru [80.68.244.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C110843FA3 for ; Thu, 5 Jun 2003 03:13:16 -0700 (PDT) (envelope-from nev@hotbox.ru) Received: from builder.site2you.loc ([193.220.59.72]) (authenticated bits=0) by smtp.hotbox.ru (8.12.9/8.12.9) with ESMTP id h55A2VLs091228 for ; Thu, 5 Jun 2003 14:02:36 +0400 (MSD) (envelope-from nev@hotbox.ru) Date: Thu, 5 Jun 2003 13:15:43 +0300 From: Andrew B To: freebsd-ipfw Message-Id: <20030605131543.266dfaba.nev@hotbox.ru> Organization: s2y X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: IPFW OUCH! cannot remove rule, count 1 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2003 10:13:18 -0000 Hello. I have FreeBSD 4.7-RELEASE and I use ipfw to limit connections to my web server. The rules are: allow tcp from any to me 80 limit src-addr 50 in recv em0 allow tcp from me 80 to any out xmit em0 But it seems that dynamic rules are not removing cleanly so i can see thess messages: Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 1 Jun 5 05:53:29 www /kernel: OUCH! cannot remove rule, count 2 I found this in ip_fw.c: if (pass == 1) /* should not happen */ printf("OUCH! cannot remove rule, count %d\n", So this never should happen. Could anyone help me with my problem? Best Regards.