From owner-freebsd-net@FreeBSD.ORG Tue Sep 7 07:19:58 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF26916A4CE; Tue, 7 Sep 2004 07:19:57 +0000 (GMT) Received: from hetzner.co.za (lfw.hetzner.co.za [196.7.18.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EA4343D39; Tue, 7 Sep 2004 07:19:57 +0000 (GMT) (envelope-from ianf@hetzner.co.za) Received: from localhost ([127.0.0.1]) by hetzner.co.za with esmtp (Exim 3.36 #1) id 1C4aGe-0005bD-00; Tue, 07 Sep 2004 09:19:52 +0200 To: George S From: Ian FREISLICH In-Reply-To: Message from George S <20040906173545.91306.qmail@web40413.mail.yahoo.com> Date: Tue, 07 Sep 2004 09:19:52 +0200 Sender: ianf@hetzner.co.za Message-Id: cc: freebsd-ipfw@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: ipfw dynamic tcp rule issue X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 07:19:58 -0000 George S wrote: > Hello all, > > I've been having some trouble with this strange ipfw configuration and I am > pretty sure it is probably a bug. I posted a note to freebsd-ipfw a little > while ago, but I think the problem is better demonstrated with a figure. Are you sure that you perormed the test you described and the results (count updated etc) actually occured? I would expect rule 9 to catch the packet on its way back and rule 11 never to be triggered. Maybe rule 9 should be a checkstate rule. Ian -- Ian Freislich