From owner-freebsd-questions Tue May 21 20:27:52 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mta06bw.bigpond.com (mta06bw.bigpond.com [139.134.6.96]) by hub.freebsd.org (Postfix) with ESMTP id 50D2637B406 for ; Tue, 21 May 2002 20:27:46 -0700 (PDT) Received: from areilly.bpc-users.org ([144.135.24.69]) by mta06bw.bigpond.com (Netscape Messaging Server 4.15 mta06bw Feb 26 2002 03:44:21) with SMTP id GWHTM700.G8F for ; Wed, 22 May 2002 13:27:43 +1000 Received: from CPE-144-132-243-222.nsw.bigpond.net.au ([144.132.243.222]) by bwmam01.mailsvc.email.bigpond.com(MailRouter V3.0m 2/6885404); 22 May 2002 13:27:43 Received: (qmail 36291 invoked from network); 22 May 2002 03:27:42 -0000 Received: from localhost (andrew@127.0.0.1) by localhost with SMTP; 22 May 2002 03:27:42 -0000 Subject: ipfw rule activation question From: Andrew Reilly To: freebsd-questions@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 22 May 2002 13:27:42 +1000 Message-Id: <1022038062.30344.99.camel@gurney.reilly.home> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I have been puzzled for some time by "ipfw show" results along these lines (the last three lines from my current session). 05800 0 0 deny log ip from any to any 05900 0 0 deny ip from any to any 65535 85 11089 deny ip from any to any Rule 5900 is just the usual "stop everything" rule. Rule 65535 seems to be IPFIREWALL's own internal "stop everything else" rule. Rule 5800 is one that I inserted many moons ago in an attempt to characterize the traffic that was not being stopped or allowed by the preceding rules, but it never (that I can remember) scored a single hit. So how can packets get past 5800 and 5900, to wind up at 65535? What was magic about those 85 packets? Thanks, -- Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message