Site Navigation

Date:      Tue, 29 Feb 2000 10:23:37 -0800 (PST)
From:      Archie Cobbs <archie@whistle.com>
To:        ckbisk@bigfoot.com (Chad K. Bisk)
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw and the GRE protocol
Message-ID:  <200002291823.KAA17444@bubba.whistle.com>
In-Reply-To: <002701bf8090$4934b460$43110d0a@chade> from "Chad K. Bisk" at "Feb 26, 2000 02:32:53 pm"

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Chad K. Bisk writes:
> How does rule 65535 ever get packets?
> 
> freebsd# ipfw list
> 00100 divert 8668 ip from any to any via ed1
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 10.0.0.0/8 to any in recv ed1
> 00400 deny ip from 111.222.33.0/24 to any in recv fxp0
> 00500 deny ip from 192.168.0.0/16 to any via ed1
> 00600 deny ip from any to 192.168.0.0/16 via ed1
> 00700 deny ip from 172.16.0.0/12 to any via ed1
> 00800 deny ip from any to 172.16.0.0/12 via ed1
> 00900 allow tcp from any to any established
> 01000 allow tcp from any to 111.222.33.44 25 setup
> 01100 allow tcp from any to 111.222.33.44 53 setup
> 01200 allow tcp from any to 111.222.33.44 80 setup
> 01300 allow tcp from any to any setup
> 01400 allow udp from any 53 to 111.222.33.44
> 01500 allow udp from 111.222.33.44 to any 53
> 01600 allow udp from any 123 to 111.222.33.44
> 01700 allow udp from 111.222.33.44 to any 123
> 65000 allow ip from any to any
> 65535 deny ip from any to any
> freebsd# ipfw show
> 00100 538708 242885311 divert 8668 ip from any to any via ed1
> 00100     12       832 allow ip from any to any via lo0
> 00200      0         0 deny ip from any to 127.0.0.0/8
> 00300    912    110044 deny ip from 10.0.0.0/8 to any in recv ed1
> 00400      0         0 deny ip from 111.222.33.0/24 to any in recv fxp0
> 00500      0         0 deny ip from 192.168.0.0/16 to any via ed1
> 00600      0         0 deny ip from any to 192.168.0.0/16 via ed1
> 00700      0         0 deny ip from 172.16.0.0/12 to any via ed1
> 00800      0         0 deny ip from any to 172.16.0.0/12 via ed1
> 00900 935726 468654385 allow tcp from any to any established
> 01000     18       792 allow tcp from any to 111.222.33.44 25 setup
> 01100      2        80 allow tcp from any to 111.222.33.44 53 setup
> 01200      3       124 allow tcp from any to 111.222.33.44 80 setup
> 01300  23818   1088084 allow tcp from any to any setup
> 01400    204     43821 allow udp from any 53 to 111.222.33.44
> 01500   3190    197690 allow udp from 111.222.33.44 to any 53
> 01600   3113    236588 allow udp from any 123 to 111.222.33.44
> 01700   3153    239628 allow udp from 111.222.33.44 to any 123
> 65000  66466   9761689 allow ip from any to any
> 65535      4       463 deny ip from any to any
> 
> It gets 2 during startup and 2 later fairly consistently.

It's getting packets when the other rules are not there..
presumably breif windows of time at startup and restart, etc.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002291823.KAA17444>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact