Date: Sun, 4 Nov 2001 00:28:02 -0600 (CST) From: Anatoly Karp <karp@math.wisc.edu> To: freebsd-questions@freebsd.org Subject: [Q] why does this ipfw rule not match? Message-ID: <200111040628.AAA21911@erdos.math.wisc.edu>
next in thread | raw e-mail | index | archive | help
Hello all, I run ipfw on 4.4-STABLE FreeBSD and my connection is working fine. However I discovered the following very strange fact: (output edited for clarity - I deleted some 'deny/reset' rules which are irrelevant, due to the nature of the question) my-host:~# ipfw show 00100 341566 269400058 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 08800 0 0 allow tcp from 127.0.0.1 to any 32000 850439 51788527 allow ip from any to any 65535 1 358 deny ip from any to any It appears that, contrary to what I'd expect, all TCP packets are accepted due to rule 32000 and not 8800. This conclusion was confirmed by connecting to random web-sites and measuring the new packet counts given by `ipfw show` right away. Can anybody explain what's going on here?.. Why does rule 8800 not match? Thank you, -- Anatoly Karp e-mail: karp@math.wisc.edu Department of Mathematics To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111040628.AAA21911>