Date: Thu, 24 Feb 2000 19:22:22 +0200 (EET) From: Hupalo Yurij <yuro@wertep.com> To: Alexander Karptsov <karp@visti.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: mysterious behaviour of the ipfw ... Message-ID: <Pine.BSF.4.10.10002241921540.2686-100000@She.wertep.com> In-Reply-To: <Pine.BSF.4.10.10002241850130.23104-100000@lab.visti.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, update ipfw to kernel version... maybe ipfw is out of the date... On Thu, 24 Feb 2000, Alexander Karptsov wrote: > Hi ! > > My perl script, which gets counters' statistics from "ipfw show |", > mysteriously warns me from time to time. When I added debug mode to it > I saw next (please note: my ipfw begins with rule number 100 > and ip number 10/8): > > ---begin--- > > ipfw: impossible > 00000 72058736529113354 18446744073709551615 deny ip from 56.2.0.0:25.0.0.0 to any tcpflg fin > 00000 856036610469789962 18446744073709551615 deny ip from 57.2.0.0:25.0.0.0 to any tcpflg fin > 00000 72057637017485578 18446744073709551615 deny ip from 58.2.0.0:110.0.0.0 to any tcpflg fin > 00000 72058736529113354 18446744073709551615 deny ip from 59.2.0.0:110.0.0.0 to any tcpflg fin > 00000 856036610469789962 18446744073709551615 deny ip from 60.2.0.0:110.0.0.0 to any tcpflg fin > 00000 29884682 4294967295 deny ip from any to any tcpflg fin > 00000 29884682 4294967295 deny ip from any to any tcpflg fin > 00000 18446744069414584320 18446744073709551615 deny ip from 63.2.0.0:68.0.67.0 to any > 00000 0 0 deny ip from any to any tcpflg fin > 00000 0 0 deny ip from any to any tcpflg fin > 00000 0 0 deny ip from any to any > 00000 199311555 4294967295 deny ip from any to any > 00000 0 0 deny ip from 233.253.0.0:80.0.0.0 to any tcpflg fin > 00000 0 0 deny ip from 234.253.0.0:80.0.0.0 to any tcpflg fin > 00000 0 0 deny ip from any to any > 00115 0 0 skipto 65000 tcp from 10.0.1.1 to 10.1.0.1 110 in recv fxp1 > 00117 3732 392720 count ip from 10.0.1.1 to any in recv fxp1 > 00118 3732 392720 skipto 65000 ip from 10.0.1.1 to any in recv fxp1 > > .... > > 53625 0 0 deny ip from 164.129.1.0:157.45.0.0 to any ipopt !ssrr,!rr tcpflg fin,syn > 00000 424016351330304 58304181043200 > > ----end----- > > line 115 is first from my rules which left (100..114 disappeared), > and rules from 65000 and below also disappeared. > > > Can anyone comments this ? Thanks. > > P.S. > $uname -sr > FreeBSD 3.4-19991223-STABLE > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002241921540.2686-100000>