Re: ipfw: is this a bug ? - Ruslan Ermilov - org.freebsd.freebsd-questions

2 messages in org.freebsd.freebsd-questionsRe: ipfw: is this a bug ?

From	Sent On	Attachments
Raul Zighelboim	May 20, 1998 1:12 pm
Ruslan Ermilov	May 21, 1998 12:14 am

Subject:	Re: ipfw: is this a bug ?
From:	Ruslan Ermilov (ru...@ucb.crimea.ua)
Date:	May 21, 1998 12:14:04 am
List:	org.freebsd.freebsd-questions

On Wed, May 20, 1998 at 03:12:47PM -0500, Raul Zighelboim wrote:

I see the following output at the end of 'ipfw show' and cannot understand why a rule will match 65535 but not 03600.

03600 0 0 deny log ip from any to any 65535 248 81372 deny ip from any to any

The rule 65535 exists always (it may be ``allow'' if you're compiled your kernel with IPFIREWALL_DEFAULT_TO_ACCEPT).

When the firewall is initialized (/etc/rc.firewall), it takes some time. At this time rule 3600 doesn't yet exist, and packets will be dropped with rule 65535.

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets