IPFW issue: skip past end of rules
Tobias P. Santos
tpeixoto at widesoft.com.br
Tue Dec 2 03:19:54 PST 2003
Hello,
I have a gateway limiting the bandwidth of my customers.
Everything is working fine, but I got some messages in the log file,
see:
[...]
Dec 1 15:04:55 proxy /kernel: +++ ipfw: ouch!, skip past end of rules,
denying packet
Dec 1 15:06:17 proxy last message repeated 90 times
Dec 1 15:19:24 proxy last message repeated 41 times
Dec 1 15:33:58 proxy last message repeated 142 times
Dec 1 15:38:57 proxy last message repeated 121 times
[...]
Here are my rules:
00100 344 101154 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 450 18000 deny ip from 127.0.0.0/8 to any
00400 9971 1390018 pipe 1 ip from any to any MAC any
00:00:00:00:00:00 in
00500 12282 11562920 pipe 2 ip from any to any MAC
00:00:00:00:00:00 any out
00600 0 0 pipe 3 ip from any to any MAC any
11:11:11:11:11:11 in
00700 0 0 pipe 4 ip from any to any MAC
11:11:11:11:11:11 any out
00800 0 0 pipe 5 ip from any to any MAC any
22:22:22:22:22:22 in
00900 0 0 pipe 6 ip from any to any MAC
22:22:22:22:22:22 any out
01000 0 0 pipe 7 ip from any to any MAC any
33:33:33:33:33:33 in
01100 0 0 pipe 8 ip from any to any MAC
33:33:33:33:33:33 any out
01200 2336717 1482414132 divert 8668 ip from any to any via vr0
65000 9272277 5914106630 allow ip from any to any
65535 318 177373 deny ip from any to any
Am I missing something?
I can't find information about this issue anywhere.
Thank you in advance!
Best regards,
Tobias.
More information about the freebsd-net
mailing list