ipfw final rule
Daan Vreeken [PA4DAN]
Danovitsch at Vitsch.net
Mon Jun 2 11:42:33 PDT 2003
On Monday 02 June 2003 18:02, Gary Aitken wrote:
> I was considering turning on bridging, which requires the final ipfw
> rule to be allow, not deny.
> So I added a deny rule at 65534, but temporarily left the default deny
> rule in place in the kernel.
>
> Interestingly, my log shows the following:
> > 65534 582 58547 deny ip from any to any
> > 65535 3 234 deny ip from any to any
>
> This looks like an impossible situation, since the last 3 should have been
> caug ht by the previous rule.
I think they got caught in the split second between the time of flushing out
all rules and loading a new ruleset.
At that time 65535 was the only rule in the ruleset and 3 packets must have
reached your machine...
grtz,
Daan
More information about the freebsd-questions
mailing list