"ipfw count" unexpected results
Andrey Zaytcev
crazy at anvic-center.nkz.ru
Wed Oct 1 10:18:40 UTC 2008
Please take a look at this "ipfw show" result:
00050 4439 1302601 tee 20001 ip from any to any via tun0
00100 2695 805238 count ip from any to any via tun0 in
00101 1713 489367 count ip from any to any via tun0 out
00103 0 0 deny ip from 127.0.0.0/8 to any
00105 0 0 deny ip from 192.168.1.0/24,192.168.0.0/24 to any via tun0 in
00106 0 0 deny ip from 192.168.1.0/24,192.168.0.0/24 to any via tun2 in
00107 0 0 deny ip from 192.168.1.0/24,192.168.0.0/24 to any via tun1 in
00108 2714 812754 count ip from any to any via tun0 in
00109 1725 489847 count ip from any to any via tun0 out
00116 0 0 allow tcp from any to xx.xx.xx.xx dst-port yy.yy.yy.yy
00117 0 0 fwd xx.xx.xx.xx tcp from yy.yy.yy.yy zz.zz.zz.zz to any
00118 0 0 fwd xx.xx.xx.xx1 tcp from yy.yy.yy.yy1 zz.zz.zz.zz1 to any
00118 0 0 fwd xx.xx.xx.xx2 tcp from yy.yy.yy.yy2 zz.zz.zz.zz2 to any
00119 0 0 fwd xx.xx.xx.xx3 tcp from yy.yy.yy.yy3 to any dst-port zz.zz.zz.zz3
00120 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy dst-port zz.zz.zz.zz via tun2
00121 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy1 dst-port zz.zz.zz.zz1 via tun0
00122 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy1 dst-port zz.zz.zz.zz2 via tun0
00123 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy2 dst-port zz.zz.zz.zz3 via tun0,tun2,tun1
00124 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy2 dst-port zz.zz.zz.zz1 via tun1
00125 0 0 deny log logamount 65534 tcp from not xx.xx.xx.xx to yy.yy.yy.yy3 dst-port zz.zz.zz.zz1 via tun1
00130 0 0 allow tcp from xx.xx.xx.xx to yy.yy.yy.yy dst-port zz.zz.zz.zz5 keep-state
00140 2360 777364 count ip from any to any via tun0 in
00141 1416 113119 count ip from any to any via tun0 out
The question is: why rules 100 and 101 are not equal to 108 and 109 and rules 140 and 141 ? It seems only rules 108 and 109 shows correct information, because 108+109 = 50.
More information about the freebsd-questions
mailing list