puzzling "ipfw show" output
Graham Menhennitt
gmenhennitt at optusnet.com.au
Mon Dec 12 23:19:27 PST 2005
Trond Endrestøl wrote:
> On Mon, 12 Dec 2005 19:09+1100, Graham Menhennitt wrote:
>
>
>> The only explanation I have is that the packets arrived between the
>> time when the machine started accepting incoming packets and when
>> the rules were loaded in /etc/rc.d/ipfw.
>>
>
> You just explained this yourself.
>
> One solution to this small problem could be to change part of the boot
> sequence into this:
>
> a. Create VLAN interfaces etc if configured, assign IP addresses to
> each configured interface, but do not UP them.
>
> b. Load the firewall rules, and optionally turn on forwarding.
>
> c. Set all configured interfaces to UP.
>
> One last question:
>
> Why do you need rule 65530 when the built-in rule 65535 does the same
> job?
>
>
Thanks Trond. You've confirmed what I suspected. I just wanted to be
sure that there wasn't something dodgy happening.
As James has already said, the extra rule is so that it doesn't matter
if the "default to accept" option is set or not. It would also handle
the case where I made a mistake and accidentally turned that option on,
or there was a bug in the kernel that made it the default. Just making sure.
Thanks,
Graham
More information about the freebsd-stable
mailing list