kern/66319: ipfw count rule disabling new connections

[Maxim Konovalov]

The following reply was made to PR kern/66319; it has been noted by GNATS.

From: Maxim Konovalov <maxim at macomnet.ru>
To: Zachery Hostens <openhalo at openhalo.net>
Cc: bug-followup at freebsd.org
Subject: Re: kern/66319: ipfw count rule disabling new connections
Date: Thu, 6 May 2004 12:35:15 +0400 (MSD)

 On Thu, 6 May 2004, 00:39-0700, Zachery Hostens wrote:
 
 >
 > >Number:         66319
 > >Category:       kern
 > >Synopsis:       ipfw count rule disabling new connections
 
 [...]
 > FreeBSD avalanche.mchsi.com 5.2-CURRENT FreeBSD 5.2-CURRENT #4: Mon May  3 22:07:04 CDT 2004     root at avalanche.mchsi.com:/usr/obj/usr/src/sys/AVALANCHE  i386
 > >Description:
 > i was attempting to add a rule to ipfw to count syn packets coming
 > in ipfw add 01000 count tcp from any to me setup (i also tried to
 > any) when i would try to connect to the box from another machine i
 > would always get this: extort at fate extort $ ssh avalanche ssh:
 > connect to host avalanche port 22: Network is unreachable
 >
 > now the counter would count connection tries correctly, just not
 > allow me to connect.  as soon as i remove the rule i can ssh
 > perfectly fine.
 >
 > src-all was cvsup'd within 1 day of being compiled.  If you need to
 > see the kernel config and/or rc.conf or any other settings i have
 > set, please feel free to email me.
 > >How-To-Repeat:
 > ipfw add # count tcp to any from [any|me]
 
 It doesn't look like a valid ipfw(4) rule.
 
 $ ipfw -n add 1 count tcp to any from any
 ipfw: missing ``from''
 
 I believe you mean something like that:
 
 # ipfw add 1 count tcp from any to any
 00001 count tcp from any to any
 
 $ telnet relay1.demos.su 25
 Trying 194.87.0.16...
 Connected to relay1.demos.su.
 Escape character is '^]'.
 
 So, I cannot reproduce.  Could you please show the whole ruleset?
 
 -- 
 Maxim Konovalov