IPFW - Why Doesn't This Rule Match? -- SOLVED
Drew Tomlinson
drew at mykitchentable.net
Wed Mar 26 16:40:14 PST 2003
----- Original Message -----
From: "Dan Pelleg" <daniel+bsd at pelleg.org>
To: "Drew Tomlinson" <drew at mykitchentable.net>
Cc: "FreeBSD Questions" <freebsd-questions at freebsd.org>
Sent: Tuesday, March 25, 2003 12:27 PM
Subject: Re: IPFW - Why Doesn't This Rule Match?
> "Drew Tomlinson" <drew at mykitchentable.net> writes:
>
> > I am using the following rules to match traffic on my home network with
a
> > FBSD 4.8 firewall. The first rule matches but the second doesn't.
Here's
> > the rules:
> >
> > # Match this specific traffic
> > 00700 288 329708 count ip from 192.168.1.3 8080 to any
> >
> > # Match everything else
> > 00800 0 0 count ip from not 192.168.1.3 8080 to any
> >
> > Can anyone tell me what I am missing?
> >
> > Thanks,
> >
> > Drew
>
> Probably because the "not" applies just to the address, and not to the
port
> number.
Thanks, that was it. By changing the rule to 'not 192.168.1.3 not 8080',
the rule started matching packets as I expected.
I appreciate the help!
Drew
More information about the freebsd-questions
mailing list