puzzling "ipfw show" output
Oliver Fromme
olli at lurza.secnetix.de
Tue Dec 13 07:14:43 PST 2005
Graham Menhennitt <gmenhennitt at optusnet.com.au> wrote:
> I got the following output from "ipfw show" in my daily security run output email.
>
> +++ /tmp/security.yri47lgA Mon Dec 12 03:01:45 2005
> +00522 3530 1204158 deny ip from 10.0.0.0/8 to any via sis1
> +02522 18 784 deny tcp from any to any in via sis1 setup
> +65530 0 0 deny ip from any to any
> +65535 2 688 deny ip from any to any
>
> Could somebody please explain to me how those packets got past rule 65530 to be
> stopped by (the identical) rule 65535?
In addition to the explanations already given, the above
output from "ipfw show" could also be caused by a rule
saying "skip 65535" somewhere. ;-)
Of course, I assume that you wrote the whole rule set
yourself, so you would be aware of such a skip rule.
I just wanted to mention the possibility that rules need
not be evaluated in strict numerical order.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
"C++ is the only current language making COBOL look good."
-- Bertrand Meyer
More information about the freebsd-stable
mailing list