From owner-freebsd-ipfw  Thu Oct 24  0:57:47 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5009A37B401
	for <ipfw@FreeBSD.ORG>; Thu, 24 Oct 2002 00:57:46 -0700 (PDT)
Received: from freecris.bmm.it (freecris.biella.bmm.it [213.144.77.133])
	by mx1.FreeBSD.org (Postfix) with SMTP id 58F9F43E4A
	for <ipfw@FreeBSD.ORG>; Thu, 24 Oct 2002 00:57:44 -0700 (PDT)
	(envelope-from deana@bmm.it)
Received: (qmail 18464 invoked by alias); 24 Oct 2002 07:57:46 -0000
Received: from unknown (HELO there) (127.0.0.1)
  by localhost.biella.bmm.it with SMTP; 24 Oct 2002 07:57:46 -0000
Content-Type: text/plain;
  charset="iso-8859-15"
From: Cristiano Deana <deana@bmm.it>
Message-Id: <200210240951.06541@freecris>
To: ipfw@FreeBSD.ORG
Subject: ipfw2. 
Date: Thu, 24 Oct 2002 09:57:45 +0200
X-Mailer: KMail [version 1.3.2]
X-Faccina: ONdM ;-)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

What am I missing?

# uname -sv
FreeBSD FreeBSD 4.7-STABLE #14: Fri Oct 18 15:04:59 CEST 2002

# dmesg | grep ipfw
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to 
deny, logging limited to 100 packets/entry by default

# ifconfig xl0 | grep inet
        inet 213.144.77.133 netmask 0xffffff80 broadcast 213.144.77.255

# ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
10000 allow log icmp from 213.144.77.0/24{199,200,201} to 213.144.77.133
11000 deny log icmp from any to 213.144.77.133
65000 allow ip from any to any
65535 deny ip from any to any

# pinging from 213.144.77.200 to 213.144.77.133

# tail /var/log/security
Oct 24 09:38:58 freecris /kernel: ipfw: 11000 Deny ICMP:8.0 213.144.77.200 
213.144.77.133 in via xl0
Oct 24 09:39:12 freecris last message repeated 2 times

# ipfw show | grep icmp
10000          0          0 allow log icmp from 213.144.77.0/24{199,200,201} 
to 213.144.77.133
11000         33       2772 deny log icmp from any to 213.144.77.133

I think i'm missing some basic rule.
Why icmp packets coming from 213.144.77.200 didn't match rules #10000?

Thanks in advance,
cris.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message