Date: Fri, 20 Dec 2002 10:38:48 +0100 From: Dan Lukes <dan@obluda.cz> To: freebsd-stable@freebsd.org Subject: Re: ipfw and rule 65535 Message-ID: <3E02E528.1000300@obluda.cz> In-Reply-To: <20021218132335.D3893-100000@tigger.pacehouse.com> References: <20021218132335.D3893-100000@tigger.pacehouse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
James Pace wrote, On 12/18/02 22:25: > (No reply in -questions, so trying here. Thanks.) > > Here is the end of the output from 'ipfw show': > > 04000 0 0 deny log ip from any to any > 65535 91 8227 deny ip from any to any > > Can anyone explain why the last rule is getting hit? I was under the > impression that the rules are traversed in order, so 4000 should catch > anything that 65535 would. From the booting time, just before the rule 4000 has been loaded ? During reloads of firewall (as the firewall table is flushed for a short time). It didn't explain why the rule 4000 has no hit - unless you reloaded firewall just before you grab the sample. Dan -- Dan Lukes tel: +420 2 21914205, fax: +420 2 21914206 root of FIONet, KolejNET, webmaster of www.freebsd.cz AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E02E528.1000300>