Date: Thu, 13 Feb 2003 11:25:12 EST From: Andrea Venturoli <ml.ventu@flashnet.it> To: freebsd-net@FreeBSD.ORG Subject: Re: ipfw: count=pass? Message-ID: <200302131025.h1DAPCwA001464@soth.ventu>
next in thread | raw e-mail | index | archive | help
** Reply to note from Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> Thu, 13 Feb 2003 11:23:16 +0200 (EET)
> If the counter of some IPFW rule is always 0, then this means that this
> rule is not reached (you are right here).
So rule 2000 (deny) was not reached.
> After "count" rule the search
> continues with the next rule (with the same number or with the next number,
> at least this is true for IPFW1, check it).
This is what I thought, but apparently, either I'm missing something weird or it didn't work like that.
> You should find "allow" rule before "deny" rule which allows some traffic.
I'm really sure there wasn't any. I don't have the system here available now, but I'm sure rules 1001-1255 were counting
traffic (and worked, as seen with ipfw -a l) and next was 2000 which should have denied, but it's counters were 0.
bye & Thanks
av.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302131025.h1DAPCwA001464>