Date: Thu, 13 Feb 2003 12:57:41 +0200 (EET) From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> To: Andrea Venturoli <ml.ventu@flashnet.it> Cc: freebsd-net@freebsd.org Subject: Re: ipfw: count=pass? Message-ID: <200302131057.h1DAvfUE000508@pm514-9.comsys.ntu-kpi.kiev.ua> In-Reply-To: <200302131025.h1DAPCwA001464@soth.ventu.lucky.freebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Feb 2003 10:25:17 +0000 (UTC) in lucky.freebsd.net, Andrea Venturoli wrote: > >> You should find "allow" rule before "deny" rule which allows some traffic. > > I'm really sure there wasn't any. I don't have the system here available now, but I'm sure rules 1001-1255 were counting > traffic (and worked, as seen with ipfw -a l) and next was 2000 which should have denied, but it's counters were 0. > Hard to say something without seeing the configuration file you use. And even if you post your ipfw configuration file, then it will be also hard to analyze it, because it has many rules. Nevertheless, double check your configuration and add logging for Firewall and check which rule allows traffic, logging should help to solve a problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302131057.h1DAvfUE000508>