From owner-freebsd-questions  Wed Aug  4  2:58:41 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1])
	by hub.freebsd.org (Postfix) with ESMTP id CB25214EDC
	for <questions@FreeBSD.ORG>; Wed,  4 Aug 1999 02:57:16 -0700 (PDT)
	(envelope-from ru@ucb.crimea.ua)
Received: (from ru@localhost)
	by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id MAA78752;
	Wed, 4 Aug 1999 12:52:19 +0300 (EEST)
	(envelope-from ru)
Date: Wed, 4 Aug 1999 12:52:19 +0300
From: Ruslan Ermilov <ru@ucb.crimea.ua>
To: Eugeny Kuzakov <kev@lab321.ru>
Cc: questions@FreeBSD.ORG
Subject: Re: ipfw&rules&count question
Message-ID: <19990804125219.A75932@relay.ucb.crimea.ua>
Mail-Followup-To: Eugeny Kuzakov <kev@lab321.ru>, questions@FreeBSD.ORG
References: <Pine.BSF.4.10.9908041308560.25366-100000@lab321.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <Pine.BSF.4.10.9908041308560.25366-100000@lab321.ru>; from Eugeny Kuzakov on Wed, Aug 04, 1999 at 01:12:33PM +0700
X-Operating-System: FreeBSD 3.2-STABLE i386
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Aug 04, 1999 at 01:12:33PM +0700, Eugeny Kuzakov wrote:
> 
> hi*&
> 
> There is count rule:
> 
> 10000    count ip from any to any in recv ppp0
> 
> ipfw -a list:
> 10000    3322918 1221991973 count ip from any to any in recv ppp0
> 
> Everything Ok.
> 
> But if I insert firewall rule "1 pass ip from any to any", then count rule
> never will count.
> Why?
> 
Because ipfw(8) manpage stays:

allow             Allow packets that match rule.  The search terminates.
                                                  ^^^^^^^^^^^^^^^^^^^^^
                  Aliases are pass, permit, and accept.

count             Update counters for all packets that match rule.
                  The search continues with the next rule.
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

To make it work the way you want, put ``count'' rule before ``pass'' rule:

00001    count ip from any to any in recv ppp0
10000    pass ip from any to any


Cheers,
-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank,
ru@FreeBSD.org		FreeBSD committer,
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message