From owner-freebsd-current  Thu Jun 27 23:36:40 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA11651
          for current-outgoing; Thu, 27 Jun 1996 23:36:40 -0700 (PDT)
Received: from critter.tfs.com (critter.cdrom.com [204.216.27.38])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA11646;
          Thu, 27 Jun 1996 23:36:36 -0700 (PDT)
Received: from critter.tfs.com (localhost [127.0.0.1]) by critter.tfs.com (8.7.5/8.7.3) with ESMTP id XAA04632; Thu, 27 Jun 1996 23:35:56 -0700 (PDT)
To: Nate Williams <nate@mt.sri.com>
cc: current@FreeBSD.ORG, alex@FreeBSD.ORG
Subject: Re: IPFW bugs? 
In-reply-to: Your message of "Fri, 28 Jun 1996 00:06:54 MDT."
             <199606280606.AAA13890@rocky.mt.sri.com> 
Date: Thu, 27 Jun 1996 23:35:54 -0700
Message-ID: <4616.835943754@critter.tfs.com>
From: Poul-Henning Kamp <phk@FreeBSD.ORG>
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

In message <199606280606.AAA13890@rocky.mt.sri.com>, Nate Williams writes:
>> > Add "log" to all rules and see which number lets you though.
>> 
>> Ahh, I didn't realize you could 'log' accept rules.  I'll do that.
>
>OK, here's the rule that let's *EVERYTHING* through.
>
># Should be allowing DNS through, which can be either UDP/TCP
>ipfw add  21 pass log all from any 53 to any via $1

Yes, (I just talk(1)'ed Nate).  The curent implentation doesn't complain
about "over-specified" rules.  The portnumber isn't used with "all" as
protocol.

ipfw and the kernel should both complain about such a rule being set.

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.