Date: Fri, 28 Jun 1996 07:06:47 -0500 From: Alex Nash <alex@fa.tdktca.com> To: phk@FreeBSD.ORG Cc: nate@mt.sri.com, current@FreeBSD.ORG Subject: Re: IPFW bugs? (fwd) Message-ID: <31D3CAD7.1782696E@fa.tdktca.com> References: <Pine.BSI.3.91.960628054736.20070I-100000@Venus.mcs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> >> It's certainly a bug that you have rules with the same number, that > >> looks VERY weird to me, also where was your 65535 block all rule ? > > > >I set them to be the same #. Should I not? > no, I thought it was impossible to do so actually, and intended it to > be for that matter. Have same number makes it harder too understand > which one did that, and may lead to confusion as to what order they > apply in. The kernel does not reject rules with the same number. In fact, given a rule without a number, it may even generate a duplicate itself (if your last rule is >=65435, the kernel will assign that same number to rules added without a specified index). > >> Add "log" to all rules and see which number lets you though. > > > >Ahh, I didn't realize you could 'log' accept rules. I'll do that. > > Not only that, but all rules have counters ipfw can show you, so you > can even see activation of rules that didn't log. You can get even more information by using the -t option (ipfw -at l) to see a timestamp of when the rule matched. Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31D3CAD7.1782696E>