From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 9 11:01:36 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7B3537B401 for ; Mon, 9 Jun 2003 11:01:36 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8B4243FE9 for ; Mon, 9 Jun 2003 11:01:31 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h59I1VUp052096 for ; Mon, 9 Jun 2003 11:01:31 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h59I1Vbj052091 for ipfw@freebsd.org; Mon, 9 Jun 2003 11:01:31 -0700 (PDT) Date: Mon, 9 Jun 2003 11:01:31 -0700 (PDT) Message-Id: <200306091801.h59I1Vbj052091@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2003 18:01:37 -0000 Current FreeBSD problem reports Critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/01/26] kern/47529 ipfw natd/ipfw lose TCP packets for firewalled o [2003/03/23] kern/50216 ipfw kernel panic on 5.0-current when use ipfw 2 problems total. Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/12/27] kern/46557 ipfw ipfw pipe show fails with lots of queues o [2003/04/18] kern/51132 ipfw kernel part of ipfw1 processes 'to not me o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu o [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp 4 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w f [2002/01/11] kern/33804 ipfw ipfw bug/problem o [2002/12/07] kern/46080 ipfw [PATCH] logamount in ipfw2 does not defau o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2002/12/27] kern/46564 ipfw IPFilter and IPFW processing order is not o [2003/01/05] bin/46785 ipfw [patch] add sets information to ipfw2 -h o [2003/01/15] bin/47120 ipfw [patch] Sanity check in ipfw(8) o [2003/02/06] bin/48015 ipfw make ipfw2 work with iplen ranges o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/03/12] bin/49959 ipfw ipfw tee port rule skips parsing next rul o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/04/20] kern/51182 ipfw ipfw2. -d list shows couters for dynamic o [2003/05/04] bin/51750 ipfw ipfw2.c typos 14 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 9 16:06:56 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F3A837B401 for ; Mon, 9 Jun 2003 16:06:56 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E6A543FB1 for ; Mon, 9 Jun 2003 16:06:56 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h59N6cQg092636; Mon, 9 Jun 2003 16:06:38 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h59N6Ytk092635; Mon, 9 Jun 2003 16:06:34 -0700 (PDT) (envelope-from rizzo) Date: Mon, 9 Jun 2003 16:06:34 -0700 From: Luigi Rizzo To: Olivier Nicole Message-ID: <20030609160634.A92404@xorpc.icir.org> References: <200305270132.IAA02341@banyan.cs.ait.ac.th> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200305270132.IAA02341@banyan.cs.ait.ac.th>; from on@cs.ait.ac.th on Tue, May 27, 2003 at 08:32:10AM +0700 cc: freebsd-ipfw@freebsd.org Subject: Re: Strange count of dynamic rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2003 23:06:56 -0000 hi, On Tue, May 27, 2003 at 08:32:10AM +0700, Olivier Nicole wrote: > > And I am puzzled with the number of dynamic rules that are installed. > > firewall125: ipfw -d list | grep "<->" | wc > 1849 20651 157940 > > tells me that there are 1849 dynamic rules (both active and expired) actually according to the docs, '-d' does not list expired rules, so you might have a large number of the latter. I am not sure on what type of dynamic rules you are using, so it is hard to tell what is going wrong (if anything). cheers luigi > but: > > firewall127: sysctl net.inet.ip.fw.dyn_count > net.inet.ip.fw.dyn_count: 15910 > > tells me that there are 15910 dynamic rules. > > So where is the truth? Or is that something I missunderstand? > > Problem is that net.inet.ip.fw.dyn_count will never count down and > reach the limit of 65535 very soon (coupleof hours), and then nothing > can get through. > > BTW, I am running FreeBSD 4.8 with IPFW2 > > Best regards, > > Olivier > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Tue Jun 10 12:58:21 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC5FA37B401; Tue, 10 Jun 2003 12:58:21 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6863643FAF; Tue, 10 Jun 2003 12:58:21 -0700 (PDT) (envelope-from trhodes@FreeBSD.org) Received: from freefall.freebsd.org (trhodes@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5AJwLUp029175; Tue, 10 Jun 2003 12:58:21 -0700 (PDT) (envelope-from trhodes@freefall.freebsd.org) Received: (from trhodes@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5AJwKYV029171; Tue, 10 Jun 2003 12:58:20 -0700 (PDT) Date: Tue, 10 Jun 2003 12:58:20 -0700 (PDT) From: Tom Rhodes Message-Id: <200306101958.h5AJwKYV029171@freefall.freebsd.org> To: simon@nitro.dk, trhodes@FreeBSD.org, ipfw@FreeBSD.org, trhodes@FreeBSD.org Subject: Re: bin/47120: [patch] Sanity check in ipfw(8) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2003 19:58:22 -0000 Synopsis: [patch] Sanity check in ipfw(8) State-Changed-From-To: open->closed State-Changed-By: trhodes State-Changed-When: Tue Jun 10 12:53:05 PDT 2003 State-Changed-Why: Submitter requests the closing of this PR as outlined in the audit trail. Responsible-Changed-From-To: ipfw->trhodes Responsible-Changed-By: trhodes Responsible-Changed-When: Tue Jun 10 12:53:05 PDT 2003 Responsible-Changed-Why: Over to me. http://www.freebsd.org/cgi/query-pr.cgi?pr=47120