From owner-freebsd-stable  Sun Feb  4 14:24:42 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 951F637B401
	for <freebsd-stable@freebsd.org>; Sun,  4 Feb 2001 14:24:23 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Sun, 4 Feb 2001 14:22:13 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f14MNBT59114;
	Sun, 4 Feb 2001 14:23:11 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 4 Feb 2001 14:23:11 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: ipfw issue of 4.2-stable
Message-ID: <20010204142311.V91447@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <20010204221448O.ipfw@ya3.so-net.ne.jp>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20010204221448O.ipfw@ya3.so-net.ne.jp>; from Yoshihiro.Koya@math.yokohama-cu.ac.jp on Sun, Feb 04, 2001 at 10:14:48PM +0900
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Feb 04, 2001 at 10:14:48PM +0900, Yoshihiro Koya wrote:
> Hello,
> 
> I cvsup'd today at Feb  4 10:18:15 UTC. Everything seem to work fine.
> But I found some issue around ipfw.
> 
> Before Jan 27 my ipfw produced the following log:
> 
> Jan 26 12:53:19 presario /kernel: \
> ipfw: 1000 Deny TCP 203.178.141.212:4946 210.132.234.64:113 in via tun0
> Jan 27 00:08:52 presario /kernel: \
> ipfw: 1000 Deny TCP 216.6.41.141:3573 210.132.228.179:113 in via tun0
> 
> However, the log of new system built today produced
> 
> Feb  4 21:56:04 presario /kernel: \
> ipfw: 500 Accept TCP 210.139.248.31:49208 210.132.234.20:113 in via tun0
> 
> Please keep in the mind that I've never changed my ipfw configuration
> file essentially.  I only add "pass" in the following line.
> 
> add pass log tcp from any to any established
> 
> The followings are additional information on my ipfw.
> 
> # uname -a 
> FreeBSD presario.my.domain 4.2-STABLE FreeBSD 4.2-STABLE #0: \
> Sun Feb  4 20:14:24 JST 2001     \
> root@presario.my.domain:/usr/obj/usr/src/sys/presario  i386
> 
> # ipfw -a list
> 00100  0    0 allow ip from any to any via lo0
> 00100  0    0 allow ip from any to any via lo0
> 00200  0    0 deny ip from any to 127.0.0.0/8
> 00300  0    0 deny log logamount 100 ip from 192.168.0.0/24 to any in recv tun0
> 00400  0    0 allow ip from any to any via dc0
> 00500 45 5284 allow log logamount 100 tcp from any to any established

I fail to see the problem here. Do you have some reason to believe
that the packet we see passed above should be denied?
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message