Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 4 Feb 2001 14:23:11 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: ipfw issue of 4.2-stable
Message-ID:  <20010204142311.V91447@rfx-216-196-73-168.users.reflex>
In-Reply-To: <20010204221448O.ipfw@ya3.so-net.ne.jp>; from Yoshihiro.Koya@math.yokohama-cu.ac.jp on Sun, Feb 04, 2001 at 10:14:48PM %2B0900
References:  <20010204221448O.ipfw@ya3.so-net.ne.jp>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Feb 04, 2001 at 10:14:48PM +0900, Yoshihiro Koya wrote:
> Hello,
> 
> I cvsup'd today at Feb  4 10:18:15 UTC. Everything seem to work fine.
> But I found some issue around ipfw.
> 
> Before Jan 27 my ipfw produced the following log:
> 
> Jan 26 12:53:19 presario /kernel: \
> ipfw: 1000 Deny TCP 203.178.141.212:4946 210.132.234.64:113 in via tun0
> Jan 27 00:08:52 presario /kernel: \
> ipfw: 1000 Deny TCP 216.6.41.141:3573 210.132.228.179:113 in via tun0
> 
> However, the log of new system built today produced
> 
> Feb  4 21:56:04 presario /kernel: \
> ipfw: 500 Accept TCP 210.139.248.31:49208 210.132.234.20:113 in via tun0
> 
> Please keep in the mind that I've never changed my ipfw configuration
> file essentially.  I only add "pass" in the following line.
> 
> add pass log tcp from any to any established
> 
> The followings are additional information on my ipfw.
> 
> # uname -a 
> FreeBSD presario.my.domain 4.2-STABLE FreeBSD 4.2-STABLE #0: \
> Sun Feb  4 20:14:24 JST 2001     \
> root@presario.my.domain:/usr/obj/usr/src/sys/presario  i386
> 
> # ipfw -a list
> 00100  0    0 allow ip from any to any via lo0
> 00100  0    0 allow ip from any to any via lo0
> 00200  0    0 deny ip from any to 127.0.0.0/8
> 00300  0    0 deny log logamount 100 ip from 192.168.0.0/24 to any in recv tun0
> 00400  0    0 allow ip from any to any via dc0
> 00500 45 5284 allow log logamount 100 tcp from any to any established

I fail to see the problem here. Do you have some reason to believe
that the packet we see passed above should be denied?
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010204142311.V91447>