From owner-freebsd-questions Thu Oct 21 13:45:53 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dt050n71.san.rr.com (dt050n71.san.rr.com [204.210.31.113]) by hub.freebsd.org (Postfix) with ESMTP id B607A14FAB for ; Thu, 21 Oct 1999 13:45:30 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from gateway.gorean.org (gateway.gorean.org [10.0.0.1]) by dt050n71.san.rr.com (8.9.3/8.8.8) with ESMTP id NAA51384; Thu, 21 Oct 1999 13:44:52 -0700 (PDT) (envelope-from Doug@gorean.org) Date: Thu, 21 Oct 1999 13:44:51 -0700 (PDT) From: Doug Barton X-Sender: doug@dt050n71.san.rr.com To: daniel B Cc: freebsd-questions@freebsd.org Subject: Re: ipfw dny ip from any to any In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 21 Oct 1999, daniel B wrote: > Hi folks; > > I want to log all denied packets in ipfw and I used > 65534 add deny log all from any to any > this should 'bypass' the las rule > 65535 deny all from any to any > > but it doen't! I still see denied packet on the last rule when I do > ipfw sh > > What to do now? I bet that the amount of packets is always constant, right? Try doing 'ipfw -a l' once a day for a few days. The number should always be the same. This represents the number of packets that cross the interface before your firewall rules are loaded by the init process. If it turns out that the number does grow, then we have a bug somewhere and we need to track it down. Good luck, Doug -- "Stop it, I'm gettin' misty." - Mel Gibson as Porter, "Payback" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message