Date: Wed, 14 Sep 2011 14:48:57 +0400 From: Vladimir Budnev <vladimir.budnev@gmail.com> To: Eugene Grosbein <egrosbein@rdtc.ru> Cc: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: IPFW hidden/broken rule? (Free 7.2) Message-ID: <CAAvRK97r0bC7KZyGeuiRQ=jG976TQAJxCSqTeDZ%2BTbKAXGJLqw@mail.gmail.com> In-Reply-To: <4E706BC1.9030203@rdtc.ru> References: <4E7066CE.3070702@gmail.com> <4E706BC1.9030203@rdtc.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> > 14.09.2011 15:33, Vladimir Budnev =D0=C9=DB=C5=D4: > > > So i think there are at least to questions: > > > > 1. Have anyone ever met such situation? Or may be something close to > > this one with 'hidden' ipfw rules? > > Have you tried "ipfw -d -e show"? > > Nope we didnt check those tables. But to be honest iI don't think there may be connection tracking issue because it is allow ip to any rule: 04701 pipe tablearg ip from table(2) to any in via em0 And I'v wrote that we can catch packets with rule, by placing it before rul= e 04701.Packets are captured by 04701 even with empty(not flushed) table 2.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAvRK97r0bC7KZyGeuiRQ=jG976TQAJxCSqTeDZ%2BTbKAXGJLqw>