Date: Sat, 4 Oct 1997 01:00:25 -0700 (PDT) From: David Sharnoff <muir@ping.idiom.com> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/4687: ipfw accept ignored. Message-ID: <199710040800.BAA12414@ping.idiom.com> Resent-Message-ID: <199710040810.BAA05510@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4687 >Category: kern >Synopsis: ipfw accept ignored >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 4 01:10:01 PDT 1997 >Last-Modified: >Originator: David Sharnoff >Organization: Idiom Consutling >Release: FreeBSD 2.2.2-RELEASE i386 >Environment: A router with lots of rules. I'll send 'em to anyone who is interested. The router is running FreeBSD 2.2.2 RELEASE >Description: I have a rule that passes a packet. I can tell that it passes the packet because the counter goes up by one whenever a packet goes by. I have another rule that rejects packets. Both rules are firing on the same packet. % ipfw -a list | grep 111 13000 24 2016 allow udp from 209.66.121.0/27 to 140.174.82.0/26 111 in via ethb17 13000 0 0 allow udp from 140.174.82.32/27 to 140.174.82.32/27 111 in via ep0 13000 0 0 allow tcp from 140.174.82.0/27 to 140.174.82.0/26 111 in via fxp0 13000 0 0 allow udp from 140.174.82.0/27 to 140.174.82.0/27 111 in via fxp0 13000 24 2016 deny log udp from any to 140.174.82.0/26 111 13500 0 0 allow tcp from 140.174.82.32/27 to 140.174.82.0/26 111 in via ep0 13500 0 0 deny log tcp from any to 140.174.82.0/26 111 I've renumbered the rules in many ways. It behaves the same if both rules (with the 24 2016 count) have the same number or different numbers. >How-To-Repeat: Duplicate the above rules. Send packets. >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710040800.BAA12414>