Date: Thu, 19 Sep 2002 13:27:49 -0700 From: mbenadib@calpoly.edu To: rizzo@icir.org, soppscum@online.no Cc: freebsd-ipfw@FreeBSD.ORG Subject: RE: Re: OUCH! Cannot remove rules, count 1 Message-ID: <H00010520c0abf3e.1032467268.degas.artisan.calpoly.edu@MHS>
next in thread | raw e-mail | index | archive | help
I'm not sure why I'm on this listing, can someone please remove me.. Thanks. -----Original Message----- From: rizzo [mailto:rizzo@icir.org] Sent: Thursday, September 19, 2002 11:57 AM To: soppscum Cc: rizzo; freebsd-ipfw Subject: Re: OUCH! Cannot remove rules, count 1 On Thu, Sep 19, 2002 at 07:50:54PM +0200, MIchael wrote: > I'm getting alot of "OUCH! cannot remove rules, count 1" in my logs laitly > Does anyone know what this means? it is a bug in the ipfw1 code. But also you have a bug in your ruleset too, because you must not specify both "keep-state" and "limit". All this is fixed in ipfw2 (which properly flags the invalid rules), so i suggest you to upgrade your firewall code to ipfw2 cheers luigi > Searching google it seems that it's related to the limit option in ipfw. > > I'm running FreeBSD 4.6.2 on a Cyrix166 with 49ram > rules with limit in my firewall script : > > $cmd 00641 allow tcp from any to any 2001 in via $oif setup keep-state limit src-addr 4 > $cmd 00642 allow udp from any to any 2001 in via $oif keep-state limit src-addr 4 > $cmd 00643 allow tcp from any to any 2002 in via $oif setup keep-state limit src-addr 4 > $cmd 00644 allow udp from any to any 2002 in via $oif keep-state limit src-addr 4 > $cmd 00645 allow tcp from any to any 2003 in via $oif setup keep-state limit src-addr 4 > $cmd 00646 allow udp from any to any 2003 in via $oif keep-state limit src-addr 4 > $cmd 00600 allow tcp from any to any 80 in via $oif setup keep-state limit src-addr 4 > $cmd 00621 allow log tcp from any to me 9000 in via $oif setup keep-state limit src-addr 4 > $cmd 00640 reset log tcp from any to me 113 in via $oif limit src-addr 4 > > Thanks > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?H00010520c0abf3e.1032467268.degas.artisan.calpoly.edu>