From owner-freebsd-ipfw Thu Sep 19 13:28:35 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7191F37B4B3 for ; Thu, 19 Sep 2002 13:28:29 -0700 (PDT) Received: from degas.artisan.calpoly.edu (degas.artisan.calpoly.edu [129.65.60.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2993543E42 for ; Thu, 19 Sep 2002 13:28:29 -0700 (PDT) (envelope-from mbenadib@calpoly.edu) Received: from localhost (root@localhost) by degas.artisan.calpoly.edu (8.9.3 (PHNE_25183)/8.9.3) with ESMTP id NAA06553; Thu, 19 Sep 2002 13:27:50 -0700 (PDT) From: mbenadib@calpoly.edu X-OpenMail-Hops: 1 Date: Thu, 19 Sep 2002 13:27:49 -0700 Message-Id: Subject: RE: Re: OUCH! Cannot remove rules, count 1 MIME-Version: 1.0 To: rizzo@icir.org, soppscum@online.no Cc: freebsd-ipfw@FreeBSD.ORG Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline; filename="BDY.TXT" ;Creation-Date="Thu, 19 Sep 2002 13:27:49 -0700" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm not sure why I'm on this listing, can someone please remove me.. Thanks. -----Original Message----- From: rizzo [mailto:rizzo@icir.org] Sent: Thursday, September 19, 2002 11:57 AM To: soppscum Cc: rizzo; freebsd-ipfw Subject: Re: OUCH! Cannot remove rules, count 1 On Thu, Sep 19, 2002 at 07:50:54PM +0200, MIchael wrote: > I'm getting alot of "OUCH! cannot remove rules, count 1" in my logs laitly > Does anyone know what this means? it is a bug in the ipfw1 code. But also you have a bug in your ruleset too, because you must not specify both "keep-state" and "limit". All this is fixed in ipfw2 (which properly flags the invalid rules), so i suggest you to upgrade your firewall code to ipfw2 cheers luigi > Searching google it seems that it's related to the limit option in ipfw. > > I'm running FreeBSD 4.6.2 on a Cyrix166 with 49ram > rules with limit in my firewall script : > > $cmd 00641 allow tcp from any to any 2001 in via $oif setup keep-state limit src-addr 4 > $cmd 00642 allow udp from any to any 2001 in via $oif keep-state limit src-addr 4 > $cmd 00643 allow tcp from any to any 2002 in via $oif setup keep-state limit src-addr 4 > $cmd 00644 allow udp from any to any 2002 in via $oif keep-state limit src-addr 4 > $cmd 00645 allow tcp from any to any 2003 in via $oif setup keep-state limit src-addr 4 > $cmd 00646 allow udp from any to any 2003 in via $oif keep-state limit src-addr 4 > $cmd 00600 allow tcp from any to any 80 in via $oif setup keep-state limit src-addr 4 > $cmd 00621 allow log tcp from any to me 9000 in via $oif setup keep-state limit src-addr 4 > $cmd 00640 reset log tcp from any to me 113 in via $oif limit src-addr 4 > > Thanks > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message