Date: Thu, 6 May 2004 01:40:17 -0700 (PDT) From: Maxim Konovalov <maxim@macomnet.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/66319: ipfw count rule disabling new connections Message-ID: <200405060840.i468eHwD079203@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/66319; it has been noted by GNATS. From: Maxim Konovalov <maxim@macomnet.ru> To: Zachery Hostens <openhalo@openhalo.net> Cc: bug-followup@freebsd.org Subject: Re: kern/66319: ipfw count rule disabling new connections Date: Thu, 6 May 2004 12:35:15 +0400 (MSD) On Thu, 6 May 2004, 00:39-0700, Zachery Hostens wrote: > > >Number: 66319 > >Category: kern > >Synopsis: ipfw count rule disabling new connections [...] > FreeBSD avalanche.mchsi.com 5.2-CURRENT FreeBSD 5.2-CURRENT #4: Mon May 3 22:07:04 CDT 2004 root@avalanche.mchsi.com:/usr/obj/usr/src/sys/AVALANCHE i386 > >Description: > i was attempting to add a rule to ipfw to count syn packets coming > in ipfw add 01000 count tcp from any to me setup (i also tried to > any) when i would try to connect to the box from another machine i > would always get this: extort@fate extort $ ssh avalanche ssh: > connect to host avalanche port 22: Network is unreachable > > now the counter would count connection tries correctly, just not > allow me to connect. as soon as i remove the rule i can ssh > perfectly fine. > > src-all was cvsup'd within 1 day of being compiled. If you need to > see the kernel config and/or rc.conf or any other settings i have > set, please feel free to email me. > >How-To-Repeat: > ipfw add # count tcp to any from [any|me] It doesn't look like a valid ipfw(4) rule. $ ipfw -n add 1 count tcp to any from any ipfw: missing ``from'' I believe you mean something like that: # ipfw add 1 count tcp from any to any 00001 count tcp from any to any $ telnet relay1.demos.su 25 Trying 194.87.0.16... Connected to relay1.demos.su. Escape character is '^]'. So, I cannot reproduce. Could you please show the whole ruleset? -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405060840.i468eHwD079203>