Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Oct 2002 13:30:38 -0600
From:      John Nielsen <>
Subject:   skip past end of rules
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
I'm seeing the following message repeatedly on a 4.7-R box using IPFW2:

+++ ipfw: ouch!, skip past end of rules, denying packet

Some points of interest:
I don't have any skipto rules in my ruleset.
The same ruleset worked without complaining under 4.6.2-R.
(I haven't made any ipfw2-dependent changes yet).
The firewall appears to be functioning properly despite the messages.
The firewall serves a very network, yet the message has only shown up ~50=
times in the past 24 hours.  (It appears more frequently during times of=20
high network usage).
I am using dummynet pipes for bandwidth limiting.
net.inet.ip.fw.one_pass is set to 0.

This obviously isn't a show-stopper, but it is a bit worrisome.  I'd like=
know if this is a known bug or if I should submit a PR on it.  I'd also=20
like to isolate the problem a bit better, but I need some suggestions on=20
how to do so.



To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>