From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 12 11:06:55 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC9CA1065679 for ; Mon, 12 Oct 2009 11:06:55 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C0CBA8FC0A for ; Mon, 12 Oct 2009 11:06:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9CB6tW2036444 for ; Mon, 12 Oct 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9CB6tkM036440 for freebsd-ipfw@FreeBSD.org; Mon, 12 Oct 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 12 Oct 2009 11:06:55 GMT Message-Id: <200910121106.n9CB6tkM036440@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Oct 2009 11:06:55 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from p kern/115755 ipfw [ipfw] [patch] unify message and add a rule number whe o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 63 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 14 20:19:39 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 947A5106566C; Wed, 14 Oct 2009 20:19:39 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6C73D8FC1C; Wed, 14 Oct 2009 20:19:39 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9EKJdtJ078864; Wed, 14 Oct 2009 20:19:39 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9EKJdkv078859; Wed, 14 Oct 2009 20:19:39 GMT (envelope-from gavin) Date: Wed, 14 Oct 2009 20:19:39 GMT Message-Id: <200910142019.n9EKJdkv078859@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/139581: [ipfw] "ipfw pipe" not limiting bandwidth X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Oct 2009 20:19:39 -0000 Old Synopsis: ipfw pipe New Synopsis: [ipfw] "ipfw pipe" not limiting bandwidth Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: gavin Responsible-Changed-When: Wed Oct 14 20:17:06 UTC 2009 Responsible-Changed-Why: Over to maintainer(s) http://www.freebsd.org/cgi/query-pr.cgi?pr=139581 From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 16 23:11:59 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49B5910656A7 for ; Fri, 16 Oct 2009 23:11:59 +0000 (UTC) (envelope-from chris@smartt.com) Received: from mailout3.smartt.com (mailout3.smartt.com [69.67.187.28]) by mx1.freebsd.org (Postfix) with ESMTP id 22E548FC16 for ; Fri, 16 Oct 2009 23:11:59 +0000 (UTC) Received: from [69.31.174.220] (unknown [69.31.174.220]) by mailout3.smartt.com (Postfix) with ESMTPA id B5F3310E498; Fri, 16 Oct 2009 16:11:53 -0700 (PDT) Message-ID: <4AD8FDD0.30008@smartt.com> Date: Fri, 16 Oct 2009 16:12:16 -0700 From: Chris St Denis User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: Jason Lewis References: <4AC51F18.5050703@smartt.com> <4AC52918.2020705@smartt.com> <8d923f617db88c873c63bb2038752147.squirrel@users.sharktooth.org> <4ACF9341.2040406@smartt.com> In-Reply-To: <4ACF9341.2040406@smartt.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, Freddie Cash Subject: Re: ipfw: install_state: entry already present, done X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Oct 2009 23:11:59 -0000 This is definitely a regression in 7.2. Downgrades to 6.4, 7.0, 7.1 did not show this symptom. Upgrade the test server back to 7.2 and the messages come back. Chris St Denis wrote: > check_state doesn't help. The error is also generated from the rc.conf > firewall_type="workstation" rule set which includes check_state among > several other rules. > > I made a copy of this server (it's a virtual server under WMware) and > downgraded it to 6.4-RELEASE-p7 and I no longer get the error. > > I downgraded another copy to 7.2-RELEASE (no patches) by copying the > generic kernel off the CD. Still gets errors. > > Downgraded it to 7.0-RELEASE and the message stopped. > > I'm going to try going to 7.1 and see which behavior it has. > > Looks like there may have been a regression in 7.2 (or maybe 7.1 > pending the results of my further testing) > > > Jason Lewis wrote: >> Did you try a check_state? I am using this same rule structure on BSD6 >> without a problem. >> >> Thanks, >> Jason >> http://jasonlewis.yaritz.net >> >> >>> Freddie Cash wrote: >>> >>>> On Thu, Oct 1, 2009 at 2:28 PM, Chris St Denis >>>> wrote: >>>> >>>> >>>> >>>>> Haven't gotten any response on -questions so trying here. I've also >>>>> opened >>>>> a PR (kern/139226) but it's gotten no replies so I figured I >>>>> should try >>>>> here >>>>> since I'm not certain if it's a bug or not. Regardless I am hoping >>>>> for >>>>> at >>>>> least a work-around -- a few extra rules or settings to keep my >>>>> console >>>>> from >>>>> being flooded by errors. So far only option I found is commenting out >>>>> the >>>>> error display line in the kernel source which is far from optimal. >>>>> >>>>> I'm trying to setup a stateful firewall for my server such that any >>>>> traffic >>>>> can go out, and it's reply come back -- a fairly typical workstation >>>>> setup. >>>>> However I'm getting the error message "ipfw: install_state: entry >>>>> already >>>>> present, done" repeated many times in my logs (tho the rules >>>>> seemed to >>>>> work >>>>> fine otherwise). >>>>> >>>>> I stripped down the rules to the minimum I could and discovered the >>>>> line >>>>> causing it is "allow udp from me to any keep-state". >>>>> >>>>> Only seems to happen when I have bind running as a slave dns server >>>>> (not >>>>> publicly listed, just the zone replication traffic causes the error) >>>>> but I >>>>> assume any other large source of UDP traffic would also do it. >>>>> >>>>> Full firewall rules: >>>>> >>>>> dns2# ipfw list >>>>> 00100 allow ip from any to any via lo0 >>>>> 00200 deny ip from any to 127.0.0.0/8 >>>>> 00300 deny ip from 127.0.0.0/8 to any >>>>> 00400 allow udp from me to any keep-state >>>>> 65535 deny ip from any to any >>>>> >>>>> >>>>> >>>>> >>>> If you add "out xmit em0" to the udp rule, do the errors stop >>>> >>> I added that and restarted bind (thus generating a bunch of UDP >>> traffic) >>> and the error still floods the console. >>> >>> Current rule set: >>> 00100 allow ip from any to any via lo0 >>> 00200 deny ip from any to 127.0.0.0/8 >>> 00300 deny ip from 127.0.0.0/8 to any >>> 00400 allow udp from me to any out xmit em0 keep-state >>> 00500 allow ip from any to any >>> 65535 deny ip from any to any >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> >>> >> >> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> > > -- Chris St Denis Programmer SmarttNet (www.smartt.com) Ph: 604-473-9700 Ext. 200 ------------------------------------------- "Smart Internet Solutions For Businesses" From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 16 23:30:07 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 30DB0106566B for ; Fri, 16 Oct 2009 23:30:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 200058FC0C for ; Fri, 16 Oct 2009 23:30:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9GNU68h067520 for ; Fri, 16 Oct 2009 23:30:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9GNU6vq067517; Fri, 16 Oct 2009 23:30:06 GMT (envelope-from gnats) Date: Fri, 16 Oct 2009 23:30:06 GMT Message-Id: <200910162330.n9GNU6vq067517@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Chris St Denis Cc: Subject: Re: kern/139226: [ipfw] install_state: entry already present, done X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Chris St Denis List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Oct 2009 23:30:07 -0000 The following reply was made to PR kern/139226; it has been noted by GNATS. From: Chris St Denis To: bug-followup@FreeBSD.org, chris@smartt.com Cc: Subject: Re: kern/139226: [ipfw] install_state: entry already present, done Date: Fri, 16 Oct 2009 16:21:31 -0700 I tested this in other versions of FreeBSD by downgrading to 6.4, 7.0, & 7.1 with freebsd-update. None of the other version experianced this behavior. However when going back to 7.2 (with freebsd-update) the error returned. Seems to be a regression in 7.2 -- Chris St Denis Programmer SmarttNet (www.smartt.com) Ph: 604-473-9700 Ext. 200 ------------------------------------------- "Smart Internet Solutions For Businesses" From owner-freebsd-ipfw@FreeBSD.ORG Sat Oct 17 06:42:00 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8EA6F106566B for ; Sat, 17 Oct 2009 06:42:00 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id CCB908FC08 for ; Sat, 17 Oct 2009 06:41:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n9H6fu75046039; Sat, 17 Oct 2009 17:41:57 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 17 Oct 2009 17:41:56 +1100 (EST) From: Ian Smith To: Chris St Denis In-Reply-To: <4AD8FDD0.30008@smartt.com> Message-ID: <20091017171148.T70724@sola.nimnet.asn.au> References: <4AC51F18.5050703@smartt.com> <4AC52918.2020705@smartt.com> <8d923f617db88c873c63bb2038752147.squirrel@users.sharktooth.org> <4ACF9341.2040406@smartt.com> <4AD8FDD0.30008@smartt.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Jason Lewis , freebsd-ipfw@freebsd.org, Freddie Cash Subject: Re: ipfw: install_state: entry already present, done X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2009 06:42:00 -0000 On Fri, 16 Oct 2009, Chris St Denis wrote: > > This is definitely a regression in 7.2. > > Downgrades to 6.4, 7.0, 7.1 did not show this symptom. Upgrade the test > server back to 7.2 and the messages come back. I notice neither your rules shown below nor the "workstation" rules - unlike the "client" and "simple" rulesets - allow IP fragments to pass, and I'm not sure what happens to frags that are associated with stateful DNS rules. The only frags I usually see here are associated with DNS responses from my forwarders, usually huge lists of NS for spamhaus.org that are almost always fragmented (around 2Kbytes). You could maybe try a specific 'allow log all from any to any frag' ? Just a wild stab in the dark, cheers, Ian > Chris St Denis wrote: > > check_state doesn't help. The error is also generated from the rc.conf > > firewall_type="workstation" rule set which includes check_state among > > several other rules. > > > > I made a copy of this server (it's a virtual server under WMware) and > > downgraded it to 6.4-RELEASE-p7 and I no longer get the error. > > > > I downgraded another copy to 7.2-RELEASE (no patches) by copying the > > generic kernel off the CD. Still gets errors. > > > > Downgraded it to 7.0-RELEASE and the message stopped. > > > > I'm going to try going to 7.1 and see which behavior it has. > > > > Looks like there may have been a regression in 7.2 (or maybe 7.1 pending > > the results of my further testing) > > > > > > Jason Lewis wrote: > > > Did you try a check_state? I am using this same rule structure on BSD6 > > > without a problem. > > > > > > Thanks, > > > Jason > > > http://jasonlewis.yaritz.net > > > > > > > > > > Freddie Cash wrote: > > > > > > > > > On Thu, Oct 1, 2009 at 2:28 PM, Chris St Denis > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > Haven't gotten any response on -questions so trying here. I've also > > > > > > opened > > > > > > a PR (kern/139226) but it's gotten no replies so I figured I should > > > > > > try > > > > > > here > > > > > > since I'm not certain if it's a bug or not. Regardless I am hoping > > > > > > for > > > > > > at > > > > > > least a work-around -- a few extra rules or settings to keep my > > > > > > console > > > > > > from > > > > > > being flooded by errors. So far only option I found is commenting > > > > > > out > > > > > > the > > > > > > error display line in the kernel source which is far from optimal. > > > > > > > > > > > > I'm trying to setup a stateful firewall for my server such that any > > > > > > traffic > > > > > > can go out, and it's reply come back -- a fairly typical > > > > > > workstation > > > > > > setup. > > > > > > However I'm getting the error message "ipfw: install_state: entry > > > > > > already > > > > > > present, done" repeated many times in my logs (tho the rules seemed > > > > > > to > > > > > > work > > > > > > fine otherwise). > > > > > > > > > > > > I stripped down the rules to the minimum I could and discovered the > > > > > > line > > > > > > causing it is "allow udp from me to any keep-state". > > > > > > > > > > > > Only seems to happen when I have bind running as a slave dns server > > > > > > (not > > > > > > publicly listed, just the zone replication traffic causes the > > > > > > error) > > > > > > but I > > > > > > assume any other large source of UDP traffic would also do it. > > > > > > > > > > > > Full firewall rules: > > > > > > > > > > > > dns2# ipfw list > > > > > > 00100 allow ip from any to any via lo0 > > > > > > 00200 deny ip from any to 127.0.0.0/8 > > > > > > 00300 deny ip from 127.0.0.0/8 to any > > > > > > 00400 allow udp from me to any keep-state > > > > > > 65535 deny ip from any to any > > > > > > > > > > > > > > > > > > > > > > > > > > > > > If you add "out xmit em0" to the udp rule, do the errors stop > > > > > > > > > I added that and restarted bind (thus generating a bunch of UDP > > > > traffic) > > > > and the error still floods the console. > > > > > > > > Current rule set: > > > > 00100 allow ip from any to any via lo0 > > > > 00200 deny ip from any to 127.0.0.0/8 > > > > 00300 deny ip from 127.0.0.0/8 to any > > > > 00400 allow udp from me to any out xmit em0 keep-state > > > > 00500 allow ip from any to any > > > > 65535 deny ip from any to any > > > > > > > > _______________________________________________ > > > > freebsd-ipfw@freebsd.org mailing list > > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > > > > > > > > _______________________________________________ > > > freebsd-ipfw@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > > > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > > > > > > > > > -- > Chris St Denis > Programmer > SmarttNet (www.smartt.com) > Ph: 604-473-9700 Ext. 200 > ------------------------------------------- > "Smart Internet Solutions For Businesses" > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >