Date: Thu, 21 Oct 1999 13:44:51 -0700 (PDT) From: Doug Barton <Doug@gorean.org> To: daniel B <danielb@pacex.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw dny ip from any to any Message-ID: <Pine.BSF.4.10.9910211342160.51282-100000@dt050n71.san.rr.com> In-Reply-To: <Pine.BSF.4.10.9910211227320.17454-100000@almazs.pacex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 21 Oct 1999, daniel B wrote:
> Hi folks;
>
> I want to log all denied packets in ipfw and I used
> 65534 add deny log all from any to any
> this should 'bypass' the las rule
> 65535 deny all from any to any
>
> but it doen't! I still see denied packet on the last rule when I do
> ipfw sh
>
> What to do now?
I bet that the amount of packets is always constant, right? Try
doing 'ipfw -a l' once a day for a few days. The number should always be
the same. This represents the number of packets that cross the interface
before your firewall rules are loaded by the init process.
If it turns out that the number does grow, then we have a bug
somewhere and we need to track it down.
Good luck,
Doug
--
"Stop it, I'm gettin' misty."
- Mel Gibson as Porter, "Payback"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910211342160.51282-100000>