On Thu, Oct 12, 2000 at 04:13:31PM +0900, Jun Kuriyama wrote:

> Host A is my desktop box (-current), host B is NFS server (3-stable).
> Sometimes (at heavy load on NFS?), my access to NFS server is locked.
> At that time, following messages are logged.
> ipfw: -1 Refuse UDP hostB hostA in via fxp0 Fragment = 925
> I used ipfw with default accept but no rules.  I have not seen such
> message before.

To be perfectly honest I don't see what code path could cause this, if
it hits the default rule we jump out of ipfw right away:

        for (; chain; chain = LIST_NEXT(chain, chain)) {
                f = chain->rule;
                if (f->fw_number == IPFW_DEFAULT_RULE)
                    goto got_match ;
#if STATEFUL   /* stateful ipfw */
                 * If not a dynamic match (q == NULL) and keep-state, install
                 * a new dynamic entry.
                if (q == NULL && f->fw_flg & IP_FW_F_KEEP_S)
                *flow_id = chain ; /* XXX set flow id */
                /* Update statistics */
                f->fw_pcnt += 1;
                f->fw_bcnt += ip->ip_len;
                f->timestamp = time_second;

                /* Log to console if desired */
                if ((f->fw_flg & IP_FW_F_PRN) && fw_verbose)
                        ipfw_report(f, ip, rif, oif);

                /* Take appropriate action */
                switch (f->fw_flg & IP_FW_F_COMMAND) {
                case IP_FW_F_ACCEPT:

That's the entire codepath of a default rule hit. The message you're
seeing is from ipfw_report(), which shouldn't be called from the
default rule match either.

Bill Fumerola - Network Architect, BOFH / Chimes, Inc.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to