On Sun, Aug 15, 2004 at 11:31:07AM -0700, Fargo Holiday wrote: > > cramster# ipfw show > 00050 14819576 8458459132 divert 8668 ip from any to any via dc0 > 00100 250 32470 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 44478701 31835950367 allow ip from any to any > 65100 0 0 pipe 1 ip from 10.0.0.8 to any > 65200 0 0 pipe 2 ip from any to 10.0.0.8 > 65535 0 0 deny ip from any to any
man ipfw will point out that the first allow or deny that "hits" terminates rule processing. Perhaps you're more familiar with other firewalls, where this sensible design is not the normal case. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
