Ronan Lucio wrote:
I don't know how it's in ipfw, but ipf uses the last matching rule if no "quick" keyword is used.There are some kind of packets that isn�t IP packets. I don�t known exactly whichs, but a good read inman tcpdump man ipfw man bridge will make you make you undestand it better Ronan
less /etc/ipf.rules
--- BEGIN
block in all
block out all
pass in on xl0 from 10.0.0.0/24 to any
pass in quick on lo0 from 127.0.0.0/8 to 127.0.0.0/8
pass out quick on lo0 from 127.0.0.0/8 to 127.0.0.0/8
--- END
means: anything get's blocked except what's coming in on xl0 with ip 10.0.0.0/24 and what's going over the lo0 device using loopback addresses.
less /etc/ipf.rules
--- BEGIN
block in quick all
pass in on xl0 from 10.0.0.0/24 to any
--- END
will match anything at start and nothing gets in - never!
Jens
Here is the end of the output from 'ipfw show': 04000 0 0 deny log ip from any to any 65535 91 8227 deny ip from any to any Can anyone explain why the last rule is getting hit? I was under the impression that the rules are traversed in order, so 4000 should catch anything that -1 would. This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002 Thanks! -James -- James Pace <[EMAIL PROTECTED]> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the messageTo Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
--
L i W W W i Jens Rehsack
L W W W
L i W W W W i nnn gggg LiWing IT-Services
L i W W W W i n n g g
LLLL i W W i n n g g Friesenstra�e 2
gggg 06112 Halle
g
g g
Tel.: +49 - 3 45 - 5 17 05 91 ggg e-Mail: <[EMAIL PROTECTED]>
Fax: +49 - 3 45 - 5 17 05 92 http://www.liwing.de/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
