Re: some ipfw filter does not function under Release 6.3

2008-11-16 Thread Ian Smith
On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: I think this is a bug in ipfw because after change the rule order, the problem persists: 0056626 3090 deny ip from 221.192.199.36 to any 65330 2018 983473 allow tcp from any to any established 65535 00

Re: some ipfw filter does not function under Release 6.3

2008-11-16 Thread Jin Guojun[VFF]
Ian Smith wrote: On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: I think this is a bug in ipfw because after change the rule order, the problem persists: 0056626 3090 deny ip from 221.192.199.36 to any 65330 2018 983473 allow tcp from any to any established 65535

Re: some ipfw filter does not function under Release 6.3

2008-11-16 Thread Ian Smith
On Sun, 16 Nov 2008, Jin Guojun[VFF] wrote: Ian Smith wrote: On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: I think this is a bug in ipfw because after change the rule order, the problem persists: 0056626 3090 deny ip from 221.192.199.36 to any 65330

Re: some ipfw filter does not function under Release 6.3

2008-11-16 Thread Jin Guojun[VFF]
Ian Smith wrote: On Sun, 16 Nov 2008, Jin Guojun[VFF] wrote: Ian Smith wrote: On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: I think this is a bug in ipfw because after change the rule order, the problem persists: 0056626 3090 deny ip from 221.192.199.36 to any

some ipfw filter does not function under Release 6.3

2008-11-15 Thread Jin Guojun[VFF]
Below is set of ipfw rules, but it seems that not all rules are functioning properly. From rule 361 to first two of rule 567 are not blocking any traffic and not measuring any traffic. Is this bacuse tcp rule )330) can overwrite the ip rule? or this is a known issue in R-6.3? The second and

Re: some ipfw filter does not function under Release 6.3

2008-11-15 Thread Erik Trulsson
On Sat, Nov 15, 2008 at 01:38:02PM -0800, Jin Guojun[VFF] wrote: Below is set of ipfw rules, but it seems that not all rules are functioning properly. From rule 361 to first two of rule 567 are not blocking any traffic and not measuring any traffic. Is this bacuse tcp rule )330) can

Re: some ipfw filter does not function under Release 6.3

2008-11-15 Thread Jin Guojun[VFF]
But the rule 330 should only allow established TCP pass through. In other words, Sync should NOT allowed by rule 330, or I missed something for this rule? Erik Trulsson wrote: On Sat, Nov 15, 2008 at 01:38:02PM -0800, Jin Guojun[VFF] wrote: Below is set of ipfw rules, but it

Re: some ipfw filter does not function under Release 6.3

2008-11-15 Thread Jin Guojun[VFF]
I think this is a bug in ipfw because after change the rule order, the problem persists: 0056626 3090 deny ip from 221.192.199.36 to any 65330 2018 983473 allow tcp from any to any established 65535 00 deny ip from any to any 15:47:21.238720 IP