Hello List,
On a recent Stable 13 test host I, by accident, found that:
/sbin/ipfw -q add 0031 allow tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log tag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow log untag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state WORKS
/sbin/ipfw -q add 0031 allow untag 10 tcp from 192.168.64.0/24 to me
dst-port ssh in via igb3 setup keep-state DOES NOT WORK?
- A dynamic rule is created as per the rules that work.
- Packets are logged by a deny all rule which of course is never reached
by the rules that work.
Not a real issue for me but thought it worth noting.
Mik.
