On Thu, Mar 20, 2008 at 2:03 AM, Vadim Goncharov <[EMAIL PROTECTED]> wrote:
> This is behaviour of ipfw2 - options are independently ANDed. Thus, man page
> explicitly says:
>
> established
> Matches TCP packets that have the RST or ACK bits set.
>
> So, it is obvious that udp packet will not match and thus entire rule will
> not
> match.
Yeah, it's just weird that it lets you write a rule that will never match.
I'll have to fire up FreeBSD 4.11 (and possibly earlier with just
ipfw1) in a VM and check things there. I'm sure back in the 4.x days
that ipfw would error out if you wrote a UDP rule with TCP options at
the end, as that is what got me in the habit of writing separate UDP
and TCP rules.
Now that I found the { udp or tcp } syntax, I was rewriting some rules
on a test firewall and noticed that it would accept TCP option even if
udp was listed.
--
Freddie Cash
[EMAIL PROTECTED]
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
