Graham Menhennitt <[EMAIL PROTECTED]> wrote: > I got the following output from "ipfw show" in my daily security run output > email. > > +++ /tmp/security.yri47lgA Mon Dec 12 03:01:45 2005 > +00522 3530 1204158 deny ip from 10.0.0.0/8 to any via sis1 > +02522 18 784 deny tcp from any to any in via sis1 setup > +65530 0 0 deny ip from any to any > +65535 2 688 deny ip from any to any > > Could somebody please explain to me how those packets got past rule 65530 to > be > stopped by (the identical) rule 65535?
In addition to the explanations already given, the above output from "ipfw show" could also be caused by a rule saying "skip 65535" somewhere. ;-) Of course, I assume that you wrote the whole rule set yourself, so you would be aware of such a skip rule. I just wanted to mention the possibility that rules need not be evaluated in strict numerical order. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "C++ is the only current language making COBOL look good." -- Bertrand Meyer _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
