# [EMAIL PROTECTED] / 2002-12-17 18:37:34 -0800:
>
> Here is the end of the output from 'ipfw show':
>
> 04000 0 0 deny log ip from any to any
> 65535 91 8227 deny ip from any to any
>
> Can anyone explain why the last rule is getting hit? I was under the
> impression that the rules are traversed in order, so 4000 should catch
> anything that -1 would.
>
> This is FreeBSD 4.7-STABLE: Sun Nov 10 10:42:32 PST 2002
Isn't that packets that hit the interface after it came up, but
before the ruleset was loaded?
kernel loads -> ipfw add 65535 deny all from any to any
/etc/rc.network -> ifconfig ...
/etc/rc.network -> load the ipfw ruleset
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
