Trond Endrestøl wrote:
On Mon, 12 Dec 2005 19:09+1100, Graham Menhennitt wrote:
The only explanation I have is that the packets arrived between the
time when the machine started accepting incoming packets and when
the rules were loaded in /etc/rc.d/ipfw.
You just explained this yourself.
One solution to this small problem could be to change part of the boot
sequence into this:
a. Create VLAN interfaces etc if configured, assign IP addresses to
each configured interface, but do not UP them.
b. Load the firewall rules, and optionally turn on forwarding.
c. Set all configured interfaces to UP.
One last question:
Why do you need rule 65530 when the built-in rule 65535 does the same
job?
Thanks Trond. You've confirmed what I suspected. I just wanted to be
sure that there wasn't something dodgy happening.
As James has already said, the extra rule is so that it doesn't matter
if the "default to accept" option is set or not. It would also handle
the case where I made a mistake and accidentally turned that option on,
or there was a bug in the kernel that made it the default. Just making sure.
Thanks,
Graham
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
