Only seeing incrementing counters on 'count' and not 'allow'
Justin G.
justin at ocis.net
Tue Apr 14 11:30:41 PDT 2009
Hello everyone,
We've got a 6.2-RELEASE box functioning as a gateway. Today we noticed
that, when we place allow rules (we were testing at rule numbers 1-5
to prevent any other matching rules) they weren't incrementing
properly, but when replaced with "count" rules that are identical,
they increment. The firewall is set to "OPEN" on the box and we're
using the default /etc/rc.firewall script without modifications.
Here's an example of what's going on:
--snip--
[root at gateway ~]# ipfw show | head -2
00002 0 0 allow ip from any to 10.10.0.75
00002 0 0 allow ip from 10.10.0.75 to any
[root at gateway ~]# ping 10.10.0.75
PING 10.10.0.75 (10.10.0.75): 56 data bytes
^C
--- 10.10.0.75 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
[root at gateway ~]# ipfw show | head -2
00002 0 0 allow ip from any to 10.10.0.75
00002 0 0 allow ip from 10.10.0.75 to any
[root at gateway ~]# ipfw add 1 count ip from any to 10.10.0.75
00001 count ip from any to 10.10.0.75
[root at gateway ~]# ping 10.10.0.75
PING 10.10.0.75 (10.10.0.75): 56 data bytes
^C
--- 10.10.0.75 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
[root at gateway ~]# ipfw show | head -3
00001 4 336 count ip from any to 10.10.0.75
00002 0 0 allow ip from any to 10.10.0.75
00002 0 0 allow ip from 10.10.0.75 to any
[root at gateway ~]#
--snip--
These are the firewall settings as defined in /etc/rc.conf:
--snip--
firewall_enable="YES"
firewall_logging="YES"
firewall_type="open"
--snip--
I've been puzzling over this all day and would appreciate any
direction provided :-)
Have a great day.
More information about the freebsd-ipfw
mailing list