ipfw final rule
Gary Aitken
freebsd at dreamchaser.org
Mon Jun 2 09:07:17 PDT 2003
I was considering turning on bridging, which requires the final ipfw
rule to be allow, not deny.
So I added a deny rule at 65534, but temporarily left the default deny
rule in place in the kernel.
Interestingly, my log shows the following:
> 65534 582 58547 deny ip from any to any
> 65535 3 234 deny ip from any to any
This looks like an impossible situation, since the last 3 should have been caug
ht by the previous rule.
I presume those last three denied packets are really not ip packets at all, but
some other packet like arp?
Gary
More information about the freebsd-questions
mailing list