From nobody@FreeBSD.org  Sat Jul 13 11:10:27 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B9D0037B405
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Jul 2002 11:10:27 -0700 (PDT)
Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6B46543E42
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Jul 2002 11:10:27 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g6DIAROT011570
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Jul 2002 11:10:27 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.4/8.12.4/Submit) id g6DIARMi011569;
	Sat, 13 Jul 2002 11:10:27 -0700 (PDT)
Message-Id: <200207131810.g6DIARMi011569@www.freebsd.org>
Date: Sat, 13 Jul 2002 11:10:27 -0700 (PDT)
From: mike <lazybrain@rcn.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: stuck ipfw rule
X-Send-Pr-Version: www-1.0

>Number:         40530
>Category:       kern
>Synopsis:       stuck ipfw rule
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 13 11:20:01 PDT 2002
>Closed-Date:    Sat Jul 13 14:50:53 PDT 2002
>Last-Modified:  Sat Jul 13 14:50:53 PDT 2002
>Originator:     mike
>Release:        4.5
>Organization:
>Environment:
4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002     murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC  i386
>Description:
If i do ipfw flush there is still a rule left 65535 502  63182 deny ip from any to any

No matter what allow rules come before this it still blocks alot of traffic?

Before, when I did ipfw flush all rules would go away?

>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:

From: Pierre-Paul Lavoie <ppl@nbnet.nb.ca>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/40530: stuck ipfw rule
Date: Sat, 13 Jul 2002 16:52:39 -0300

 From ipfw(8) man page:
 
      A configuration always includes a DEFAULT rule (numbered 65535) which
      cannot be modified, and matches all packets.  The action associated with
      the default rule can be either deny or allow depending on how the kernel
      is configured.
 
 You might want to look at rc.conf(5) (firewall_type) aswell.
 
 ppl
 
 On Sat, Jul 13, 2002 at 11:10:27AM -0700, mike wrote:
 > If i do ipfw flush there is still a rule left 65535 502  63182
 > deny ip from any to any
 >
 > No matter what allow rules come before this it still blocks alot of traffic?
 >
 > Before, when I did ipfw flush all rules would go away?
State-Changed-From-To: open->feedback 
State-Changed-By: dwmalone 
State-Changed-When: Sat Jul 13 13:08:16 PDT 2002 
State-Changed-Why:  
I believe this is the default rule for ipfw being shown. 
If you would prefer the default rule to be deny, then you 
could compile your kernel with the IPFIREWALL_DEFAULT_TO_ACCEPT 
option (see /usr/src/sys/i386/conf/LINT). 

If this explains what you are seeing, then let me know and I 
will close this problem report. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=40530 
State-Changed-From-To: feedback->closed 
State-Changed-By: luigi 
State-Changed-When: Sat Jul 13 14:50:28 PDT 2002 
State-Changed-Why:  
the default rule (65535) cannot be removed or altered. 
This is the way ipfw works. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=40530 
>Unformatted:
