IPFW Another line 65535 appeared (it wasn't there before the update)

kerogaz · 2026-04-18T12:50:02+0100

65535 0 0 count ip from any to any not // orphaned dynamic states counter
65535 0 0 deny ip from any to any

MG · 2026-04-18T13:54:05+0100

Not a lot of info. Ipfw? When did this happen?
Delete the line, reboot, and see it if happens again?

Alain De Vos · 2026-04-18T14:06:18+0100

These line look ok me. Keep them

fernandel · 2026-04-18T14:26:58+0100

I think it is the last of rules in ipfw.

mer · 2026-04-18T17:38:23+0100

Without assuming anything, "update from what version to what version?"
Is this in ipfw show?

kerogaz · 2026-04-18T20:40:47+0100

last lines of rules in ipfw.This line hasn't been there for 10 years, and now after updating the system it has appeared.

kerogaz · 2026-04-18T20:45:19+0100

In /etc/rules these lines are not present at all. They appear only in "ipfw list". But before only one line "65535 0 0 deny ip from any to any" appeared

kerogaz · 2026-04-18T21:30:03+0100

last of rules in ipfw.

kerogaz · 2026-04-18T21:32:30+0100

mer said:
Without assuming anything, "update from what version to what version?"
Is this in ipfw show?

15.0 may be from p3 to p4.
I just noticed this on p5

mer · 2026-04-18T21:44:08+0100

kerogaz said:
15.0 may be from p3 to p4.
I just noticed this on p5

ok thanks. It just felt like the OP was missing context to me.

ipfw is "first match wins" if I recall correctly (pf is last match wins except for quick) so adding rules at the very end in ipfw are "catchall" and these specific rules are roughly "pf default deny" so a good thing.

As to why they got added on the update? I have no idea but can think "change of defaults"