IPFW Another line 65535 appeared (it wasn't there before the update)

[kerogaz]

65535 0 0 count ip from any to any not // orphaned dynamic states counter
65535 0 0 deny ip from any to any

 

[MG]

Not a lot of info. Ipfw? When did this happen?
Delete the line, reboot, and see it if happens again?

 

[Alain De Vos]

These line look ok me. Keep them

 

[fernandel]

I think it is the last of rules in ipfw.

 

[mer]

Without assuming anything, "update from what version to what version?"
Is this in ipfw show?

 

[kerogaz]

last lines of rules in ipfw.This line hasn't been there for 10 years, and now after updating the system it has appeared.

 

[kerogaz]

In /etc/rules these lines are not present at all. They appear only in "ipfw list". But before only one line "65535 0 0 deny ip from any to any" appeared

 

[kerogaz]

last of rules in ipfw.

 

[kerogaz]

Without assuming anything, "update from what version to what version?"
Is this in ipfw show?

15.0 may be from p3 to p4.
I just noticed this on p5

 

[mer]

15.0 may be from p3 to p4.
I just noticed this on p5

ok thanks. It just felt like the OP was missing context to me.

ipfw is "first match wins" if I recall correctly (pf is last match wins except for quick) so adding rules at the very end in ipfw are "catchall" and these specific rules are roughly "pf default deny" so a good thing.

As to why they got added on the update? I have no idea but can think "change of defaults"

 

[Харбин Хэйлунцзян]

65535 0 0 count ip from any to any not // orphaned dynamic states counter
65535 0 0 deny ip from any to any

That penultimate line appeared when I upgraded to the 15th. I thought they understand it better than I and forgot about it. If it niggles you just add this to your own rules:

65534 deny ip from any to any

It then will never get to 65535.