From owner-freebsd-questions Sun Feb 20 13:55:36 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 5594737BFAD for ; Sun, 20 Feb 2000 13:55:33 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id QAA37081; Sun, 20 Feb 2000 16:53:08 -0500 (EST) (envelope-from cjc) Date: Sun, 20 Feb 2000 16:53:08 -0500 From: "Crist J. Clark" To: Jonathan Chen Cc: cjclark@home.com, Brian Gallucci , FreeBSD Subject: Re: IPFW Trouble Message-ID: <20000220165308.H36373@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <000501bf7bd8$a2c90a60$095aaed8@expnet.net> <20000220152945.B36373@cc942873-a.ewndsr1.nj.home.com> <20000221093118.D1528@jonc.logisticsoftware.co.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000221093118.D1528@jonc.logisticsoftware.co.nz>; from jonc@logisticsoftware.co.nz on Mon, Feb 21, 2000 at 09:31:18AM +1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Feb 21, 2000 at 09:31:18AM +1300, Jonathan Chen wrote: > On Sun, Feb 20, 2000 at 03:29:45PM -0500, Crist J. Clark wrote: > > > On Sun, Feb 20, 2000 at 11:28:16AM -0800, Brian Gallucci wrote: > > > I noticed a -1 Refused in our logging, What does this mean ? > > > > > > ipfw: 700 Deny UDP 10.1.1.1:137 216.174.90.90:137 in via fxp0 > > > ipfw: -1 Refuse TCP 195.36.173.44:1107 216.174.90.90:80 in via fxp0 > > > ^^^^^^^^^^^^^^^^^^^^^ > > > ipfw: 700 Deny UDP 10.0.0.4:137 216.174.90.90:137 in via fxp0 > > > ipfw: 700 Deny UDP 10.0.0.4:137 216.174.90.90:137 in via fxp0 > > > ipfw: -1 Refuse TCP 194.106.96.6:59409 216.174.90.90:80 in via fxp0 > > > ^^^^^^^^^^^^^^^^^^^^^^^ > > > ipfw: 4400 Deny TCP 24.147.67.6:3566 216.174.90.90:445 in via fxp0 > > > > > > Running FreeBSD 3.4 > > > > My guess is that rule 65535 is being printed as a 'short' rather than > > an 'unsigned short.' Those messages would not happen to be generated > > by a default deny? > > IIRC, the packet reject is generated by the "IP fragment with a > fragment offset of one"; which is always rejected (it's in the FINE > POINTS of the ipfw man-page). Looking at the source, there are several conditions that generate such a report when the packet is a "bogusfrag." The packet has been dropped by the firewall before it ever reached the user rules. I think this needs to be more clearly documented. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message