From owner-freebsd-questions@FreeBSD.ORG Thu Oct 18 15:39:58 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F52016A418 for ; Thu, 18 Oct 2007 15:39:58 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from mail-in03.adhost.com (mail-in03.adhost.com [216.211.128.143]) by mx1.freebsd.org (Postfix) with ESMTP id 7170213C45B for ; Thu, 18 Oct 2007 15:39:58 +0000 (UTC) (envelope-from mksmith@adhost.com) Received: from ad-exh01.adhost.lan (unknown [216.211.143.69]) by mail-in03.adhost.com (Postfix) with ESMTP id 1C5A3119C94; Thu, 18 Oct 2007 08:39:58 -0700 (PDT) (envelope-from mksmith@adhost.com) X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 18 Oct 2007 08:39:56 -0700 Message-ID: <17838240D9A5544AAA5FF95F8D5203160297F7BC@ad-exh01.adhost.lan> In-Reply-To: <200710181829.48220.nvass@teledomenet.gr> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Odd PF Denied Message Thread-Index: AcgRnGpMb9V0zQF4S6WzlAWxpi8i8gAAJJgA References: <17838240D9A5544AAA5FF95F8D5203160297F7B3@ad-exh01.adhost.lan> <200710181829.48220.nvass@teledomenet.gr> From: "Michael K. Smith - Adhost" To: "Nikos Vassiliadis" , Cc: Subject: RE: Odd PF Denied Message X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Oct 2007 15:39:58 -0000 Hello Nikos: > -----Original Message----- > From: Nikos Vassiliadis [mailto:nvass@teledomenet.gr] > Sent: Thursday, October 18, 2007 9:30 AM > To: freebsd-questions@freebsd.org > Cc: Michael K. Smith - Adhost > Subject: Re: Odd PF Denied Message >=20 > On Thursday 18 October 2007 17:59:49 Michael K. Smith - Adhost wrote: > > Hello All: > > > > We're getting a ton of these. > > > > +Connection attempt to TCP 127.0.0.1:113 from 127.0.0.1:52655 > flags:0x02 >=20 > This doesn't look like a pf(4) message. This looks like > sysctl net.inet.tcp.log_in_vain is 1. It logs every connection > attempt to a non-listening TCP port. >=20 > > > > We've basically allowed all traffic to and from 127.0.0.1 in our > > ruleset, but nothing seems to work. Does anyone have a magic bullet > to > > make this go away? >=20 > Yes, set the afore-mentioned sysctl to 0. Thank you for the clue! We are using log in vain as part of our security logging for this particular box, but this is the only message I've ever seen so I'm not sure it's really needed. Regards, Mike