Date: Tue, 24 Feb 2004 12:30:23 -0500 From: Barney Wolff <barney@databus.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. Message-ID: <20040224173023.GA94632@pit.databus.com> In-Reply-To: <200402241611.i1OGBMmY026274@soth.ventu> References: <200402241611.i1OGBMmY026274@soth.ventu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 24, 2004 at 05:11:22PM -0500, Andrea Venturoli wrote: > IMHO opinion wrong packets are arriving from the upstream router (for which it would be useless to ask for a fix), Your first three rules, before anything else, should be: allow ip from any to any via lo0 deny log logamount 1000 ip from any to 127.0.0.0/8 deny log logamount 1000 ip from 127.0.0.0/8 to any then see what ipfw says. Your ruleset does not block packets from 127 outbound. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040224173023.GA94632>