From owner-freebsd-ipfw@FreeBSD.ORG Fri Jun 18 15:02:16 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E24DB16A4CE for ; Fri, 18 Jun 2004 15:02:16 +0000 (GMT) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7617D43D31 for ; Fri, 18 Jun 2004 15:02:16 +0000 (GMT) (envelope-from nullentropy@lineone.net) Received: from [192.168.1.102] (orbital.gotadsl.co.uk [81.6.215.230]) by smtp.nildram.co.uk (Postfix) with ESMTP id C7AC42511C9 for ; Fri, 18 Jun 2004 15:53:30 +0100 (BST) Message-ID: <40D301EA.3080606@lineone.net> Date: Fri, 18 Jun 2004 15:53:30 +0100 From: Robert Downes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 X-Accept-Language: en, fr, en-us MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Blocked outbound traffic - what is it? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jun 2004 15:02:17 -0000 Having set up IPFW for NAT + stateful rules (as posted to this list recently, using skipto rules), my firewall setup seems to be doing a good job. GRC.COM reports all service ports as stealthed, and I seem to have no problem browsing web pages, checking mail, etc. But calling ` /var/log/security | grep out` gives a lot of reports of blocked outbound traffic to port 80 on legitimate websites. And occassionally to port 110 on legitimate mail servers. Seeing as I'm not having a problem with web browsing, and my mail *seems* to be collected without complaint from the client, why is so much outbound traffic being blocked? What are these packets doing to offend the IPFW ruleset? -- Bob