From owner-freebsd-ipfw Thu Mar 9 22:46: 9 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id E8A6C37B6FA for ; Thu, 9 Mar 2000 22:46:06 -0800 (PST) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.199.76] (mheffner@mailandnews.com); Fri, 10 Mar 2000 01:46:02 -0500 X-WM-Posted-At: MailAndNews.com; Fri, 10 Mar 00 01:46:02 -0500 Content-Length: 913 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Fri, 10 Mar 2000 01:46:34 -0500 (EST) Reply-To: Mike Heffner From: Mike Heffner To: freebsd-ipfw@freebsd.org Subject: ipfw doesn't match when src == dest Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, When I recently redid my firewall, I wanted to block a strange packet from my cablemodem, Deny P:2 192.168.100.1 192.168.100.1 in via ed1 as you can see, the source equals the destination. When I installed the ipfw rule below, it wouldn't match the packet: 00146 0 0 deny log ip from 192.168.100.1 to 192.168.100.1 via ed1 But when I change the rule to this: 00146 0 0 deny log ip from 192.168.100.1 to any via ed1 it'll match the packet and deny it correctly. Has anyone else noticed this, or have I got this confused somehow? I'm planning to look into it a little further, but just wondered if anyone had any ideas offhand. Later, /**************************************** * Mike Heffner * * Fredericksburg, VA -- ICQ# 882073 * * Sent at: 10-Mar-2000 -- 01:37:17 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message