Date: Mon, 07 Jan 2002 02:19:15 -0700 From: "Joe Parks" <pleaseworky@hotmail.com> To: freebsd-questions@freebsd.org Subject: weird problems with ipfw rule not applying itself... Message-ID: <F190cCoF7D5YnYccyeE00018dfa@hotmail.com>
next in thread | raw e-mail | index | archive | help
I have a 4.4-RELEASE acting as a gateway. When I start out, my ruleset looks like this: gateway# ipfw show 00100 43866683 26545107129 allow ip from any to any 65535 0 0 deny ip from any to any Simple. Let everything through, and it works great. So then I decided to completely block UDP port 514 (syslogd), so I issued this command: ipfw add 00050 deny udp from any to any 514 So now my ruleset looks like this: gateway# ipfw show 00050 0 0 deny udp from any to any 514 00100 43866913 26545121843 allow ip from any to any 65535 0 0 deny ip from any to any So far, so good. The problem is, then I run `nmap` from an off network site, and nmap tells me that UDP 514 is _open_ (!) How can this be ? So I go back to the firewall and 'ipfw show' again, and I get: gateway# ipfw show 00050 5 140 deny udp from any to any 514 00100 43866913 26545121843 allow ip from any to any 65535 0 0 deny ip from any to any So as you can see, the counters for the UDP 514 rule were incremented and everything! So how come nmap still shows UDP 514 as "open" ? As a test, I closed some tcp ports with the exact same command (but with tcp, and port 443 this time) and nmap said those ports are filtered...so that works...and I also tried with udp port 161, but again, the rule is in, the rule counters even get incremented, but nmap still says the port is OPEN. How can this be ? any help appreciated - thanks! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F190cCoF7D5YnYccyeE00018dfa>