From owner-freebsd-stable Thu Apr 6 3: 4:41 2000 Delivered-To: freebsd-stable@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 99C9037C2D0 for ; Thu, 6 Apr 2000 03:04:22 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id KAA28026 for ; Thu, 6 Apr 2000 10:57:48 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id KAA06003 for ; Thu, 6 Apr 2000 10:14:00 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200004060914.KAA06003@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: freebsd-stable@FreeBSD.org Subject: funny firewall behaviour Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 06 Apr 2000 10:13:59 +0100 From: Brian Somers Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Has anyone got any idea why I'm seeing this ? > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185 > ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185 I've got an open firewall that defaults to open.... I expect it to let the fragments thorough - even if I haven't already received a header, but what's this rule -1 stuff ? FWIW, these fragments belong to a local tunnel setup... Thanks for any help. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message