Date: Wed, 13 Aug 2003 12:35:26 -0700 From: Mark Woodson <mwoodson@sricrm.com> To: <darryl@osborne-ind.com> Cc: freebsd-questions@freebsd.org Subject: Re: Blocking RIP requests on firewall Message-ID: <200308131235.26032.mwoodson@sricrm.com> In-Reply-To: <004801c361c8$8e8a5610$0701a8c0@darryl> References: <004801c361c8$8e8a5610$0701a8c0@darryl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 13 August 2003 11:27 am, Darryl Hoar wrote: > >-----Original Message----- > From: Mark Woodson [mailto:mwoodson@sricrm.com] > >Sent: Wednesday, August 13, 2003 11:54 AM > >To: darryl@osborne-ind.com > >Subject: Re: Blocking RIP requests on firewall > > > >On Wednesday 13 August 2003 07:53 am, Darryl Hoar wrote: > >> Greetings, > >> I have a FreeBSD 4.7S machine that is running > >> IPFilter and is configured as a firewall. > >> > >> My external interface is xl0. > >> I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 > >> reloaded the rules (by rebooting. I have it locked down). > >> it still generates log entries in my firewall_log file. > > > >Can you show an example of the log entry you're seeing? > > > >> block return-rst in log quick on xl0 proto tcp from any to any > >> block return-icmp-as-dest(port-unr) in log quick on xl0 > > > >proto udp from any > >to any > > > >> block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 > > > >if you change this to: > >block in quick on xl0 proto udp from any to any port = 520 > > > >You will drop any packet bound for port 520 without logging, > >not just ones from 10.0.0.1 > > > >> block in log quick on xl0 all > > > >The other entries have the log keyword so will be generating entries. > here's a couple of the entries: > > Aug 13 13:20:59 darryl ipmon[98]: 13:20:58.166238 xl0 @0:3 b > 10.0.0.1,router -> 10.0.0.255,router PR udp len 2 > 0 72 IN > Aug 13 13:21:28 darryl ipmon[98]: 13:21:28.164643 xl0 @0:3 b > 10.0.0.1,router -> 10.0.0.255,router PR udp len 2 > 0 72 IN I'm kind of at a loss, since it's using rule 3 (which appears to be the rule you've got to not log). What's the output of ipfstat -in (shows the input filter with line #'s). -Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308131235.26032.mwoodson>