From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 18:12:57 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B3D937B401 for ; Wed, 13 Aug 2003 18:12:57 -0700 (PDT) Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9245343FB1 for ; Wed, 13 Aug 2003 18:12:54 -0700 (PDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (be-well.no-ip.com[66.30.200.37]) by comcast.net (sccrmhc13) with ESMTP id <20030814011251016008fskke>; Thu, 14 Aug 2003 01:12:51 +0000 Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [66.30.200.37] (may be forged)) by be-well.ilk.org (8.12.9/8.12.9) with ESMTP id h7E1ClMe006108; Wed, 13 Aug 2003 21:12:47 -0400 (EDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.9/8.12.6/Submit) id h7E1CklJ006105; Wed, 13 Aug 2003 21:12:46 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f Sender: lowell@be-well.no-ip.com To: darryl@osborne-ind.com References: <004701c361c8$354a96a0$0701a8c0@darryl> From: Lowell Gilbert Date: 13 Aug 2003 21:12:46 -0400 In-Reply-To: <004701c361c8$354a96a0$0701a8c0@darryl> Message-ID: <44r83p59f5.fsf@be-well.ilk.org> Lines: 37 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii cc: freebsd-questions@freebsd.org Subject: Re: Blocking RIP requests on firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2003 01:12:57 -0000 ...top-post ,please don't "Darryl Hoar" writes: > Yes, > 10.0.0.1 is the SMC ADSL modem (external). > It is running DHCP and assigns the ip > to my firewall. > > -ISP's DSL Line - ADSL Modem - Firewall - LAN Then the packets *aren't* being sourced from 10.0.0.1; that's just the last router that passed them along. I think you want to say "any" instead of that IP address. > -Darryl > > >-----Original Message----- > >From: lowell@be-well.no-ip.com [mailto:lowell@be-well.no-ip.com]On > >Behalf Of Lowell Gilbert > >Sent: Wednesday, August 13, 2003 12:51 PM > >To: darryl@osborne-ind.com > >Cc: freebsd-questions@freebsd.org > >Subject: Re: Blocking RIP requests on firewall > > > > > >"Darryl Hoar" writes: > > > >> Greetings, > >> I have a FreeBSD 4.7S machine that is running > >> IPFilter and is configured as a firewall. > >> > >> My external interface is xl0. > >> > >> I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 > > > >All of the packets are coming from 10.0.0.1?