Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Oct 1998 04:14:38 -0700
From:      "Dmitry Sergeev" <dish77@my-dejanews.com>
To:        freebsd-security@FreeBSD.ORG
Subject:   Firewall log and setup
Message-ID:  <PBMKMEPGHAKDCAAA@my-dejanews.com>
next in thread | raw e-mail | index | archive | help 

Hi!
When i have installed FreeBSD 2.2.7 my firewall become to log this packets..(see log below)
When i worked with FreeBSD 2.2.5 everything was ok. These denied UDP packets
come from root DNS servers which are listed in named.root

Maybe someone comment this situation?
What does Fragment = 34 mean?

--------------------------

Here is a set of rules from my rc.firewall
dns1=DNS server of my ISP
rip=my IP
        $fwcmd add pass udp from ${dns1} to ${rip} 53
        $fwcmd add pass udp from ${rip} 53 to any
        $fwcmd add pass udp from ${rip} to ${dns1} 53
        $fwcmd add pass udp from ${dns1} 53 to any 1024-65535 in recv ${pppif}

-----------------
Log

195.xxx.xxx.xxx it's my ip

Oct 15 10:46:25 transe /kernel: ipfw: 5110 Deny UDP my_provider_dns 195.xxx.xxx.xxx in via tun0 Fragment = 34  
Oct 15 10:46:25 transe /kernel: ipfw: 5110 Deny UDP 192.5.5.241 195.xxx.xxx.xxx
in via tun0 Fragment = 34  
Oct 15 10:46:27 myhost /kernel: ipfw: 5110 Deny UDP 128.9.0.107 195.xxx.xxx.xxx
in via tun0 Fragment = 34 
Oct 15 10:46:30 myhost /kernel: ipfw: 5110 Deny UDP 192.33.4.12 195.xxx.xxx.xxx
in via tun0 Fragment = 34 
Oct 15 10:46:32 myhost /kernel: ipfw: 5110 Deny UDP 128.9.0.107 195.xxx.xxx.xxx in
via tun0 Fragment = 34  
Oct 15 10:46:32 myhost /kernel: ipfw: 5110 Deny UDP 198.32.64.12 195.xxx.xxx.xxx
in via tun0 Fragment =34  
Oct 15 10:46:34 myhost /kernel: ipfw: 5110 Deny UDP 192.203.230.10 195.xxx.xxx.xxx
in via tun0 Fragment = 34  
Oct 15 10:46:39 myhost /kernel: ipfw:5110 Deny UDP 193.0.14.129 195.xxx.xxx.xxx in
via tun0 Fragment = 34 
Oct 15 10:46:40 myhost /kernel: ipfw: 5110 Deny UDP 128.8.10.90 195.xxx.xxx.xxx in
via tun0 Fragment = 34



-----== Sent via Deja News, The Discussion Network ==-----
http://www.dejanews.com/  Easy access to 50,000+ discussion forums

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?PBMKMEPGHAKDCAAA>