From owner-freebsd-security Thu Oct 15 04:15:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA07790 for freebsd-security-outgoing; Thu, 15 Oct 1998 04:15:06 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mcfs.whowhere.com (mcfs.whowhere.com [209.1.236.44]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id EAA07785 for ; Thu, 15 Oct 1998 04:15:05 -0700 (PDT) (envelope-from dish77@my-dejanews.com) Received: from Unknown/Local ([?.?.?.?]) by my-dejanews.com; Thu Oct 15 04:14:38 1998 To: freebsd-security@FreeBSD.ORG Date: Thu, 15 Oct 1998 04:14:38 -0700 From: "Dmitry Sergeev" Message-ID: Mime-Version: 1.0 X-Sent-Mail: on X-Mailer: MailCity Service Subject: Firewall log and setup X-Sender-Ip: 195.66.198.9 Organization: Deja News Mail (http://www.my-dejanews.com:80) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! When i have installed FreeBSD 2.2.7 my firewall become to log this packets..(see log below) When i worked with FreeBSD 2.2.5 everything was ok. These denied UDP packets come from root DNS servers which are listed in named.root Maybe someone comment this situation? What does Fragment = 34 mean? -------------------------- Here is a set of rules from my rc.firewall dns1=DNS server of my ISP rip=my IP $fwcmd add pass udp from ${dns1} to ${rip} 53 $fwcmd add pass udp from ${rip} 53 to any $fwcmd add pass udp from ${rip} to ${dns1} 53 $fwcmd add pass udp from ${dns1} 53 to any 1024-65535 in recv ${pppif} ----------------- Log 195.xxx.xxx.xxx it's my ip Oct 15 10:46:25 transe /kernel: ipfw: 5110 Deny UDP my_provider_dns 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:25 transe /kernel: ipfw: 5110 Deny UDP 192.5.5.241 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:27 myhost /kernel: ipfw: 5110 Deny UDP 128.9.0.107 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:30 myhost /kernel: ipfw: 5110 Deny UDP 192.33.4.12 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:32 myhost /kernel: ipfw: 5110 Deny UDP 128.9.0.107 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:32 myhost /kernel: ipfw: 5110 Deny UDP 198.32.64.12 195.xxx.xxx.xxx in via tun0 Fragment =34 Oct 15 10:46:34 myhost /kernel: ipfw: 5110 Deny UDP 192.203.230.10 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:39 myhost /kernel: ipfw:5110 Deny UDP 193.0.14.129 195.xxx.xxx.xxx in via tun0 Fragment = 34 Oct 15 10:46:40 myhost /kernel: ipfw: 5110 Deny UDP 128.8.10.90 195.xxx.xxx.xxx in via tun0 Fragment = 34 -----== Sent via Deja News, The Discussion Network ==----- http://www.dejanews.com/ Easy access to 50,000+ discussion forums To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message