Date: Wed, 30 Jan 2002 13:25:32 -0600 (CST) From: Bovine Unit #243 <bov243@yahoo.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: reset TCP in ipfw Message-ID: <Pine.BSF.4.43.0201301310490.55714-100000@kristen.shadowdale.net>
next in thread | raw e-mail | index | archive | help
I was looking through ipfw log this morning and saw the "reset tcp" rule in action. A flood of tcp packets from some Winblows app was bombarding to port 1214. Anyway, since it wasn't matched to any rules present, it came to the last two TCP rules I had: ... 10000 divert 6668 ip from any to any via fxp0 ... 49990 reset tcp log from any to any in recv fxp0 49999 deny tcp log from any to any in recv fxp0 Well, the problem with that reset is that it's being blocked by the very next rule. Dang! I did not know firewall would block its own action. Hmm... I thought about the fix. Well, I really don't want to have open ports out as the next rule since I want to catch any misbehaving Winblows' "ET phone home" programs. And the rule can't be moved to the beginning (or towards the beggining of the ruleset) since it's suppose to catch tcp packets that didn't get a match in the ruleset. Well, that's a bugger. What is the proper way to use the reset action? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.43.0201301310490.55714-100000>