Date: Thu, 13 Mar 2003 09:15:15 -0600 From: "Darryl Hoar" <darryl@osborne-ind.com> To: <freebsd-questions@freebsd.org> Subject: Firewall rules question Message-ID: <002501c2e973$5a7f2cb0$0701a8c0@darryl>
next in thread | raw e-mail | index | archive | help
Greeting, I have a box that is running 4.7-stable. I have it configured as a filewall, and does nat. recently, I've been getting Arplookup failure: 10.1.1.1 not on local network. I went into my rules and put a rule to block 10.x.x.x from coming into my network from my DSL link. Problem is , that even though I have defined the rule, I still get these arplookup failure messages. I thought the following rules would drop the private IP's and prevent the /kernel arplookup failure messages. I guess not. here are the rules: block in log quick on ed0 from 192.168.0.0/16 to any #RFC 1918 private IP block in log quick on ed0 from 172.16.0.0/12 to any #RFC 1918 private IP block in log quick on ed0 from 10.0.0.0/8 to any #RFC 1918 private IP block in log quick on ed0 from 127.0.0.0/8 to any #loopback block in log quick on ed0 from 0.0.0.0/8 to any #loopback block in log quick on ed0 from 169.254.0.0/16 to any #DHCP auto-config block in log quick on ed0 from 192.0.2.0/24 to any #reserved for doc's block in log quick on ed0 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on ed0 from 224.0.0.0/3 to any #Class D & E multicast Any ideas how to stop the insanity ? I've contacted the ISP and alerted them, but they have not got issue resolved. For goodness sake, I can even ping 10.1.1.1 over the dsl interface. thanks, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c2e973$5a7f2cb0$0701a8c0>