From owner-freebsd-questions Thu Mar 13 7:13:59 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D44637B401 for ; Thu, 13 Mar 2003 07:13:57 -0800 (PST) Received: from mail2.ruraltel.net (mail2.ruraltel.net [24.225.0.35]) by mx1.FreeBSD.org (Postfix) with SMTP id 3B24D43F3F for ; Thu, 13 Mar 2003 07:13:56 -0800 (PST) (envelope-from darryl@osborne-ind.com) Received: (qmail 3957 invoked by uid 204); 13 Mar 2003 15:13:53 -0000 Received: from darryl@osborne-ind.com by mail2.ruraltel.net by uid 201 with qmail-scanner-1.14 (F-PROT: 3.12spamassassin: 2.43. Clear:SA:0(0.8/5.0):. Processed in 0.533413 secs); 13 Mar 2003 15:13:53 -0000 X-Qmail-Scanner-Mail-From: darryl@osborne-ind.com via mail2.ruraltel.net X-Qmail-Scanner: 1.14 (Clear:SA:0(0.8/5.0):. Processed in 0.533413 secs) Received: from unknown (HELO darryl) (24.225.31.189) by 0 with SMTP; 13 Mar 2003 15:13:52 -0000 Reply-To: From: "Darryl Hoar" To: Subject: Firewall rules question Date: Thu, 13 Mar 2003 09:15:15 -0600 Message-ID: <002501c2e973$5a7f2cb0$0701a8c0@darryl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Importance: Normal X-Spam-Status: No, hits=0.8 required=5.0 tests=SPAM_PHRASE_00_01,USER_AGENT_OUTLOOK version=2.43 X-Spam-Level: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Greeting, I have a box that is running 4.7-stable. I have it configured as a filewall, and does nat. recently, I've been getting Arplookup failure: 10.1.1.1 not on local network. I went into my rules and put a rule to block 10.x.x.x from coming into my network from my DSL link. Problem is , that even though I have defined the rule, I still get these arplookup failure messages. I thought the following rules would drop the private IP's and prevent the /kernel arplookup failure messages. I guess not. here are the rules: block in log quick on ed0 from 192.168.0.0/16 to any  #RFC 1918 private IP block in log quick on ed0 from 172.16.0.0/12 to any   #RFC 1918 private IP block in log quick on ed0 from 10.0.0.0/8 to any      #RFC 1918 private IP block in log quick on ed0 from 127.0.0.0/8 to any     #loopback block in log quick on ed0 from 0.0.0.0/8 to any       #loopback block in log quick on ed0 from 169.254.0.0/16 to any  #DHCP auto-config block in log quick on ed0 from 192.0.2.0/24 to any    #reserved for doc's block in log quick on ed0 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on ed0 from 224.0.0.0/3 to any         #Class D & E multicast Any ideas how to stop the insanity ? I've contacted the ISP and alerted them, but they have not got issue resolved. For goodness sake, I can even ping 10.1.1.1 over the dsl interface. thanks, Darryl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message