From owner-freebsd-security  Mon Feb  8 06:01:15 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA08016
          for freebsd-security-outgoing; Mon, 8 Feb 1999 06:01:15 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id GAA08004
          for <security@FreeBSD.ORG>; Mon, 8 Feb 1999 06:01:13 -0800 (PST)
          (envelope-from cjohnson@palomine.net)
Received: (qmail 3445 invoked by uid 1000); 8 Feb 1999 14:01:11 -0000
Date: Mon, 8 Feb 1999 09:01:11 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Matt Behrens <matt@zigg.com>
Cc: security@FreeBSD.ORG
Subject: Re: bypassing "allow ip from any to any"?
Message-ID: <19990208090111.A3398@palomine.net>
References: <Pine.BSF.4.05.9902080820170.2539-100000@megaweapon.zigg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.1i
In-Reply-To: <Pine.BSF.4.05.9902080820170.2539-100000@megaweapon.zigg.com>; from Matt Behrens on Mon, Feb 08, 1999 at 08:23:51AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Feb 08, 1999 at 08:23:51AM -0500, Matt Behrens wrote:
> I rebooted one of my boxes 24 hours ago.  I run the "open" firewall
> set with ppp -alias (as an on-demand packet filter, I know, I should
> do better) ;) but saw something strange in last night's security
> check.
> 
> Rule 65000 clearly states
> 
> 	65000 allow ip from any to any
> 
> yet this came across in my logs last night:
> 
> xxx.xxx.xxx denied packets:
> > 65535      2       139 deny ip from any to any
> 
> I don't see how it could, unless someone was fudging with my ipfw
> config.  Or do I just not know something?  (I do run options NETATALK
> here, could that somehow have snuck in?)

I'd guess that the denied packets came in during boot-up, after your network
interface came up but before your firewall rules were in place.

Chris

> 
> - Matt Behrens <matt@zigg.com>
>   Network Administrator, zigg.com <http://www.zigg.com/>
>   Engineer, Nameless IRC Network <http://www.nameless.net/>
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message