Date: Mon, 8 Feb 1999 09:01:11 -0500 From: Chris Johnson <cjohnson@palomine.net> To: Matt Behrens <matt@zigg.com> Cc: security@FreeBSD.ORG Subject: Re: bypassing "allow ip from any to any"? Message-ID: <19990208090111.A3398@palomine.net> In-Reply-To: <Pine.BSF.4.05.9902080820170.2539-100000@megaweapon.zigg.com>; from Matt Behrens on Mon, Feb 08, 1999 at 08:23:51AM -0500 References: <Pine.BSF.4.05.9902080820170.2539-100000@megaweapon.zigg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 08, 1999 at 08:23:51AM -0500, Matt Behrens wrote: > I rebooted one of my boxes 24 hours ago. I run the "open" firewall > set with ppp -alias (as an on-demand packet filter, I know, I should > do better) ;) but saw something strange in last night's security > check. > > Rule 65000 clearly states > > 65000 allow ip from any to any > > yet this came across in my logs last night: > > xxx.xxx.xxx denied packets: > > 65535 2 139 deny ip from any to any > > I don't see how it could, unless someone was fudging with my ipfw > config. Or do I just not know something? (I do run options NETATALK > here, could that somehow have snuck in?) I'd guess that the denied packets came in during boot-up, after your network interface came up but before your firewall rules were in place. Chris > > - Matt Behrens <matt@zigg.com> > Network Administrator, zigg.com <http://www.zigg.com/> > Engineer, Nameless IRC Network <http://www.nameless.net/> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990208090111.A3398>