Date: Sun, 30 Dec 2001 12:35:42 -0500 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "FBSD Questions" <questions@FreeBSD.ORG> Subject: IPFW Security log? Message-ID: <LPBBIGIAAKKEOEJOLEGOEEMOCKAA.barbish@a1poweruser.com>
next in thread | raw e-mail | index | archive | help
In my security log is see the following messages. I take it the 3300 is
the rule line that generated the message. As you ca see rule 3300 does not
have log option why is it being logged? I get a whole lot of these.
Rule 5000 is just like the default rule, but I added log so I can see
what is happening. I also have a lot of these. I have log limit set
to 50 so my log is not flooded.
I am using natd and 3300 is before the divert rule.
63.70.155.x is my ISP's dynamic address pool
Is this attack traffic?
/kernel: ipfw: 3300 Deny TCP 24.100.248.201:4957 63.70.155.125:21 in via
tun0
/kernel: ipfw: 3300 Deny TCP 61.13.119.100:1209 63.70.155.125:22 in via tun0
/kernel: ipfw: 3300 Deny TCP 61.13.119.100:1209 63.70.155.125:22 in via tun0
/kernel: ipfw: 5000 Deny UDP 208.206.15.4:520 63.70.155.114:520 in via tun0
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add 03300 deny ip from 0.0.0.0/8 to any via ${oif}
${fwcmd} add 03400 deny ip from 169.254.0.0/16 to any via ${oif}
${fwcmd} add 03500 deny ip from 192.0.2.0/24 to any via ${oif}
${fwcmd} add 03600 deny ip from 224.0.0.0/4 to any via ${oif}
${fwcmd} add 03700 deny ip from 240.0.0.0/4 to any via ${oif}
# Everything else is denied by default so I added this to log all defaulted
denies.
${fwcmd} add 05000 deny log logamount 50 ip from any to any
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LPBBIGIAAKKEOEJOLEGOEEMOCKAA.barbish>