Date: Thu, 28 Jun 2001 11:52:47 -0400 (EDT) From: "Ian P. Thomas" <ipthomas_77@yahoo.com> To: freebsd-questions@freebsd.org Subject: firewall log output Message-ID: <200106281552.LAA06736@scraemondaemon.my.domain>
next in thread | raw e-mail | index | archive | help
After getting my Cable connection working I installed a firewall with IPFW. I have tinkered with the rules and it seems to work fine except for one small problem. I get these messages over and over again. ipfw: 65435 Deny P:2 192.168.100.1 224.0.0.1 in via fxp0 ipfw: 65435 Deny UDP 24.49.96.221:2301 255.255.255.255:2301 in via fxp0 ipfw: 65435 Deny UDP 24.49.96.221:2301 255.255.255.255:2301 in via fxp0 ipfw: 65435 Deny UDP 24.49.96.221:2301 255.255.255.255:2301 in via fxp0 I couldn't find much info on port 2301 and I'm not sure what P:2 is. Here are my rules. # set the firewall command fwcmd="/sbin/ipfw" # flush rules first $fwcmd -f flush # divert all packets to the fxp interface $fwcmd add divert natd all from any to any via fxp0 # allow any data from the localhost $fwcmd add allow ip from any to any via lo0 # allow any connections initiated by this host $fwcmd add allow tcp from any to any out xmit fxp0 setup # allow established connections to remain open $fwcmd add allow tcp from any to any via fxp0 established # reset ident packages, don't give out any info $fwcmd add reset log tcp from any to any 113 in recv fxp0 # allow DHCP packets in and out, not sure if there is a better way to do #this $fwcmd add allow udp from any to any 68,67 out xmit fxp0 $fwcmd add allow udp from any 68,67 to any in recv fxp0 # allow for active ftp sessions, problems getting ports without this $fwcmd add allow tcp from any to any 20 out xmit fxp0 $fwcmd add allow tcp from any 20 to any in recv fxp0 # allow outgoing requests to specific DNS servers $fwcmd add allow udp from any to any 53 out xmit fxp0 # allow responses to DNS requests $fwcmd add allow udp from any 53 to any in recv fxp0 # allow ping and traceroute $fwcmd add 65435 allow icmp from any to any # deny everything else $fwcmd add 65435 deny log ip from any to any Answers or links to further information are welcome. Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106281552.LAA06736>