Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Mar 2001 01:28:59 -0600 (CST)
From:      Chris Byrnes <chris@jeah.net>
To:        <cjclark@alum.mit.edu>
Cc:        Alan Batie <alan@batie.org>, <security@FreeBSD.ORG>
Subject:   Re: ipfw rule -1?
Message-ID:  <Pine.BSF.4.33.0103140128330.8348-100000@awww.jeah.net>
In-Reply-To: <20010313232014.B496@cjc-desktop.users.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
I think it'd be nice to see it in the manpage right underneath the "Fine
Point" you pasted.


+ Chris Byrnes, chris@JEAH.net
 + JEAH Communications
  + 1-866-AWW-JEAH (Toll-Free)


On Tue, 13 Mar 2001, Crist J. Clark wrote:

> On Tue, Mar 13, 2001 at 08:40:20AM -0800, Alan Batie wrote:
> > I'm seeing a few of these in my ipfw log and was wondering what rule -1 is?
> > I couldn't find anything about it in the man page...
> >
> > > ipfw: -1 Refuse TCP 62.29.124.91:20041 199.2.210.241:17227 in via etha16
> > > ipfw: -1 Refuse TCP 62.29.124.91:20041 199.2.210.241:17227 in via etha16
> > > ipfw: -1 Refuse TCP 62.29.124.91:20041 199.2.210.241:17227 in via etha16
> > > ipfw: -1 Refuse TCP 62.29.124.91:97 199.2.210.241:29540 in via etha16
> > > ipfw: -1 Refuse TCP 62.29.124.91:20041 199.2.210.241:17227 in via etha16
>
> The manpage does not go as far as to indicate that this is rule -1,
> but it does say this happens,
>
>   FINE POINTS
>        o   There is one kind of packet that the firewall will always discard,
>            that is a TCP packet's fragment with a fragment offset of one.  This
>            is a valid packet, but it only has one use, to try to circumvent
>            firewalls.
>
> Rule -1 is given for any packet dropped, but not dropped due to a user
> rule or the default rule. A quick look at the souce indicates the
> above pseudo-rule and some other fragment issues (bogusfrag) are the
> only such situations.
>
> OK, I've answered this one enough times now. Should I send in a PR
> with patch to the manpage or is this for the FAQ?
> --
> Crist J. Clark                           cjclark@alum.mit.edu
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103140128330.8348-100000>