From owner-freebsd-questions@FreeBSD.ORG Sat Oct 9 02:33:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3DE716A4CE for ; Sat, 9 Oct 2004 02:33:29 +0000 (GMT) Received: from advmail.lsn.net (advmail.lsn.net [66.90.138.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F90443D39 for ; Sat, 9 Oct 2004 02:33:29 +0000 (GMT) (envelope-from norm@etherealconsulting.com) Received: from [127.0.0.1] (24-155-40-125.ip.grandenetworks.net [24.155.40.125]) by advmail.lsn.net (8.12.8/8.12.4) with ESMTP id i992XX0A031015 for ; Fri, 8 Oct 2004 21:33:37 -0500 Message-ID: <41674DF5.4010409@etherealconsulting.com> Date: Fri, 08 Oct 2004 21:33:25 -0500 From: Norm Vilmer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by Vexira Milter 1.0.6; VAE 6.28.0.3; VDF 6.28.0.9 Subject: Need help with IPFW rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Oct 2004 02:33:29 -0000 I get this message (below) on the console of my FreeBSD 4.10 firewall: Connection attempt to TCP :20388 from 61.151.248.42:80 flags 0x12 It appears that this is getting through the firewall and is logged to the console because log_in_vain is 1. Question: What IPFW rule would block this without interfering with normal http traffic on port 80 (I have Apache running on the box and nat'd machines on the inside interface that access the Internet)?