From owner-freebsd-security Thu Feb 24 9:22:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from Proxy.wertep.com (relay2.wertep.com [194.44.90.130]) by hub.freebsd.org (Postfix) with ESMTP id 2E47337BCEF for ; Thu, 24 Feb 2000 09:22:29 -0800 (PST) (envelope-from yuro@wertep.com) Received: from She.wertep.com (she-tun-proxy [192.168.252.2]) by Proxy.wertep.com (8.9.3/8.9.3) with ESMTP id TAA69880; Thu, 24 Feb 2000 19:22:22 +0200 (EET) (envelope-from yuro@wertep.com) Received: from localhost (yuro@localhost) by She.wertep.com (8.9.3/8.9.3) with ESMTP id TAA02688; Thu, 24 Feb 2000 19:22:22 +0200 (EET) (envelope-from yuro@wertep.com) Date: Thu, 24 Feb 2000 19:22:22 +0200 (EET) From: Hupalo Yurij To: Alexander Karptsov Cc: freebsd-security@FreeBSD.ORG Subject: Re: mysterious behaviour of the ipfw ... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, update ipfw to kernel version... maybe ipfw is out of the date... On Thu, 24 Feb 2000, Alexander Karptsov wrote: > Hi ! > > My perl script, which gets counters' statistics from "ipfw show |", > mysteriously warns me from time to time. When I added debug mode to it > I saw next (please note: my ipfw begins with rule number 100 > and ip number 10/8): > > ---begin--- > > ipfw: impossible > 00000 72058736529113354 18446744073709551615 deny ip from 56.2.0.0:25.0.0.0 to any tcpflg fin > 00000 856036610469789962 18446744073709551615 deny ip from 57.2.0.0:25.0.0.0 to any tcpflg fin > 00000 72057637017485578 18446744073709551615 deny ip from 58.2.0.0:110.0.0.0 to any tcpflg fin > 00000 72058736529113354 18446744073709551615 deny ip from 59.2.0.0:110.0.0.0 to any tcpflg fin > 00000 856036610469789962 18446744073709551615 deny ip from 60.2.0.0:110.0.0.0 to any tcpflg fin > 00000 29884682 4294967295 deny ip from any to any tcpflg fin > 00000 29884682 4294967295 deny ip from any to any tcpflg fin > 00000 18446744069414584320 18446744073709551615 deny ip from 63.2.0.0:68.0.67.0 to any > 00000 0 0 deny ip from any to any tcpflg fin > 00000 0 0 deny ip from any to any tcpflg fin > 00000 0 0 deny ip from any to any > 00000 199311555 4294967295 deny ip from any to any > 00000 0 0 deny ip from 233.253.0.0:80.0.0.0 to any tcpflg fin > 00000 0 0 deny ip from 234.253.0.0:80.0.0.0 to any tcpflg fin > 00000 0 0 deny ip from any to any > 00115 0 0 skipto 65000 tcp from 10.0.1.1 to 10.1.0.1 110 in recv fxp1 > 00117 3732 392720 count ip from 10.0.1.1 to any in recv fxp1 > 00118 3732 392720 skipto 65000 ip from 10.0.1.1 to any in recv fxp1 > > .... > > 53625 0 0 deny ip from 164.129.1.0:157.45.0.0 to any ipopt !ssrr,!rr tcpflg fin,syn > 00000 424016351330304 58304181043200 > > ----end----- > > line 115 is first from my rules which left (100..114 disappeared), > and rules from 65000 and below also disappeared. > > > Can anyone comments this ? Thanks. > > P.S. > $uname -sr > FreeBSD 3.4-19991223-STABLE > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message