From owner-freebsd-questions  Thu Jan 31 21:30:48 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id E8DA637B400
	for <freebsd-questions@freebsd.org>; Thu, 31 Jan 2002 21:30:46 -0800 (PST)
Received: from user-33qtmu3.dsl.mindspring.com ([199.174.219.195] helo=gohan.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16WWHb-0003ui-00; Thu, 31 Jan 2002 21:30:45 -0800
Received: (from cjc@localhost)
	by gohan.cjclark.org (8.11.6/8.11.1) id g115UUa82196;
	Thu, 31 Jan 2002 21:30:30 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 31 Jan 2002 21:30:29 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Bovine Unit #243 <bov243@yahoo.com>
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG>
Subject: Re: reset TCP in ipfw
Message-ID: <20020131213029.I152@gohan.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.43.0201301310490.55714-100000@kristen.shadowdale.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.43.0201301310490.55714-100000@kristen.shadowdale.net>; from bov243@yahoo.com on Wed, Jan 30, 2002 at 01:25:32PM -0600
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Jan 30, 2002 at 01:25:32PM -0600, Bovine Unit #243 wrote:
> I was looking through ipfw log this morning and saw the "reset tcp" rule
> in action. A flood of tcp packets from some Winblows app was bombarding to
> port 1214. Anyway, since it wasn't matched to any rules present, it came
> to the last two TCP rules I had:
> 
> ...
> 10000 divert 6668 ip from any to any via fxp0
> ...
> 49990 reset tcp log from any to any in recv fxp0
> 49999 deny  tcp log from any to any in recv fxp0
> 
> Well, the problem with that reset is that it's being blocked by the very
> next rule. Dang! I did not know firewall would block its own action.
> Hmm...

Hmmm? How is the firewall blocking its own action? I'm not sure if you
are interpreting your logs correctly. I don't see how anything could
ever match rule 49999.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message