From owner-freebsd-questions  Fri Jun 29 17:55:29 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from blueyonder.co.uk (pcow028o.blueyonder.co.uk [195.188.53.124])
	by hub.freebsd.org (Postfix) with ESMTP id C580137B401
	for <questions@freebsd.org>; Fri, 29 Jun 2001 17:55:25 -0700 (PDT)
	(envelope-from jfm@blueyonder.co.uk)
Received: from lexx.my.domain ([62.31.194.122]) by blueyonder.co.uk  with Microsoft SMTPSVC(5.5.1877.687.68);
	 Sat, 30 Jun 2001 01:57:36 +0100
From: John Murphy <jfm@blueyonder.co.uk>
To: "Ian P. Thomas" <ipthomas_77@yahoo.com>
Cc: questions@FreeBSD.ORG
Subject: Re: firewall log output
Date: Sat, 30 Jun 2001 01:55:13 +0100
Organization: poor
Reply-To: jfm@blueyonder.co.uk
Message-ID: <ba7qjtk3g9p7ol9f258s81t7s87vs8s63v@4ax.com>
References: <ne5pjt0gsm9e6cg2q0fdaj63i1tgcifn80@4ax.com> <200106292300.TAA00818@scraemondaemon.my.domain>
In-Reply-To: <200106292300.TAA00818@scraemondaemon.my.domain>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Ian P. Thomas" <ipthomas_77@yahoo.com> wrote:

>	You're right, it is a Motorola Surfboard.  Any way to turn it off?  It
>fills up my log and I have to reset it to zero.  This last message is =
the
>only other one I see.  I get three in a row and then the Surfboard trys =
to
>call ALL-SYSTEMS.
>
>ipfw: 65435 Deny UDP 24.49.96.10:2301 255.255.255.255:2301 in via fxp0
>
>	It's a UDP but the originating IP isn't mine and 2301 isn't listed
>online or in /etc/services.  Am I right in thinking that the
>255.xxx.xxx.xxx is the entire subnet for all cable modem users in my =
area
>and that this UDP packet is being sent to all of them?

The 255.255.255.255 address looks more like a subnet mask or a broadcast
address and seems to originate from someone on the same class C as you.

I use IPFilter myself so I can't say how you would stop them filling
your ipfw log.  I use the following to block without logging the
packets from the modem:
block in quick on ed0 from 192.168.100.1/32 to 224.0.0.1/32
or
block in log quick on ed0 from 192.168.100.1/32 to 224.0.0.1/32
if I wanted to log them.

IPFilter rules ;)
John.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message