From owner-freebsd-security  Mon Feb 28 19:44: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id B834337B9E1
	for <freebsd-security@FreeBSD.ORG>; Mon, 28 Feb 2000 19:44:06 -0800 (PST)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id TAA29113;
	Mon, 28 Feb 2000 19:43:28 -0800
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda29111; Mon Feb 28 19:43:15 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id TAA03762;
	Mon, 28 Feb 2000 19:43:15 -0800 (PST)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdDz3760; Mon Feb 28 19:43:08 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.9.3/8.9.1) id TAA07654;
	Mon, 28 Feb 2000 19:43:08 -0800 (PST)
Message-Id: <200002290343.TAA07654@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdje7650; Mon Feb 28 19:42:42 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 3.4-RELEASE
X-Sender: cy
To: cjclark@home.com
Cc: Lev Serebryakov <lev@imc.macro.ru>,
	All <freebsd-security@FreeBSD.ORG>
Subject: Re: ipfw log accounting 
In-reply-to: Your message of "Mon, 28 Feb 2000 21:59:04 EST."
             <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 28 Feb 2000 19:42:42 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com>, 
"Crist J. Cl
ark" writes:
> On Tue, Feb 29, 2000 at 01:46:53AM +0300, Lev Serebryakov wrote:
> [snip]
> >   And one more question:
> >   How could I write rule, which skip all broadcast traffic? My
> >   computer is on big provider's net, and here is more than one
> >   broadcast address (many subnets on one wire)...
> 
> Never tried this and haven't glanced at the source to see if it has a
> chance of working, but _theoretically_ is there a reason that,
> 
>              deny ip from 0.0.0.255:0.0.0.255 to any
> 
> A "reversed" netmask won't work?

Been there done that.  This works using either IPFW or IP Filter, 
however you'll want to code it as the following, as the destination is 
the broadcast address:

	deny ip from any to 0.0.0.255:0.0.0.255

Or if you use IP Filter,

	block in on xl0 from any to 0.0.0.255:0.0.0.255


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message