Date: Tue, 14 Dec 1999 23:23:04 +0900 From: "Kayo" <mimiandi@bh.mbn.or.jp> To: <freebsd-questions@freebsd.org> Subject: ipfw help ? Message-ID: <000f01bf463e$bcda4100$0301010a@kayo>
next in thread | raw e-mail | index | archive | help
hi,
ipfw: 31 Accept UDP *.*.233.189:53 *.*.*.3:1024 in via fxp0
Recently, I have installed ipfw and noticed above in my log.
*.*.*.3 is my dns as well as Firewall to my network.
*.*.233.189 some machine somewhere (not my network)
My logs shows that not only *.*.233.189 but many other hosts are
sending packets from their port 53 to my dns machine port
1024. As I referred to the /etc/services, from 1024 to
49151 is registered ports. (Used by portmaps? )
In my firewall rules, I blocked all the registered ports except for
above as I didn't mind anyone querying my dns. But,
shouldn't it be talking to port tcp 53 or udp 53 or use dynamic ports?
Also, how are registered ports used?
One more thing, my log also shows that someone is using private
IPs as shown below.
ipfw: 3 Deny TCP 10.17.201.30:46806 *.*.*.36:80 in via fxp0
ipfw: 5 Deny TCP 172.16.1.2:63533 *.*.*.11:80 in via fxp0
Is there anything else I can do besides dropping these packets?
Thanks in advance.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01bf463e$bcda4100$0301010a>