Date: Thu, 4 Sep 2003 11:47:53 -0700 From: Bill Fumerola <billf@FreeBSD.org> To: Sten Daniel S?rsdal <sten.daniel.sorsdal@wan.no> Cc: freebsd-ipfw@freebsd.org Subject: Re: verrevpath - denies local multicast. Is this intended? Message-ID: <20030904184753.GB57940@elvis.mu.org> In-Reply-To: <0AF1BBDF1218F14E9B4CCE414744E70F07DF28@exchange.wanglobal.net> References: <0AF1BBDF1218F14E9B4CCE414744E70F07DF28@exchange.wanglobal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 29, 2003 at 02:45:55PM +0200, Sten Daniel S?rsdal wrote: > > when using verrevpath it seems to drop local multicast packets suck as RIP2. > i use it as suggested; deny log ip from any to any not verrevpath > > logentry: > Aug 29 14:32:08 <security.info> fictious /kernel: ipfw: 1011 Deny UDP 80.86.140.54:520 224.0.0.9:520 in via fxp1 > > does this mean it should deny multicast and broadcasts or that it really should > verify that the multicast path is correct? i won't speak to what it should do, but... just add a specific rule before '1011' that allows rip2 traffic to that multicast addr. use 224.0.0.0/4 if you don't want to deal with it again. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030904184753.GB57940>