From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 24 13:34:09 2005 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E380E16A4CE for ; Thu, 24 Mar 2005 13:34:09 +0000 (GMT) Received: from ene.asda.gr (ene.asda.gr [193.92.118.161]) by mx1.FreeBSD.org (Postfix) with ESMTP id 740F543D1D for ; Thu, 24 Mar 2005 13:34:09 +0000 (GMT) (envelope-from lefty@ene.asda.gr) Received: by ene.asda.gr (Postfix, from userid 127) id D23EE11416; Thu, 24 Mar 2005 15:34:07 +0200 (EET) Received: from ene.asda.gr (lefty.ene.asda.gr [193.92.118.162]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (Client CN "Lefteris Tsintjelis", Issuer "ASDA Root CA" (verified OK)) by ene.asda.gr (Postfix) with ESMTP id A76F611411 for ; Thu, 24 Mar 2005 15:34:04 +0200 (EET) Message-ID: <4242C1CA.2AF1BAAD@ene.asda.gr> Date: Thu, 24 Mar 2005 15:34:02 +0200 From: Lefteris Tsintjelis Organization: ASDA X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en,el MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=iso-8859-7 Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on ene.asda.gr Subject: Denied broadcast packets in same interface with antispoofing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2005 13:34:10 -0000 Why are broadcast packets originating from the same interface denied access? Is this normal behavior or am I missing something here? FreeBSD 5.4-PRERELEASE #0: Thu Mar 17 16:41:58 EET 2005 ${fwcmd} add 400 deny log ip from any to any not antispoof in rl2: flags=8843 mtu 1500 inet 192.168.0.97 netmask 0xffffffe0 broadcast 192.168.0.127 /var/log/security: ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.96 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.96 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.127 in via rl2 ipfw: 400 Deny ICMP:8.0 192.168.0.97 192.168.0.127 in via rl2 ipfw: 400 Deny UDP 192.168.0.97:123 192.168.0.127:123 in via rl2 Thanks in advance, Lefteris Tsintjelis