From owner-freebsd-security  Tue Feb 29  2:45:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from scylla.sovam.com (scylla.sovam.com [194.67.2.97])
	by hub.freebsd.org (Postfix) with SMTP id 7BC0A37BABC
	for <freebsd-security@FreeBSD.ORG>; Tue, 29 Feb 2000 02:45:27 -0800 (PST)
	(envelope-from sergey@GLB.NET)
Received: from SPARC.GLB.NET (glb.net) by scylla.sovam.com with SMTP id AA23260
  (5.67b8s3p1/IDA-1.5); Tue, 29 Feb 2000 13:48:37 +0300
Received: GLOBALNET_ISP   from sergey@GLB.NET (dima.glb.net [192.168.0.1])
        by GLB.NET INTERNET SERVER 2000(GLOBALNET-ISP) with ESMTP id PAA24806;
	Tue, 29 Feb 2000 15:39:51 +0500 (UZT)
	(envelope-from sergey@GLB.NET)
Date: Tue, 29 Feb 2000 15:39:51 +0500 (UZT)
From: "Sergey V. Kart" <sergey@GLB.NET>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	cjclark@home.com, Lev Serebryakov <lev@imc.macro.ru>,
	All <freebsd-security@FreeBSD.ORG>
Subject: Re: ipfw log accounting
In-Reply-To: <200002290814.AAA81399@gndrsh.dnsmgr.net>
Message-Id: <Pine.BSF.4.05.10002291536340.24153-100000@dima.glb.net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 29 Feb 2000, Rodney W. Grimes wrote:
> > In message <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com>, 
> > "Crist J. Cl
> > ark" writes:
> > > On Tue, Feb 29, 2000 at 01:46:53AM +0300, Lev Serebryakov wrote:
> > > [snip]
> > > >   And one more question:
> > > >   How could I write rule, which skip all broadcast traffic? My
> > > >   computer is on big provider's net, and here is more than one
> > > >   broadcast address (many subnets on one wire)...
> > > 
> > > Never tried this and haven't glanced at the source to see if it has a
> > > chance of working, but _theoretically_ is there a reason that,
> > > 
> > >              deny ip from 0.0.0.255:0.0.0.255 to any
> > > 
> > > A "reversed" netmask won't work?
> > 
> > Been there done that.  This works using either IPFW or IP Filter, 
> > however you'll want to code it as the following, as the destination is 
> > the broadcast address:
> 
> Actually you need to be a bit selective, your host is going to have
> a real hard time doing arp's if you block all broadcast packets.  Make
> sure you have a directly connected network specific ``allow'' of broadcast
> destinations.
Actually ARP works at 2 Layer of OSI ... If you'll block all broadcast
packets ARP will be working properly !

 
Signed.
 ====================================================================
   Sergey Kart |  GLB.NET ISP Hub Administrator/Telecom Specialist 
                                



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message