From owner-freebsd-questions@FreeBSD.ORG Sat Mar 28 03:33:41 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D982D83B for ; Sat, 28 Mar 2015 03:33:41 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DFC12FA for ; Sat, 28 Mar 2015 03:33:41 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-69.adsl.hiwaay.net [216.180.19.69]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id t2S3XXW4028219 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Fri, 27 Mar 2015 22:33:34 -0500 Message-ID: <55162284.6040806@hiwaay.net> Date: Fri, 27 Mar 2015 22:39:48 -0500 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: "FreeBSD Questions !!!!" Subject: Re: ipfw question References: <55122B21.60905@hiwaay.net> In-Reply-To: <55122B21.60905@hiwaay.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Mar 2015 03:33:41 -0000 On 03/24/15 22:27, William A. Mahaffey III wrote: > > > I completed a full pkg upgrade & freebsd-update this A.M. & rebooted. > I notice the following in my /var/log/security file: > > > Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:32830 in via re0 > Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:65133 in via re0 > Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:65133 in via re0 > Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:29850 in via re0 > Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:29850 in via re0 > Feb 26 12:14:19 kabini1 kernel: ipfw: 65500 Deny TCP 216.180.54.1:110 > 192.168.0.27:32249 in via re0 > Feb 27 11:23:49 kabini1 kernel: ipfw: 65500 Deny TCP > 108.59.11.225:9001 192.168.0.27:30252 in via re0 > Feb 27 11:24:36 kabini1 last message repeated 8 times > Feb 27 11:25:18 kabini1 kernel: ipfw: 65500 Deny TCP > 108.59.11.225:9001 192.168.0.27:30252 in via re0 > Mar 14 08:31:42 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:11037 in via re0 > Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:64292 in via re0 > Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:64292 in via re0 > Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:50006 in via re0 > Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:50006 in via re0 > Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:19797 in via re0 > Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:23420 in via re0 > Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:23420 in via re0 > Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:33492 in via re0 > Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:33492 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:10331 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:10331 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:52550 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:52550 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:31977 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:31977 in via re0 > Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:63154 in via re0 > Mar 19 21:55:13 kabini1 kernel: ipfw: 65500 Deny TCP > 178.32.219.197:9001 192.168.0.27:37694 in via re0 > Mar 19 21:55:46 kabini1 last message repeated 7 times > Mar 19 21:57:08 kabini1 last message repeated 2 times > Mar 23 15:06:36 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:32015 in via re0 > Mar 23 15:06:36 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:32015 in via re0 > Mar 23 15:06:40 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:40246 in via re0 > Mar 23 15:06:40 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:40246 in via re0 > Mar 23 15:07:15 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:38671 in via re0 > Mar 23 15:07:15 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:38671 in via re0 > Mar 23 15:07:20 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:17037 in via re0 > Mar 23 15:07:20 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53 > 192.168.0.27:17037 in via re0 > Mar 24 09:59:15 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Mar 24 09:59:22 kabini1 last message repeated 3 times > Mar 24 10:01:22 kabini1 last message repeated 4 times > Mar 24 10:09:23 kabini1 last message repeated 16 times > Mar 24 10:37:08 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Mar 24 10:37:16 kabini1 last message repeated 3 times > Mar 24 10:39:15 kabini1 last message repeated 4 times > Mar 24 10:49:16 kabini1 last message repeated 20 times > Mar 24 10:59:15 kabini1 last message repeated 20 times > Mar 24 11:09:16 kabini1 last message repeated 20 times > Mar 24 11:19:15 kabini1 last message repeated 20 times > Mar 24 11:29:15 kabini1 last message repeated 20 times > Mar 24 11:39:16 kabini1 last message repeated 20 times > Mar 24 11:49:15 kabini1 last message repeated 20 times > > > The last lines about 'message repeated continue until the present. I > show some output for the last few weeks to show this wasn't happening > before. Any clues what is causing this ? FreeBSD 9.3-RELEASE-p10, > 192.168.0.27 is this box, ipfw rules haven't changed in months & are > mostly the stock 'workstation' rules w/ a few extra rules to let NFS > work, see below. Need anything else, please ask & TIA .... > > > [root@kabini1, /etc, 10:26:29pm] 366 % ipfw show > 00100 211446 127533786 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 deny ip from any to ::1 > 00500 0 0 deny ip from ::1 to any > 00600 0 0 allow ipv6-icmp from :: to ff02::/16 > 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 2 152 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 2,135,136 > 01100 0 0 check-state > 01200 371 38801 allow tcp from me to any established > 01300 131125 100329380 allow tcp from me to any setup keep-state > 01400 15375 1247143 allow udp from me to any keep-state > 01500 0 0 allow icmp from me to any keep-state > 01600 0 0 allow ipv6-icmp from me to any keep-state > 01700 0 0 allow udp from 0.0.0.0 68 to 255.255.255.255 > dst-port 67 out > 01800 0 0 allow udp from any 67 to me dst-port 68 in > 01900 0 0 allow udp from any 67 to 255.255.255.255 > dst-port 68 in > 02000 0 0 allow udp from fe80::/10 to me dst-port 546 in > 02100 0 0 allow icmp from any to any icmptypes 8 > 02200 0 0 allow ipv6-icmp from any to any ip6 icmp6types > 128,129 > 02300 3390 189852 allow icmp from any to any icmptypes 3,4,11 > 02400 0 0 allow ipv6-icmp from any to any ip6 icmp6types 3 > 02500 164 12060 allow tcp from 192.168.0.0/24 to me > 02600 729 139344 allow udp from 192.168.0.0/24 513 to > 192.168.0.0/24 dst-port 513 > 65000 2079 233849 count ip from any to any > 65100 334 58174 deny { tcp or udp } from any to any dst-port > 111,137,138 in > 65200 325 118875 deny { tcp or udp } from 192.168.0.0/24 to me > 65300 0 0 deny ip from any to 255.255.255.255 > 65400 0 0 deny ip from any to 224.0.0.0/24 in > 65500 0 0 deny udp from any to any dst-port 520 in > 65500 0 0 deny tcp from any 80,443 to any dst-port > 1024-65535 in > 65500 1420 56800 deny log logamount 5000 ip from any to any > 65535 0 0 deny ip from any to any > [root@kabini1, /etc, 10:26:37pm] 367 % > Anyone ? I'm over 5000 warnings, saw that in my messages file ? What gives here ? -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.