From owner-freebsd-ipfw  Fri Mar 10 12: 2:17 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from hydrant.intranova.net (msb-ts-slip09.UMDNJ.EDU [130.219.28.69])
	by hub.freebsd.org (Postfix) with SMTP id 259E237BA4A
	for <freebsd-ipfw@FreeBSD.ORG>; Fri, 10 Mar 2000 12:02:11 -0800 (PST)
	(envelope-from oogali@intranova.net)
Received: (qmail 22775 invoked from network); 10 Mar 2000 20:02:25 -0000
Received: from hydrant.abuselabs.com (HELO hydrant) (@192.168.0.1)
  by hydrant.abuselabs.com with SMTP; 10 Mar 2000 20:02:25 -0000
Date: Fri, 10 Mar 2000 15:02:24 -0500 (EST)
From: Omachonu Ogali <oogali@intranova.net>
To: Luigi Rizzo <luigi@info.iet.unipi.it>
Cc: Mike Heffner <spock@techfour.net>, freebsd-ipfw@FreeBSD.ORG
Subject: Re: ipfw doesn't match when src == dest
In-Reply-To: <200003101136.MAA75621@info.iet.unipi.it>
Message-ID: <Pine.BSF.4.10.10003101502050.22637-100000@hydrant.intranova.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I usually run across those fragments when logging IGMP packets.

On Fri, 10 Mar 2000, Luigi Rizzo wrote:

> > Hello,
> > 
> > When I recently redid my firewall, I wanted to block a strange packet from my
> > cablemodem, 
> > 
> > Deny P:2 192.168.100.1 192.168.100.1 in via ed1
> 
> are you sure that the logging code prints the right thing ?
> I noticed (from source code analysis) it does strange things with
> fragments, it might as well misbehave with short packets etc.
> 
> 	cheers
> 	luigi
> > as you can see, the source equals the destination. When I installed the ipfw
> > rule below, it wouldn't match the packet:
> > 
> > 00146  0    0 deny log ip from 192.168.100.1 to 192.168.100.1 via ed1
> > 
> > But when I change the rule to this:
> > 
> > 00146  0    0 deny log ip from 192.168.100.1 to any via ed1
> > 
> > it'll match the packet and deny it correctly.
> > 
> > Has anyone else noticed this, or have I got this confused somehow? I'm planning
> > to look into it a little further, but just wondered if anyone had any ideas
> > offhand.
> > 
> > 
> > Later,
> > 
> > /****************************************
> >  * Mike Heffner <spock@techfour.net>    *
> >  * Fredericksburg, VA -- ICQ# 882073    *
> >  * Sent at: 10-Mar-2000 -- 01:37:17 EST *
> >  * http://my.ispchannel.com/~mheffner   *
> >  ****************************************/
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-ipfw" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message
> 

-- 
+-------------------------------------------------------------------------+
| Omachonu Ogali                                     oogali@intranova.net |
| Intranova Networking Group                 http://tribune.intranova.net |
| PGP Key ID:                                                  0xBFE60839 |
| PGP Fingerprint:       C8 51 14 FD 2A 87 53 D1  E3 AA 12 12 01 93 BD 34 |
+-------------------------------------------------------------------------+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message