From owner-freebsd-questions Mon Jan 7 1:19:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from hotmail.com (f190.law9.hotmail.com [64.4.9.190]) by hub.freebsd.org (Postfix) with ESMTP id 091D837B416 for ; Mon, 7 Jan 2002 01:19:16 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 7 Jan 2002 01:19:15 -0800 Received: from 65.30.229.190 by lw9fd.law9.hotmail.msn.com with HTTP; Mon, 07 Jan 2002 09:19:15 GMT X-Originating-IP: [65.30.229.190] From: "Joe Parks" To: freebsd-questions@freebsd.org Subject: weird problems with ipfw rule not applying itself... Date: Mon, 07 Jan 2002 02:19:15 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 07 Jan 2002 09:19:15.0985 (UTC) FILETIME=[60CBF810:01C1975C] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have a 4.4-RELEASE acting as a gateway. When I start out, my ruleset looks like this: gateway# ipfw show 00100 43866683 26545107129 allow ip from any to any 65535 0 0 deny ip from any to any Simple. Let everything through, and it works great. So then I decided to completely block UDP port 514 (syslogd), so I issued this command: ipfw add 00050 deny udp from any to any 514 So now my ruleset looks like this: gateway# ipfw show 00050 0 0 deny udp from any to any 514 00100 43866913 26545121843 allow ip from any to any 65535 0 0 deny ip from any to any So far, so good. The problem is, then I run `nmap` from an off network site, and nmap tells me that UDP 514 is _open_ (!) How can this be ? So I go back to the firewall and 'ipfw show' again, and I get: gateway# ipfw show 00050 5 140 deny udp from any to any 514 00100 43866913 26545121843 allow ip from any to any 65535 0 0 deny ip from any to any So as you can see, the counters for the UDP 514 rule were incremented and everything! So how come nmap still shows UDP 514 as "open" ? As a test, I closed some tcp ports with the exact same command (but with tcp, and port 443 this time) and nmap said those ports are filtered...so that works...and I also tried with udp port 161, but again, the rule is in, the rule counters even get incremented, but nmap still says the port is OPEN. How can this be ? any help appreciated - thanks! _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message