From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 11 17:42:53 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E92B516A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Oct 2004 17:42:53 +0000 (GMT)
Received: from mail2.speakeasy.net (mail2.speakeasy.net [216.254.0.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 904E643D31
	for <freebsd-questions@freebsd.org>;
	Mon, 11 Oct 2004 17:42:52 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: (qmail 874 invoked from network); 11 Oct 2004 17:42:52 -0000
Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.no-ip.com)
	([66.92.78.145])
	(envelope-sender <freebsd-questions-local@be-well.ilk.org>)
	by mail2.speakeasy.net (qmail-ldap-1.03) with SMTP
	for <norm@etherealconsulting.com>; 11 Oct 2004 17:42:52 -0000
Received: by be-well.no-ip.com (Postfix, from userid 1147)
	id C9B53E; Mon, 11 Oct 2004 13:42:51 -0400 (EDT)
Sender: lowell@be-well.ilk.org
To: Norm Vilmer <norm@etherealconsulting.com>
References: <41674DF5.4010409@etherealconsulting.com>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 11 Oct 2004 13:42:51 -0400
In-Reply-To: <41674DF5.4010409@etherealconsulting.com>
Message-ID: <44y8idqhgk.fsf@be-well.ilk.org>
Lines: 23
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-questions@freebsd.org
Subject: Re: Need help with IPFW rule
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Oct 2004 17:42:54 -0000

Norm Vilmer <norm@etherealconsulting.com> writes:

> I get this message (below) on the console of my FreeBSD 4.10 firewall:
> 
> Connection attempt to TCP <my public ip>:20388 from 61.151.248.42:80
> flags 0x12
> 
> It appears that this is getting through the firewall and is logged to
> the console because log_in_vain is 1.
> 
> Question: What IPFW rule would block this without interfering with
> normal http traffic on port 80 (I have Apache running on the box and
> nat'd machines on the inside interface that access the Internet)?

In most peoples' configurations, this would be getting blocked by a
default block-all rule.  The users' connection out on port 80 would be
accepted by a rule that is specific to the outgoing direction, and
incoming packets on those connections would be accepted by either
keeping state or by letting in only non-SYN packets.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org:8088/~lowell/