From owner-freebsd-questions  Tue Jan 25  1: 3:50 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130])
	by hub.freebsd.org (Postfix) with ESMTP id 8278414E5A
	for <questions@FreeBSD.org>; Tue, 25 Jan 2000 01:03:35 -0800 (PST)
	(envelope-from ru@ucb.crimea.ua)
Received: (from ru@localhost)
	by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA35324;
	Tue, 25 Jan 2000 10:08:12 +0200 (EET)
	(envelope-from ru)
Date: Tue, 25 Jan 2000 10:08:12 +0200
From: Ruslan Ermilov <ru@ucb.crimea.ua>
To: Mike Tancsa <mike@sentex.net>
Cc: questions@FreeBSD.org
Subject: Re: rule -1 on ipfw
Message-ID: <20000125100812.A32413@relay.ucb.crimea.ua>
Mail-Followup-To: Mike Tancsa <mike@sentex.net>, questions@FreeBSD.org
References: <3.0.5.32.20000124131838.01ce4e10@staff.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <3.0.5.32.20000124131838.01ce4e10@staff.sentex.ca>; from Mike Tancsa on Mon, Jan 24, 2000 at 01:18:38PM -0500
X-Operating-System: FreeBSD 3.3-STABLE i386
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jan 24, 2000 at 01:18:38PM -0500, Mike Tancsa wrote:
> 
> What would trigger something like this in my logs
> 
> ipfw: -1 Refuse TCP 209.226.155.246 my.ip.address. in via fxp0 Fragment = 185
> 
> when I have
> 
> 00100 166968  24813244 allow ip from any to any via lo0
> 00200      0         0 deny ip from any to 127.0.0.0/8
> 00250      0         0 deny log logamount 21000 tcp from any to any 8007 in
> recv fxp0
> 65000 826281 482465357 allow ip from any to any
> 
> Its a STABLE box as of today.
> 
This is documented in the ipfw(8) manpage:

: There is one kind of packet that the firewall will always discard, that
: is an IP fragment with a fragment offset of one.  This is a valid packet,
: but it only has one use, to try to circumvent firewalls.

See RFC1858 (Security Considerations for IP Fragment Filtering) for details.


Cheers,
-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank,
ru@FreeBSD.org		FreeBSD committer,
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message