Date: Wed, 7 Feb 2001 23:02:22 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Casey Dinsmore <cdinsmore@vatyx.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Interesting ipfw response Message-ID: <20010207230222.M91447@rfx-216-196-73-168.users.reflex> In-Reply-To: <002301c0913d$8555d000$1717a8c0@netadmin>; from cdinsmore@vatyx.com on Wed, Feb 07, 2001 at 11:38:15AM -0800 References: <002301c0913d$8555d000$1717a8c0@netadmin>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 07, 2001 at 11:38:15AM -0800, Casey Dinsmore wrote: > I've had a couple interesting entries in my log lately and wonder if someone could shed some light on these. How is it that they are being rejected with rule number -1? If I am having a problem with a ipfw ruleset could someone offer recommendations to fix and prevent this? Rule -1 is reported if the packet is dropped by sanity checks the firewall performs that are not associated with a rule. The only such checks I am aware of and the only ones I can find in the code are for "bogus" fragments. These are fragments that do not occur normally and their only use would be trying to circumvent a firewall. There is nothing to fix unless you have good reason to believe that these packets should not have been denied. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010207230222.M91447>