From owner-freebsd-security Wed Feb 7 23: 3: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 85C0737B4EC for ; Wed, 7 Feb 2001 23:02:45 -0800 (PST) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 7 Feb 2001 23:00:37 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1872NQ25155; Wed, 7 Feb 2001 23:02:23 -0800 (PST) (envelope-from cjc) Date: Wed, 7 Feb 2001 23:02:22 -0800 From: "Crist J. Clark" To: Casey Dinsmore Cc: freebsd-security@FreeBSD.ORG Subject: Re: Interesting ipfw response Message-ID: <20010207230222.M91447@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <002301c0913d$8555d000$1717a8c0@netadmin> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <002301c0913d$8555d000$1717a8c0@netadmin>; from cdinsmore@vatyx.com on Wed, Feb 07, 2001 at 11:38:15AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Feb 07, 2001 at 11:38:15AM -0800, Casey Dinsmore wrote: > I've had a couple interesting entries in my log lately and wonder if someone could shed some light on these. How is it that they are being rejected with rule number -1? If I am having a problem with a ipfw ruleset could someone offer recommendations to fix and prevent this? Rule -1 is reported if the packet is dropped by sanity checks the firewall performs that are not associated with a rule. The only such checks I am aware of and the only ones I can find in the code are for "bogus" fragments. These are fragments that do not occur normally and their only use would be trying to circumvent a firewall. There is nothing to fix unless you have good reason to believe that these packets should not have been denied. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message