Date: Thu, 29 Oct 1998 12:28:11 +0200 From: Johann Visagie <wjv@cityip.co.za> To: security@FreeBSD.ORG Subject: Connections succeed even though denied by IPFW Message-ID: <19981029122811.A14672@cityip.co.za>
next in thread | raw e-mail | index | archive | help
I have a rather strange situation here, on a 2.2.5-REL box which currently has an uptime of over 100 days (I don't know if that might affect it in any way). Basically, connections which are denied by the IPFW settings in /etc/rc.firewall succeed, _even though IPFW logs the packets as being denied_! Here is an example of an attempt to connect to my telnetd and popper. Note that IPFW successfully denies the packets, but tcpd then gets to reject the connections: Oct 27 15:09:16 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1030 196.25.223.161:23 in via ed0 Oct 27 15:09:17 ns telnetd[5955]: refused connect from jhb140.shisas.co.za Oct 27 15:09:17 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1033 255.255.255.255:110 in via ed0 Oct 27 15:09:19 ns telnetd[5956]: refused connect from jhb140.shisas.co.za Oct 27 15:09:19 ns popper[5957]: refused connect from jhb140.shisas.co.za Oct 27 15:09:20 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1052 196.25.223.161:110 in via ed0 Oct 27 15:09:22 ns popper[5959]: refused connect from jhb140.shisas.co.za I have double checked - if I configure my TCP wrappers to allow a specific connection, then it can be made successfully, even though the packet filtering rules should disallow it (and log it that they do). In a word: "Huh?" -- V Johann Visagie | wjv@CityIP.co.za | Tel: +27 21 419-7878 | ICQ: 20645559 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981029122811.A14672>