Date: Fri, 10 Mar 2000 12:36:42 +0100 (CET) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Mike Heffner <spock@techfour.net> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw doesn't match when src == dest Message-ID: <200003101136.MAA75621@info.iet.unipi.it> In-Reply-To: <XFMail.20000310014634.mheffner@mailandnews.com> from Mike Heffner at "Mar 10, 2000 01:46:34 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > When I recently redid my firewall, I wanted to block a strange packet from my > cablemodem, > > Deny P:2 192.168.100.1 192.168.100.1 in via ed1 are you sure that the logging code prints the right thing ? I noticed (from source code analysis) it does strange things with fragments, it might as well misbehave with short packets etc. cheers luigi > as you can see, the source equals the destination. When I installed the ipfw > rule below, it wouldn't match the packet: > > 00146 0 0 deny log ip from 192.168.100.1 to 192.168.100.1 via ed1 > > But when I change the rule to this: > > 00146 0 0 deny log ip from 192.168.100.1 to any via ed1 > > it'll match the packet and deny it correctly. > > Has anyone else noticed this, or have I got this confused somehow? I'm planning > to look into it a little further, but just wondered if anyone had any ideas > offhand. > > > Later, > > /**************************************** > * Mike Heffner <spock@techfour.net> * > * Fredericksburg, VA -- ICQ# 882073 * > * Sent at: 10-Mar-2000 -- 01:37:17 EST * > * http://my.ispchannel.com/~mheffner * > ****************************************/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003101136.MAA75621>