Re: ipfw question

From: Chris Faulhaber (jedgar@fxp.org)
Date: 02/07/01


Date: Wed, 7 Feb 2001 09:59:21 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Rossen Raykov <rraykov@sageian.com>

On Wed, Feb 07, 2001 at 09:57:27AM -0500, Rossen Raykov wrote:
> Hi All,
>
> I have the following lines in my firewall config file (fragment from ipfw
> show):
>
> 03010 108 10919 allow udp from local.ip to any
> 50000 0 0 allow udp from any 40000-50000 to local.ip 40000-50000
> 50001 21 1694 allow log logamount 1024 udp from any to any
>
> And I have the following records in security log:
>
> Feb 7 08:49:33 myhost /kernel: ipfw: 50001 Accept UDP forien.ip.1:4000
> local.ip:49160 in via dc0
> Feb 7 08:49:42 myhost last message repeated 10 times
> Feb 7 08:52:10 myhost last message repeated 2 times
> Feb 7 09:00:34 myhost last message repeated 7 times
> Feb 7 09:02:34 myhost /kernel: ipfw: 50001 Accept UDP forien.ip.2:4000
> local.ip:49160 in via dc0
>
> My question is why those packets ware not captured from rule 50000 but from
> 50001?
>

Because they don't originate in the 40000-50000 range?

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • IPFW, NATd, dnscache problems
    ... I can't for the life of me get port forwarding setup. ... part is that ipfw is seeing the request come in (the appropriate rule's ... interface dc0 ... ipfw -q add 00301 deny log all from any to 127.0.0.0/8 ...
    (comp.unix.bsd.freebsd.misc)
  • Re: SSH or Telnet?
    ... ipfw rules are preferable to /etc/hosts.allow rules, ... I worry about my child and the Internet all the time, ... Here's what I worry about. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: SSH or Telnet?
    ... And also ipfw is a good habit to pick up because it is preferable ... because not every service supports tcpwrappers. ... Here's what I worry about. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: pf OR ipf ?
    ... with the fact that there are now three filters (ipfw, ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: ipf / ipfw Which to use?
    ... > I've been playing with both of these and I was wondering why are both ... Ipfilter is multiplatform, ipfw is ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)