Re: ipfw question

From: Chris Faulhaber (jedgar@fxp.org)
Date: 02/07/01


Date: Wed, 7 Feb 2001 09:59:21 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Rossen Raykov <rraykov@sageian.com>

On Wed, Feb 07, 2001 at 09:57:27AM -0500, Rossen Raykov wrote:
> Hi All,
>
> I have the following lines in my firewall config file (fragment from ipfw
> show):
>
> 03010 108 10919 allow udp from local.ip to any
> 50000 0 0 allow udp from any 40000-50000 to local.ip 40000-50000
> 50001 21 1694 allow log logamount 1024 udp from any to any
>
> And I have the following records in security log:
>
> Feb 7 08:49:33 myhost /kernel: ipfw: 50001 Accept UDP forien.ip.1:4000
> local.ip:49160 in via dc0
> Feb 7 08:49:42 myhost last message repeated 10 times
> Feb 7 08:52:10 myhost last message repeated 2 times
> Feb 7 09:00:34 myhost last message repeated 7 times
> Feb 7 09:02:34 myhost /kernel: ipfw: 50001 Accept UDP forien.ip.2:4000
> local.ip:49160 in via dc0
>
> My question is why those packets ware not captured from rule 50000 but from
> 50001?
>

Because they don't originate in the 40000-50000 range?

-- 
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message