Re: Localhost traffic and ipfw rules

• Previous message: Flemming Jacobsen: "Re: Localhost traffic and ipfw rules"
• Maybe in reply to: erschulz_at_comcast.net: "Localhost traffic and ipfw rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Flemming Jacobsen <fj@batmule.dk>
Date: Sun, 15 Feb 2004 16:11:33 +0000

On Sun, 15 Feb 2004, Flemming Jacobsen wrote:
                                                                                
> You probably want this as your first 3 rules:
> allow ip from any to any via lo0
> deny ip from any to 127.0.0.0/8
> deny ip from 127.0.0.0/8 to any
>
> Some say that the TCP stack already takes care of this, but I
> like these rules in my set - just to be 100% sure.
>

    Sorry about the long lines. I hope this is one better.

    Well, let me see if I can clarify what I am seeing. My rules are
similar but, the counters are not incrementing. That's
when I started adding the other rules just to see if the counters
would increment. The second rule below is a dead-on match for
the packets I captured with tcpdump. Still, the counters do
not increment.

    0 0 deny ip from any to 127.0.0.0/8 in recv dc0
    0 0 deny tcp from 127.0.0.1 to x.x.x.x tcpflags ack,rst
    0 0 deny ip from 127.0.0.0/8 to x.x.x.x

    As you can see, none of these have incremented. And, this has
been the case every time even though snort identified the traffic
and I captured it with tcpdump. The counters were still zeros.
The traffic is not present on lo0 or my internal interface. It
is only present on my external interface.

    I'm not so much concerned about the traffic as I am with
the failure of the counters to increment.

Thx,
Richard
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Flemming Jacobsen: "Re: Localhost traffic and ipfw rules"
• Maybe in reply to: erschulz_at_comcast.net: "Localhost traffic and ipfw rules"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How To program for an Accurate sub-second clock ... > Set the timer with elapse period much less then a second and increment ... > counters only when seconds value changnes. ... This is too inaccurate to work with. ... (microsoft.public.pocketpc.developer) [PATCH] Light weight event counters V3 ... The remaining counters in page_state after the zoned VM counter patch has ... We use a simple increment of per cpu variables. ... (Linux-Kernel) [PATCH] Light weight event counters V4 ... The remaining counters in page_state after the zoned VM counter patch has ... We use a simple increment of per cpu variables. ... (Linux-Kernel) Re: Saving data in CPU on-chip EEPROM ... >>Use Gray Code for the counters. ... >increment taking place in that domain, ... >The conversion back and forth is relatively easy, ... (comp.arch.embedded)