Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Jul 2001 14:15:52 -0400 (EDT)
From:      Mark Livingstone <mlivingstone@ottawa.com>
To:        Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: how could this PACKET get through?!
Message-ID:  <200107171815.OAA19997@mail.ottawa.com>
next in thread | raw e-mail | index | archive | help 
thank for your reply. perhaps you're right "pass out quick on ed0 proto icmp 
from any to any keep state keep frags" might be doing it, right? here are my 
rules:

*****************************************************************
block in log on ed0
count in  on ed0 all
count out on ed0 all
block in log quick on ed0 proto tcp from any to any flags SF/SFRA
block in log quick on ed0 proto tcp from any to any flags /SFRA


block in quick on ed0 all with ipopts
block in quick on ed0 all with short
block in quick on ed0 all with frag
block in quick on ed0 all with opt lsrr
block in quick on ed0 all with opt ssrr

block in log quick on ed0 proto tcp from any port = 80 to any port > 1023 
flags F/F
block in log quick on ed0 proto tcp from any port = 80 to any port > 1023 
flags R/R

block in log quick on ed0 proto tcp from any to any flags FUP

block in log quick on ed0 from 192.168.0.0/16 to any
block in log quick on ed0 from 172.16.0.0/12 to any
block in log quick on ed0 from 127.0.0.0/8 to any
block in log quick on ed0 proto udp from 0.0.0.0/32 to any port = 67
block in log quick on ed0 proto udp from 0.0.0.0/32 to any port = 68
block in log quick on ed0 proto udp from 255.255.255.255/32 to any port = 67
block out log quick on ed0 from any to 192.168.0.0/16
block out log quick on ed0 from any to 172.16.0.0/12
block out log quick on ed0 from any to 127.0.0.0/8


pass in log quick on ed0 proto icmp from any to any icmp-type 0
pass in log quick on ed0 proto icmp from any to any icmp-type unreach code 3
pass in log quick on ed0 proto icmp from any to any icmp-type unreach code 4
pass in log quick on ed0 proto icmp from any to any icmp-type timex
pass out quick on ed0 proto icmp from any to any keep state keep frags

block in log quick on ed0
# final 'catch all' rules
block in  log quick on all
block out log quick on all

*****************************************************************

On Jul 17, Fernando Gleiser <fgleiser@cactus.fi.uba.ar> wrote:
> 
> 
> Without knowing your firewall rules it is difficult to tell, but a good
> guess is you are keeping state on the outgoing connections and the icmp
> packet was in response to one of those outgoing connections.
> 
> 
> 			Fer
> 
> 
> On Tue, 17 Jul 2001, Mark wrote:
> 
> > Re,
> >
> > I am blocking most incoming icmp traffic:
> >
> > icmp-type 0
> > icmp-type unreach code 3
> > icmp-type unreach code 4
> > icmp-type timex
> >
> > also.. im running jail, but icmp doesn't work from there.. how could this 
packet get through my firewall:
> >
> > Jul 17 05:12:53 ml ipmon[18381]: 05:12:52.177910 2x ed0 @0:35 p 0.so-3-0-
0.XR1.ATL1.ALTER.NET -> jail PR icmp len 20
> > 56 icmp 11/0 for jail,3366 - 63.108.161.50,1439 PR tcp len 20 40 IN
> >
> > Please, reply by e-mail.
> >
> > thanks in advance!
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> 
> 
> 



Get your Free email at http://mail.ottawa.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107171815.OAA19997>