Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Feb 2004 20:46:09 -0800
From:      Saint Aardvark the Carpeted <aardvark@saintaardvarkthecarpeted.com>
To:        Peter Rosa <prosa@pro.sk>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: IPFW rules
Message-ID:  <20040218044609.GG2197@hardesty.saintaardvarkthecarpeted.com>
In-Reply-To: <000701c3f597$f4a53380$3501a8c0@peter>
References:  <000701c3f597$f4a53380$3501a8c0@peter>
next in thread | previous in thread | raw e-mail | index | archive | help 
Peter Rosa disturbed my sleep to write:
> please what's the difference between this ipfw rules:
> 
> ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif}

This denies broadcasts coming in to your machine through the outside
interface.  The rule number is specified here, and it's rather high; if
it's not stopping the traffic you think it should, there may be another
rule earlier that's allowing it through.  

I'm not certain, but I think the address "0.0.0.255:0.0.0.255" means
"anything ending in .255" -- the part after the colon is a netmask, and
for ipfw it means "only the last byte of the address needs to match".
This would catch a broadcast going to your local network if it was a /24.
For example, if your local network was 192.168.100.0/24 ("/24" is the
same netmask as 255.255.255.0), then this rule would stop broadcasts on
that network (going to 192.168.100.255).  It would *not* stop broadcasts
if you had a smaller or larger netmask, where the broadcast address
didn't end in .255.

> ${fwcmd} add deny all from any to 255.255.255.255

This denies broadcasts going in any direction (from or to your machine),
no matter what the interface.  The address specified is different from
the first -- it's 255.255.255.255, and the whole address needs to match.
Usually you'd see this address when the host is trying to figure out
its IP address -- during DHCP requests, say.

Hope that helps,
Hugh
-- 
Saint Aardvark the Carpeted
aardvark@saintaardvarkthecarpeted.com
Because the plural of Anecdote is Myth.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040218044609.GG2197>