From owner-freebsd-questions Fri Oct 22 16:44: 9 1999 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 3E33614E31 for ; Fri, 22 Oct 1999 16:43:51 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id TAA33834; Fri, 22 Oct 1999 19:47:07 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199910222347.TAA33834@cc942873-a.ewndsr1.nj.home.com> Subject: Re: IPFW is acting funny... In-Reply-To: <3.0.6.32.19991021215338.0091f3b0@mail.trlinks.com> from Lists User at "Oct 21, 1999 09:53:38 pm" To: lists@rhavenn.net (Lists User) Date: Fri, 22 Oct 1999 19:47:07 -0400 (EDT) Cc: freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Lists User wrote, > Hello List- > > Well, more then likely I am not understanding IPFW correctly, but here > is my problem: > > > I have the IPFIREWALL, etc.. on in the kernel and my firewall works, but I > am trying to keep my local > computers and routers from filling my logs, so I put a line in before my > last one which should deny > certian local requests, but not log them. > > > #Before the last line > $ipfw add deny udp from 172.20.20.15 137 to 172.20.20.12 137 #This is a > Win98 box to my NIX box > $ipfw add deny udp from 172.20.20.15 138 to 172.20.20.12 138 > > #My last lines. > $ipfw add deny log tcp from any to any > $ipfw add deny log udp from any to any > > > > My question/problem is that these requests still get logged and fillup my > log file with junk. I thought > if a deny matched it would terminate, but it keeps going and logs the > requests? In my log file it shows > up exactly like the deny requests above it. > > > Am I missing something? My guess is that the above is missing all of the broadcasts (address 172.20.20.255 if you are using the whole class C space) that NetBIOS machines love to make. If you just want to lose all of the NetBIOS from that machine, $ipfw add deny udp from 172.20.20.15 137-139 to 172.20.20.0/24 137-139 Would do it all in one line. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message