From owner-freebsd-questions@FreeBSD.ORG Thu Feb 19 00:52:56 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3547616A4CE for ; Thu, 19 Feb 2004 00:52:56 -0800 (PST) Received: from smtp08.wxs.nl (smtp08.wxs.nl [195.121.6.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BA4F43D1F for ; Thu, 19 Feb 2004 00:52:56 -0800 (PST) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp08.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HTB007W0PWVJP@smtp08.wxs.nl> for freebsd-questions@freebsd.org; Thu, 19 Feb 2004 09:50:55 +0100 (MET) Received: from alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.10/8.12.10) with ESMTP id i1J8qLT5001250; Thu, 19 Feb 2004 09:52:22 +0100 Received: (from akruijff@localhost) by alex.lan (8.12.10/8.12.10/Submit) id i1J8qLdT001249; Thu, 19 Feb 2004 09:52:21 +0100 Content-return: prohibited Date: Thu, 19 Feb 2004 09:52:21 +0100 From: Alex de Kruijff In-reply-to: <20040218044609.GG2197@hardesty.saintaardvarkthecarpeted.com> To: Saint Aardvark the Carpeted Message-id: <20040219085221.GB995@alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2i References: <000701c3f597$f4a53380$3501a8c0@peter> <20040218044609.GG2197@hardesty.saintaardvarkthecarpeted.com> X-Authentication-warning: alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: Peter Rosa cc: FreeBSD Questions Subject: Re: IPFW rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2004 08:52:56 -0000 Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ On Tue, Feb 17, 2004 at 08:46:09PM -0800, Saint Aardvark the Carpeted wrote: > Peter Rosa disturbed my sleep to write: > > please what's the difference between this ipfw rules: > > > > ${fwcmd} add 63000 deny ip from any to 0.0.0.255:0.0.0.255 in via ${oif} > > This denies broadcasts coming in to your machine through the outside > interface. The rule number is specified here, and it's rather high; if > it's not stopping the traffic you think it should, there may be another > rule earlier that's allowing it through. > > I'm not certain, but I think the address "0.0.0.255:0.0.0.255" means > "anything ending in .255" It just an invalid IP adress. At least the first tree number have to be zero. The invalid IP adress 0.0.0.0 is usaly used by DHCP server (and maybe clients). This value can be used to filther that without fithering anything. Alex