Date: Fri, 22 Jul 2005 09:26:41 +0200 From: Dirk GOUDERS <gouders@et.bocholt.fh-ge.de> To: questions@freebsd.org Subject: Re: ipfw and tun0 Message-ID: <200507220726.j6M7Qfw3075675@musashi.et.bocholt.fh-gelsenkirchen.de> In-Reply-To: Message from Kevin Kinsey <kdk@.daleco.biz> of "Thu, 21 Jul 2005 19:22:41 CDT." <20050722002241.GA94174@ezekiel.daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
> >I just started to use an ADSL line with PPPoE and want run a firewall > >between it and my local network. What I am wondering about is that > >even if I only have the default everything-blocking rule (deny ip from > >any to any) I still see incoming packets on tun0 with tcpdump. > > > >Is this, because the firewall rules get checked after the packets > >leave the tun0 interface? On what interface should I run tcpdump then > >to check if my rules are working as expected? > > Just a guess, here .... tun0 doesn't exist when the firewall rc > script is run, so you may have to explicity state the name > of the interface since it wouldn't be listed during device > polling at boot time? Well, it seems as if my firewall rules work as expected -- with just the default rule, I cannot do anything on the net. Another example is that I saw several SYN packets directed to unprivileged ports that got answered with a RST packet by my machine. When I block those SYN packets, I still see them on tun0 but the RST responses disappear. Also, ipfw's counters show that it recognizes those packets... Sorry for not mentioning that earlier. Dirk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200507220726.j6M7Qfw3075675>