From owner-freebsd-stable  Mon Aug 10 18:55:02 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA11171
          for freebsd-stable-outgoing; Mon, 10 Aug 1998 18:55:02 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from infid.detour.net (nw52.netwave.ca [204.101.215.52])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA11162
          for <freebsd-stable@freebsd.org>; Mon, 10 Aug 1998 18:54:56 -0700 (PDT)
          (envelope-from takkala@netwave.ca)
Received: from localhost (localhost [127.0.0.1])
	by infid.detour.net (8.9.0/8.9.0) with SMTP id VAA00365
	for <freebsd-stable@freebsd.org>; Mon, 10 Aug 1998 21:54:27 -0400 (EDT)
Date: Mon, 10 Aug 1998 21:54:26 -0400 (EDT)
From: Takkala <takkala@netwave.ca>
X-Sender: takkala@infid.detour.net
To: freebsd-stable@FreeBSD.ORG
Subject: more ipfw stuff (problems?)
Message-ID: <Pine.BSF.3.96.980810215154.363A-100000@infid.detour.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


	While were on the topic of ipfw problems, here's another one. I'm
not sure if its a bug in ipfw or not, but here goes. 
	I got this in my logs a few days ago:  

Aug 7 19:35:09 ns1 /kernel: ipfw: -1 Refuse TCP 207.179.186.25:1341
160.79.218.4:80 in via ed1 
Aug 7 19:35:14 ns1 /kernel: ipfw: -1 Refuse TCP 207.179.186.25:2592
160.79.218.4:80 in via ed1

Now, I do not have any TCP deny rules on my server, the only rules i have
are to deny icmp echo request / reply packets. Also, after examining the
web server logs, I was able to determine that the above person was in fact
able to access documents on our web server. I just find the "ipfw: -1"
odd, and the fact that these packets are being refused. Does anyone know
if this is a bug in ipfw, or if the client was running something like
Windows, and was spewing bad TCP packets? I'm running 2.2.7-STABLE,
cvsupped somewhere around July 27. This is a very isolated incident,
considering that we serve around 60,000 ppl a day, and 83 million TCP
packets on average pass through this system a day.

Jari Takkala - [takkalaNOSPAM@netwave.ca]
[Hint: take out the NOSPAM when replying]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message