Date: Mon, 8 Sep 2008 13:04:07 -0500 From: "David DeSimone" <fox@verio.net> To: <freebsd-pf@freebsd.org> Subject: Re: FreeBSD 7.1-PRERELEASE Trouble Message-ID: <20080908180407.GB4100@verio.net> In-Reply-To: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com> References: <9bc4ff5c0809080813t1c370b72pce80dfa64f91fa41@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dmitry Rybin <kirgudu@kirgudu.org> wrote:
>
> PF doesn't block some IP!!!!
>
> === pf.conf ===
>
> ext_if="bge0"
> table <dnsflood> { 78.107.71.38 89.179.195.34 }
>
> block quick from <dnsflood>
> pass out
> pass in
> === pf.conf ===
>
> # pfctl -e -f /etc/pf.conf
>
> # tcpdump -netxi bge0 host 89.179.195.34
> 00:1a:a1:69:35:43 > 00:1c:c4:81:2f:9e, ethertype IPv4 (0x0800), length 69:
> 89.179.195.34.2357 > 195.14.50.21.53: 35869+ A? emils.com. (27)
> 0x0000: 4500 0037 3034 0000 3811 4089 59b3 c322
> 0x0010: c30e 3215 0935 0035 0023 0314 8c1d 0100
> 0x0020: 0001 0000 0000 0000 0565 6d69 6c73 0363
> 0x0030: 6f6d 0000 0100 01
Even if PF causes the packet to be dropped, it will still show up on
your inbound interface. You cannot prevent the packet from being sent
to you unless you block it further upstream.
- --
David DeSimone == Network Admin == fox@verio.net
"I don't like spinach, and I'm glad I don't, because if I
liked it I'd eat it, and I just hate it." -- Clarence Darrow
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFIxWkXFSrKRjX5eCoRApOkAJ9q/Ndg9Wrcfnss//PcD1lePdCGVQCfRAja
5ltkyqIlojWZzzto7PQNRNI=
=c8Ig
-----END PGP SIGNATURE-----
This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080908180407.GB4100>