Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Feb 2000 16:53:08 -0500
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        Jonathan Chen <jonc@logisticsoftware.co.nz>
Cc:        cjclark@home.com, Brian Gallucci <briang@expnet.net>, FreeBSD <freebsd-questions@FreeBSD.ORG>
Subject:   Re: IPFW Trouble
Message-ID:  <20000220165308.H36373@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <20000221093118.D1528@jonc.logisticsoftware.co.nz>; from jonc@logisticsoftware.co.nz on Mon, Feb 21, 2000 at 09:31:18AM %2B1300
References:  <000501bf7bd8$a2c90a60$095aaed8@expnet.net> <20000220152945.B36373@cc942873-a.ewndsr1.nj.home.com> <20000221093118.D1528@jonc.logisticsoftware.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Feb 21, 2000 at 09:31:18AM +1300, Jonathan Chen wrote:
> On Sun, Feb 20, 2000 at 03:29:45PM -0500, Crist J. Clark wrote:
> 
> > On Sun, Feb 20, 2000 at 11:28:16AM -0800, Brian Gallucci wrote:
> > > I noticed a -1 Refused in our logging, What does this mean ?
> > > 
> > > ipfw: 700 Deny UDP 10.1.1.1:137 216.174.90.90:137 in via fxp0
> > > ipfw: -1 Refuse TCP 195.36.173.44:1107 216.174.90.90:80 in via fxp0
> > > ^^^^^^^^^^^^^^^^^^^^^
> > > ipfw: 700 Deny UDP 10.0.0.4:137 216.174.90.90:137 in via fxp0
> > > ipfw: 700 Deny UDP 10.0.0.4:137 216.174.90.90:137 in via fxp0
> > > ipfw: -1 Refuse TCP 194.106.96.6:59409 216.174.90.90:80 in via fxp0
> > > ^^^^^^^^^^^^^^^^^^^^^^^
> > > ipfw: 4400 Deny TCP 24.147.67.6:3566 216.174.90.90:445 in via fxp0
> > > 
> > > Running FreeBSD 3.4 
> > 
> > My guess is that rule 65535 is being printed as a 'short' rather than
> > an 'unsigned short.' Those messages would not happen to be generated
> > by a default deny?
> 
> IIRC, the packet reject is generated by the "IP fragment with a
> fragment offset of one"; which is always rejected (it's in the FINE
> POINTS of the ipfw man-page).

Looking at the source, there are several conditions that generate such
a report when the packet is a "bogusfrag."

The packet has been dropped by the firewall before it ever reached the
user rules. I think this needs to be more clearly documented.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000220165308.H36373>