Date: Thu, 31 Jan 2002 21:30:29 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Bovine Unit #243 <bov243@yahoo.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: reset TCP in ipfw Message-ID: <20020131213029.I152@gohan.cjclark.org> In-Reply-To: <Pine.BSF.4.43.0201301310490.55714-100000@kristen.shadowdale.net>; from bov243@yahoo.com on Wed, Jan 30, 2002 at 01:25:32PM -0600 References: <Pine.BSF.4.43.0201301310490.55714-100000@kristen.shadowdale.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 30, 2002 at 01:25:32PM -0600, Bovine Unit #243 wrote:
> I was looking through ipfw log this morning and saw the "reset tcp" rule
> in action. A flood of tcp packets from some Winblows app was bombarding to
> port 1214. Anyway, since it wasn't matched to any rules present, it came
> to the last two TCP rules I had:
>
> ...
> 10000 divert 6668 ip from any to any via fxp0
> ...
> 49990 reset tcp log from any to any in recv fxp0
> 49999 deny tcp log from any to any in recv fxp0
>
> Well, the problem with that reset is that it's being blocked by the very
> next rule. Dang! I did not know firewall would block its own action.
> Hmm...
Hmmm? How is the firewall blocking its own action? I'm not sure if you
are interpreting your logs correctly. I don't see how anything could
ever match rule 49999.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020131213029.I152>