Date: Tue, 10 Jul 2001 21:40:09 -0400 (EDT) From: Francisco Reyes <lists@natserv.com> To: <eebert@alumni.caltech.edu> Cc: FreeBSD Security List <freebsd-security@FreeBSD.ORG> Subject: Re: Cant ping/nslookup Message-ID: <20010710213832.Q511-100000@zoraida.natserv.net> In-Reply-To: <20010711013109.14413.qmail@web14608.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Jul 2001, Erik Ebert wrote: > > --- Francisco Reyes <lists@natserv.com> wrote: > > On Tue, 10 Jul 2001, Dru wrote: > > I have some rules. I thought I would only include > > the "deny" clauses to > > show that they all had the "log" option yet nothing > > was coming up on > > /var/log/security. > . > > 65535 0 0 deny ip from any to any > > The default rule, 65535, which gets added > automatically by the kernel or something, does not > have the log option on. That is almost certainly the > rule that is getting hit. What I do is add a rule > like: > > 65534 deny log ip from any to any > > to catch anything before the default rule kicks in. I have such a rule, but most importantly.. ipfw show doesn't have ANY packets hitting those rules: 05400 0 0 deny log logamount 50 ip from any to any 65535 0 0 deny ip from any to any I think somehow natd is causing the problem. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010710213832.Q511-100000>