Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 06 Apr 2000 10:13:59 +0100
From:      Brian Somers <brian@Awfulhak.org>
To:        freebsd-stable@FreeBSD.org
Subject:   funny firewall behaviour
Message-ID:  <200004060914.KAA06003@hak.lan.Awfulhak.org>
next in thread | raw e-mail | index | archive | help 
Has anyone got any idea why I'm seeing this ?

> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.106.3 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185
> ipfw: -1 Refuse UDP 194.242.139.171 213.1.174.185 in via tun1 Fragment = 185

I've got an open firewall that defaults to open....  I expect it to 
let the fragments thorough - even if I haven't already received a 
header, but what's this rule -1 stuff ?

FWIW, these fragments belong to a local tunnel setup...

Thanks for any help.
-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004060914.KAA06003>