Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Oct 1998 12:28:11 +0200
From:      Johann Visagie <wjv@cityip.co.za>
To:        security@FreeBSD.ORG
Subject:   Connections succeed even though denied by IPFW
Message-ID:  <19981029122811.A14672@cityip.co.za>

next in thread | raw e-mail | index | archive | help

I have a rather strange situation here, on a 2.2.5-REL box which currently
has an uptime of over 100 days (I don't know if that might affect it in any
way).

Basically, connections which are denied by the IPFW settings in
/etc/rc.firewall succeed, _even though IPFW logs the packets as being
denied_!

Here is an example of an attempt to connect to my telnetd and popper.  Note
that IPFW successfully denies the packets, but tcpd then gets to reject the
connections:

Oct 27 15:09:16 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1030 196.25.223.161:23 in via ed0
Oct 27 15:09:17 ns telnetd[5955]: refused connect from jhb140.shisas.co.za
Oct 27 15:09:17 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1033 255.255.255.255:110 in via ed0
Oct 27 15:09:19 ns telnetd[5956]: refused connect from jhb140.shisas.co.za
Oct 27 15:09:19 ns popper[5957]: refused connect from jhb140.shisas.co.za
Oct 27 15:09:20 ns /kernel: ipfw: 6410 Deny TCP 196.15.149.140:1052 196.25.223.161:110 in via ed0
Oct 27 15:09:22 ns popper[5959]: refused connect from jhb140.shisas.co.za

I have double checked - if I configure my TCP wrappers to allow a specific
connection, then it can be made successfully, even though the packet
filtering rules should disallow it (and log it that they do).

In a word:  "Huh?"

-- V

Johann Visagie | wjv@CityIP.co.za | Tel: +27 21 419-7878 | ICQ: 20645559

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981029122811.A14672>