Date: Fri, 22 Oct 1999 23:19:46 -0400 (EDT) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: danielb@pacex.net (daniel B) Cc: Doug@gorean.org (Doug Barton), freebsd-questions@FreeBSD.ORG Subject: Re: ipfw dny ip from any to any Message-ID: <199910230319.XAA34423@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.10.9910220959180.20681-100000@almazs.pacex.net> from daniel B at "Oct 22, 1999 10:06:14 am"
next in thread | previous in thread | raw e-mail | index | archive | help
daniel B wrote, > > > I want to log all denied packets in ipfw and I used > > > 65534 add deny log all from any to any > > > this should 'bypass' the las rule > > > 65535 deny all from any to any > > > > > > but it doen't! I still see denied packet on the last rule when I do > > > ipfw sh > > > > > > What to do now? > > > > I bet that the amount of packets is always constant, right? Try > > doing 'ipfw -a l' once a day for a few days. The number should always be > > the same. This represents the number of packets that cross the interface > > before your firewall rules are loaded by the init process. > > > > If it turns out that the number does grow, then we have a bug > > somewhere and we need to track it down. > > > > Good luck, > Well NO LUCK yet! I also tried this: > $fwcmd add 65532 deny log tcp from any to any > $fwcmd add 65533 deny log udp from any to any > $fwcmd add 65534 deny log icmp from any to any > > and the last rule dy default is: > > 65535 deny all from any to any > > and I still see denied packets logged under the last rule > I reloaded my firewall rules and even rebooted! > Huh! First, you did not answer if the number of packets that were hitting that last rule ever changed. Did you witness them change? (The number changed between two checks during which time the machine never was rebooted and the ipfw rules were never touched.) Second, there are protocols besides TCP, UDP, and ICMP. Packets from other protocols, known or unknown, can fall through. In addition, broken packets can fall through as well. I would expect that you would get some in this second configuration. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910230319.XAA34423>