From owner-freebsd-net@FreeBSD.ORG  Tue Feb 24 09:44:50 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A384F16A4CE
	for <freebsd-net@freebsd.org>; Tue, 24 Feb 2004 09:44:50 -0800 (PST)
Received: from smtp1.libero.it (smtp1.libero.it [193.70.192.51])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEDCB43D1F
	for <freebsd-net@freebsd.org>; Tue, 24 Feb 2004 09:44:47 -0800 (PST)
	(envelope-from ml.ventu@flashnet.it)
Received: from soth.ventu (151.37.23.42) by smtp1.libero.it (7.0.020-DD01)
	id 401D5FAE009C4E24 for freebsd-net@freebsd.org;
	Tue, 24 Feb 2004 18:45:16 +0100
Received: from mailer (xanatar.ventu [10.1.2.6])
	by soth.ventu (8.12.6p3/8.12.6) with SMTP id i1OHikmZ026736
	for <freebsd-net@freebsd.org>; Tue, 24 Feb 2004 18:44:46 +0100 (CET)
	(envelope-from ml.ventu@flashnet.it)
Message-Id: <200402241744.i1OHikmZ026736@soth.ventu>
To: freebsd-net@freebsd.org
Priority: Normal
X-Mailer: Post Road Mailer for OS/2 (Green Edition Ver 3.0)
Date: Tue, 24 Feb 2004 18:44:46 EST
From: Andrea Venturoli <ml.ventu@flashnet.it>
Subject: Re: Bad loopback traffic not stopped by ipfw.
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Andrea Venturoli <ml@netfence.it>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2004 17:44:50 -0000

** Reply to note from Barney Wolff <barney@databus.com> Tue, 24 Feb 2004 12:30:23 -0500

>> IMHO opinion wrong packets are arriving
>> from the upstream router (for which it
>> would be useless to ask for a fix),
  
> Your first three rules, before anything else, should be:
> allow ip from any to any via lo0
> deny log logamount 1000 ip from any to 127.0.0.0/8
> deny log logamount 1000 ip from 127.0.0.0/8 to any
> then see what ipfw says.
> Your ruleset does not block packets from 127
> outbound.

I though it did! These are just not the first rules, but they should anyway.
In any case, I tried your suggestion: now ipfw -a l gives:

00030   2   416 allow ip from any to any via lo0
00031   0     0 deny log ip from any to 127.0.0.0/8
00032   0     0 deny log ip from 127.0.0.0/8 to any


And I've had snort reporting bas loopback traffic in the meanwhile.
So this is not a problem with my rules.


 bye & Thanks
        av.