Date: Tue, 24 Feb 2004 18:44:46 EST From: Andrea Venturoli <ml.ventu@flashnet.it> To: freebsd-net@freebsd.org Subject: Re: Bad loopback traffic not stopped by ipfw. Message-ID: <200402241744.i1OHikmZ026736@soth.ventu>
next in thread | raw e-mail | index | archive | help
** Reply to note from Barney Wolff <barney@databus.com> Tue, 24 Feb 2004 12:30:23 -0500
>> IMHO opinion wrong packets are arriving
>> from the upstream router (for which it
>> would be useless to ask for a fix),
> Your first three rules, before anything else, should be:
> allow ip from any to any via lo0
> deny log logamount 1000 ip from any to 127.0.0.0/8
> deny log logamount 1000 ip from 127.0.0.0/8 to any
> then see what ipfw says.
> Your ruleset does not block packets from 127
> outbound.
I though it did! These are just not the first rules, but they should anyway.
In any case, I tried your suggestion: now ipfw -a l gives:
00030 2 416 allow ip from any to any via lo0
00031 0 0 deny log ip from any to 127.0.0.0/8
00032 0 0 deny log ip from 127.0.0.0/8 to any
And I've had snort reporting bas loopback traffic in the meanwhile.
So this is not a problem with my rules.
bye & Thanks
av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402241744.i1OHikmZ026736>