Date: Mon, 28 Feb 2000 19:42:42 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: cjclark@home.com Cc: Lev Serebryakov <lev@imc.macro.ru>, All <freebsd-security@FreeBSD.ORG> Subject: Re: ipfw log accounting Message-ID: <200002290343.TAA07654@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 28 Feb 2000 21:59:04 EST." <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20000228215904.B31743@cc942873-a.ewndsr1.nj.home.com>,
"Crist J. Cl
ark" writes:
> On Tue, Feb 29, 2000 at 01:46:53AM +0300, Lev Serebryakov wrote:
> [snip]
> > And one more question:
> > How could I write rule, which skip all broadcast traffic? My
> > computer is on big provider's net, and here is more than one
> > broadcast address (many subnets on one wire)...
>
> Never tried this and haven't glanced at the source to see if it has a
> chance of working, but _theoretically_ is there a reason that,
>
> deny ip from 0.0.0.255:0.0.0.255 to any
>
> A "reversed" netmask won't work?
Been there done that. This works using either IPFW or IP Filter,
however you'll want to code it as the following, as the destination is
the broadcast address:
deny ip from any to 0.0.0.255:0.0.0.255
Or if you use IP Filter,
block in on xl0 from any to 0.0.0.255:0.0.0.255
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
"COBOL IS A WASTE OF CARDS."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002290343.TAA07654>