Date: Fri, 27 Mar 2015 22:39:48 -0500 From: "William A. Mahaffey III" <wam@hiwaay.net> To: "FreeBSD Questions !!!!" <freebsd-questions@freebsd.org> Subject: Re: ipfw question Message-ID: <55162284.6040806@hiwaay.net> In-Reply-To: <55122B21.60905@hiwaay.net> References: <55122B21.60905@hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 03/24/15 22:27, William A. Mahaffey III wrote:
>
>
> I completed a full pkg upgrade & freebsd-update this A.M. & rebooted.
> I notice the following in my /var/log/security file:
>
>
> Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:32830 in via re0
> Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:65133 in via re0
> Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:65133 in via re0
> Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:29850 in via re0
> Feb 20 09:52:49 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:29850 in via re0
> Feb 26 12:14:19 kabini1 kernel: ipfw: 65500 Deny TCP 216.180.54.1:110
> 192.168.0.27:32249 in via re0
> Feb 27 11:23:49 kabini1 kernel: ipfw: 65500 Deny TCP
> 108.59.11.225:9001 192.168.0.27:30252 in via re0
> Feb 27 11:24:36 kabini1 last message repeated 8 times
> Feb 27 11:25:18 kabini1 kernel: ipfw: 65500 Deny TCP
> 108.59.11.225:9001 192.168.0.27:30252 in via re0
> Mar 14 08:31:42 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:11037 in via re0
> Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:64292 in via re0
> Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:64292 in via re0
> Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:50006 in via re0
> Mar 19 08:36:35 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:50006 in via re0
> Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:19797 in via re0
> Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:23420 in via re0
> Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:23420 in via re0
> Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:33492 in via re0
> Mar 19 08:36:44 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:33492 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:10331 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:10331 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:52550 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:52550 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:31977 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:31977 in via re0
> Mar 19 08:38:04 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:63154 in via re0
> Mar 19 21:55:13 kabini1 kernel: ipfw: 65500 Deny TCP
> 178.32.219.197:9001 192.168.0.27:37694 in via re0
> Mar 19 21:55:46 kabini1 last message repeated 7 times
> Mar 19 21:57:08 kabini1 last message repeated 2 times
> Mar 23 15:06:36 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:32015 in via re0
> Mar 23 15:06:36 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:32015 in via re0
> Mar 23 15:06:40 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:40246 in via re0
> Mar 23 15:06:40 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:40246 in via re0
> Mar 23 15:07:15 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:38671 in via re0
> Mar 23 15:07:15 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53
> 192.168.0.27:38671 in via re0
> Mar 23 15:07:20 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:17037 in via re0
> Mar 23 15:07:20 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.122.2:53
> 192.168.0.27:17037 in via re0
> Mar 24 09:59:15 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27
> 224.0.0.22 out via re0
> Mar 24 09:59:22 kabini1 last message repeated 3 times
> Mar 24 10:01:22 kabini1 last message repeated 4 times
> Mar 24 10:09:23 kabini1 last message repeated 16 times
> Mar 24 10:37:08 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27
> 224.0.0.22 out via re0
> Mar 24 10:37:16 kabini1 last message repeated 3 times
> Mar 24 10:39:15 kabini1 last message repeated 4 times
> Mar 24 10:49:16 kabini1 last message repeated 20 times
> Mar 24 10:59:15 kabini1 last message repeated 20 times
> Mar 24 11:09:16 kabini1 last message repeated 20 times
> Mar 24 11:19:15 kabini1 last message repeated 20 times
> Mar 24 11:29:15 kabini1 last message repeated 20 times
> Mar 24 11:39:16 kabini1 last message repeated 20 times
> Mar 24 11:49:15 kabini1 last message repeated 20 times
>
>
> The last lines about 'message repeated continue until the present. I
> show some output for the last few weeks to show this wasn't happening
> before. Any clues what is causing this ? FreeBSD 9.3-RELEASE-p10,
> 192.168.0.27 is this box, ipfw rules haven't changed in months & are
> mostly the stock 'workstation' rules w/ a few extra rules to let NFS
> work, see below. Need anything else, please ask & TIA ....
>
>
> [root@kabini1, /etc, 10:26:29pm] 366 % ipfw show
> 00100 211446 127533786 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 00400 0 0 deny ip from any to ::1
> 00500 0 0 deny ip from ::1 to any
> 00600 0 0 allow ipv6-icmp from :: to ff02::/16
> 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10
> 00800 2 152 allow ipv6-icmp from fe80::/10 to ff02::/16
> 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1
> 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types
> 2,135,136
> 01100 0 0 check-state
> 01200 371 38801 allow tcp from me to any established
> 01300 131125 100329380 allow tcp from me to any setup keep-state
> 01400 15375 1247143 allow udp from me to any keep-state
> 01500 0 0 allow icmp from me to any keep-state
> 01600 0 0 allow ipv6-icmp from me to any keep-state
> 01700 0 0 allow udp from 0.0.0.0 68 to 255.255.255.255
> dst-port 67 out
> 01800 0 0 allow udp from any 67 to me dst-port 68 in
> 01900 0 0 allow udp from any 67 to 255.255.255.255
> dst-port 68 in
> 02000 0 0 allow udp from fe80::/10 to me dst-port 546 in
> 02100 0 0 allow icmp from any to any icmptypes 8
> 02200 0 0 allow ipv6-icmp from any to any ip6 icmp6types
> 128,129
> 02300 3390 189852 allow icmp from any to any icmptypes 3,4,11
> 02400 0 0 allow ipv6-icmp from any to any ip6 icmp6types 3
> 02500 164 12060 allow tcp from 192.168.0.0/24 to me
> 02600 729 139344 allow udp from 192.168.0.0/24 513 to
> 192.168.0.0/24 dst-port 513
> 65000 2079 233849 count ip from any to any
> 65100 334 58174 deny { tcp or udp } from any to any dst-port
> 111,137,138 in
> 65200 325 118875 deny { tcp or udp } from 192.168.0.0/24 to me
> 65300 0 0 deny ip from any to 255.255.255.255
> 65400 0 0 deny ip from any to 224.0.0.0/24 in
> 65500 0 0 deny udp from any to any dst-port 520 in
> 65500 0 0 deny tcp from any 80,443 to any dst-port
> 1024-65535 in
> 65500 1420 56800 deny log logamount 5000 ip from any to any
> 65535 0 0 deny ip from any to any
> [root@kabini1, /etc, 10:26:37pm] 367 %
>
Anyone ? I'm over 5000 warnings, saw that in my messages file ? What
gives here ?
--
William A. Mahaffey III
----------------------------------------------------------------------
"The M1 Garand is without doubt the finest implement of war
ever devised by man."
-- Gen. George S. Patton Jr.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55162284.6040806>