Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 15 Sep 2020 17:31:56 +0930
From:      Shane Ambler <FreeBSD@ShaneWare.Biz>
To:        Kevin Oberman <>, "" <>
Subject:   Re: ipfw matching traffic to broadcast (
Message-ID:  <f0b8e469-4e18-faf3-9607-077bccdb84d2@ShaneWare.Biz>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 12/9/20 7:07 am, Kevin Oberman wrote:
> I am seeing traffic from my cell phone to the broadcast address that I
> would like to block. I added a rule:
> 3220 deny udp from 9050 to any
> It shows no packet ever match even though I see many logged by my catch-all
> rule: 5999 deny log udp from any to any
> ipfw: 5999 Deny UDP in via wlan0
> Why is the 3220 rule not matching the packets I see logged by 3220?

While man ipfw says that " 'any' matches any IP address", you should
note that a broadcast address is a special IP address which means every
IP in the subnet.

I had trouble getting a minidlna server to respond on my home network,
the dlna client broadcasts on a udp port to discover servers, to get it
through my firewall I needed to specifically allow packets to the
broadcast address rather than to any.

This worked for me -

ipfw add 5880 pass udp from any to dst-port 1900

So try

ipfw add 3220 deny udp from 9050 to 9050

or to account for dynamic addresses

ipfw add 3220 deny udp from any to 9050

FreeBSD - the place to B...Silencing Data

Shane Ambler

Want to link to this message? Use this URL: <>