From owner-freebsd-questions@freebsd.org  Tue Sep 15 08:02:59 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id D9CA73F3F24
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue, 15 Sep 2020 08:02:59 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::50:13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4BrG1b4xNhz3W8D
 for <freebsd-questions@freebsd.org>; Tue, 15 Sep 2020 08:02:59 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: by mailman.nyi.freebsd.org (Postfix)
 id A95D43F4286; Tue, 15 Sep 2020 08:02:59 +0000 (UTC)
Delivered-To: questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A921C3F3F23
 for <questions@mailman.nyi.freebsd.org>; Tue, 15 Sep 2020 08:02:59 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: from ipmail05.adl3.internode.on.net (ipmail05.adl3.internode.on.net
 [150.101.137.13])
 by mx1.freebsd.org (Postfix) with ESMTP id 4BrG1Z0RZBz3WH7
 for <questions@freebsd.org>; Tue, 15 Sep 2020 08:02:57 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
X-SMTP-MATCH: 0
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2DUBQCtdGBf/wR/Ag5dAx0BAQEBCQE?=
 =?us-ascii?q?SAQUFAUAHgUiDBWqFGIkChiOBZggmg3qWOoFpCwE9AQIEAQGERQQCAoIeJTg?=
 =?us-ascii?q?TAhABAQYBAQEBAQYEhlWFcwEFIzMzCw4KAgIRBw4CAlcGAQwIAQGDIoJ8tgm?=
 =?us-ascii?q?BMoVThRaBDiqOBoFBgTgMgl0+ER+DRi85HgiCUIJgBJtSUJpkggNsmjQFKKB?=
 =?us-ascii?q?tkmGheIF6MxohgzxPGQ2cdjRnAgYKAQEDCVcBj3gBAQ?=
Received: from ppp14-2-127-4.adl-apt-pir-bras32.tpg.internode.on.net (HELO
 leader.local) ([14.2.127.4])
 by ipmail05.adl3.internode.on.net with ESMTP; 15 Sep 2020 17:31:58 +0930
Subject: Re: ipfw matching traffic to broadcast (255.255.255.255)
To: Kevin Oberman <rkoberman@gmail.com>,
 "freebsd-questions@freebsd.org" <questions@freebsd.org>
References: <CAN6yY1uaRUJK9GnpM6jhhs2fauj2063VqGh2VUktP3Z2zVumTA@mail.gmail.com>
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
Message-ID: <f0b8e469-4e18-faf3-9607-077bccdb84d2@ShaneWare.Biz>
Date: Tue, 15 Sep 2020 17:31:56 +0930
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
MIME-Version: 1.0
In-Reply-To: <CAN6yY1uaRUJK9GnpM6jhhs2fauj2063VqGh2VUktP3Z2zVumTA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4BrG1Z0RZBz3WH7
X-Spamd-Bar: +
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of FreeBSD@shaneware.biz has no SPF policy
 when checking 150.101.137.13) smtp.mailfrom=FreeBSD@shaneware.biz
X-Spamd-Result: default: False [1.67 / 15.00]; MID_RHS_MATCH_FROM(0.00)[];
 ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[];
 NEURAL_SPAM_SHORT(0.06)[0.056]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[ShaneWare.Biz]; AUTH_NA(1.00)[];
 NEURAL_SPAM_MEDIUM(0.33)[0.332]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 NEURAL_SPAM_LONG(0.28)[0.282]; R_SPF_NA(0.00)[no SPF record];
 FREEMAIL_TO(0.00)[gmail.com,freebsd.org];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:4739, ipnet:150.101.0.0/16, country:AU];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[questions]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 08:02:59 -0000

On 12/9/20 7:07 am, Kevin Oberman wrote:
> I am seeing traffic from my cell phone to the broadcast address that I
> would like to block. I added a rule:
> 3220 deny udp from 192.168.1.18 9050 to any
> It shows no packet ever match even though I see many logged by my catch-all
> rule: 5999 deny log udp from any to any
> ipfw: 5999 Deny UDP 192.168.1.18:9050 255.255.255.255:9050 in via wlan0
> 
> Why is the 3220 rule not matching the packets I see logged by 3220?

While man ipfw says that " 'any' matches any IP address", you should
note that a broadcast address is a special IP address which means every
IP in the subnet.

I had trouble getting a minidlna server to respond on my home network,
the dlna client broadcasts on a udp port to discover servers, to get it
through my firewall I needed to specifically allow packets to the
broadcast address rather than to any.

This worked for me -

ipfw add 5880 pass udp from any to 239.255.255.250 dst-port 1900

So try

ipfw add 3220 deny udp from 192.168.1.18 9050 to 255.255.255.255 9050

or to account for dynamic addresses

ipfw add 3220 deny udp from any to 255.255.255.255 9050

-- 
FreeBSD - the place to B...Silencing Data

Shane Ambler