Re: Bad loopback traffic not stopped by ipfw.
From: Andrea Venturoli (ml.ventu_at_flashnet.it)
Date: 02/25/04
- Previous message: Ronald F. Guilmette: "Re: Finding all IPv4 addresses associated with INADDR_ANY (?)"
- Maybe in reply to: Andrea Venturoli: "Bad loopback traffic not stopped by ipfw."
- Next in thread: Iasen Kostov: "Re: Bad loopback traffic not stopped by ipfw."
- Reply: Iasen Kostov: "Re: Bad loopback traffic not stopped by ipfw."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-net@freebsd.org Date: Wed, 25 Feb 2004 00:15:37 EST
** Reply to note from Ian Smith <smithi@nimnet.asn.au> Wed, 25 Feb 2004 06:41:08 +1100 (EST)
> ... still dribbling in I see. Yawn. But they're being denied ok here.
But it is not so here! And also someone else reported the same problem...
> Try just 'deny log ip from 127.0.0.0/8 to any' (and as mentioned, 'deny
> log ip from any to 127.0.0.1/8' outbound also. Works here.
As I said in another reply I tried this too:
ipfw -a l gives:
00030 2 416 allow ip from any to any via lo0
00031 0 0 deny log ip from any to 127.0.0.0/8
00032 0 0 deny log ip from 127.0.0.0/8 to any
..
But the counts are still 0, no log is displayed and tcpdumps keeps showing packets coming in.
> Not sure if the diversion for NAT above might affect whether they're
> appearing to ipfw as still being 'in recv tun0' or not at rule(s) 1000,
> but you'd want to block these on any interface, in or out, wouldn't you?
As I previously said, I tried it also without diversion to natd.
> > snort and tcpdump correctly report them, but I think I should also
> > see ipfw blocking them. At least this is what I read, googling
> > around, on a previous thread on freebsd-stable.
>
> You should indeed, but maybe some other rule between 50 and 1000 is
> either blocking or allowing them? Anyway, try the more general rule?
See above.
> (Caveat: the above are on a 2.2.6 router/gw that's still chugging along;
> I assume it's more likely a config prob than an issue with 4.8 ipfw(n))
I *hope* it is a config problem, but I can assure it is not a trivial one, at least for me. Not an ipfw rules
related one, at least. Either there is some setup I am not aware of or something is not working properly.
bye & Thanks
av.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Ronald F. Guilmette: "Re: Finding all IPv4 addresses associated with INADDR_ANY (?)"
- Maybe in reply to: Andrea Venturoli: "Bad loopback traffic not stopped by ipfw."
- Next in thread: Iasen Kostov: "Re: Bad loopback traffic not stopped by ipfw."
- Reply: Iasen Kostov: "Re: Bad loopback traffic not stopped by ipfw."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
