Re: IPFW - Allowed but Denied is shown in my logs

From: Giorgos Keramidas (keramida_at_ceid.upatras.gr)
Date: 08/04/04

  • Next message: Mail System Anti-Virus Administrator: "Virus found in sent message "hello"" 
    Date: Wed, 4 Aug 2004 13:38:48 +0300
To: Srot BULL <pwd8jmr22w@me.point.ne.jp>

    On 2004-08-04 17:13, Srot BULL <pwd8jmr22w@me.point.ne.jp> wrote:
    >
    > This is found in my /etc/ipfw.rules
    > ### Allow out non-secure standard www function ###
    > $CMD 00200 allow tcp from any to any 80 out via $IFN setup keep-state
    >
    > ### Allow out send & get email function ###
    > $CMD 00230 allow tcp from any to any 25 out via $IFN setup keep-state
    > $CMD 00231 allow tcp from any to any 110 out via $IFN setup keep-state
    >
    > ### deny and log everything else that's trying to get out. ###
    > ### This rule enforces the block all by default logic. ###
    > $CMD 00299 deny log all from any to any out via $IFN
    >
    > Why are the above firewall logs telling me that it has denied my TCP
    > packets and yet I am not experiencing some problems in my emails and
    > access to the internet through port 80. [...]

    Show us the full ruleset. Otherwise we're just guessing...

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Mail System Anti-Virus Administrator: "Virus found in sent message "hello""

    Relevant Pages

    • Re: UPD better than TCP in streaming video/audio ?
      ... > UDP gains speed over TCP because it carries no information that would ... it doesn't even know that packets were lost. ... which is perfect for UDP. ... > Finally, there's the possibility of multicast data - for instance, a live ...
      (microsoft.public.win32.programmer.networks)
    • Re: Simulating smaller MTU? ie sending small packets.
      ... This is due to the fact that TCP ... If you want smaller packets, ... >> set there as the MSS is announced by the receiver during the ... Yes, per connection. ...
      (comp.lang.perl.misc)
    • Re: NTP and Firewall help needed.
      ... >port 123 for udp and tcp. ... Also the idea of combining rules for packets arriving at the local machine ... ACCEPT any and all traffic coming from the localhost interface ...
      (comp.os.linux.setup)
    • Re: 6.x, 4.x ipfw/dummynet pf/altq - network performance issues
      ... I'll be able to run some more basic tests tomorrow to see some results, but want to wrap my head around what's actually logically meant to be happening based on adjustments, etc. [I suspect this'll do nothing for the UDP issue, but at least I might be able to pipe some TCP traffic] ... Little packets with ip lengths of 28-29 bytes seem to do the most damage. ... UDP floods are much better handled - an ipfw block rule for the packet type and the machine responds as if there were no flood at all (until total bandwidth saturation or PPS limits of the hardware, which in this case was around 950Mbps). ...
      (freebsd-performance)
    • Re: UDP vs TCP
      ... TCP for instance will break up a large packet into smaller ... into the packets and then the receiving app would have to read ... Network Layer -> ethernet ... DOMAIN over port 53 ...
      (microsoft.public.vb.enterprise)