Bad loopback traffic not stopped by ipfw.
Andrea Venturoli
ml.ventu at flashnet.it
Tue Feb 24 15:15:39 PST 2004
** Reply to note from Ian Smith <smithi at nimnet.asn.au> Wed, 25 Feb 2004 06:41:08 +1100 (EST)
> ... still dribbling in I see. Yawn. But they're being denied ok here.
But it is not so here! And also someone else reported the same problem...
> Try just 'deny log ip from 127.0.0.0/8 to any' (and as mentioned, 'deny
> log ip from any to 127.0.0.1/8' outbound also. Works here.
As I said in another reply I tried this too:
ipfw -a l gives:
00030 2 416 allow ip from any to any via lo0
00031 0 0 deny log ip from any to 127.0.0.0/8
00032 0 0 deny log ip from 127.0.0.0/8 to any
..
But the counts are still 0, no log is displayed and tcpdumps keeps showing packets coming in.
> Not sure if the diversion for NAT above might affect whether they're
> appearing to ipfw as still being 'in recv tun0' or not at rule(s) 1000,
> but you'd want to block these on any interface, in or out, wouldn't you?
As I previously said, I tried it also without diversion to natd.
> > snort and tcpdump correctly report them, but I think I should also
> > see ipfw blocking them. At least this is what I read, googling
> > around, on a previous thread on freebsd-stable.
>
> You should indeed, but maybe some other rule between 50 and 1000 is
> either blocking or allowing them? Anyway, try the more general rule?
See above.
> (Caveat: the above are on a 2.2.6 router/gw that's still chugging along;
> I assume it's more likely a config prob than an issue with 4.8 ipfw(n))
I *hope* it is a config problem, but I can assure it is not a trivial one, at least for me. Not an ipfw rules
related one, at least. Either there is some setup I am not aware of or something is not working properly.
bye & Thanks
av.
More information about the freebsd-net
mailing list