ipfw and tun0
Dirk GOUDERS
gouders at et.bocholt.fh-ge.de
Fri Jul 22 07:26:46 GMT 2005
> >I just started to use an ADSL line with PPPoE and want run a firewall
> >between it and my local network. What I am wondering about is that
> >even if I only have the default everything-blocking rule (deny ip from
> >any to any) I still see incoming packets on tun0 with tcpdump.
> >
> >Is this, because the firewall rules get checked after the packets
> >leave the tun0 interface? On what interface should I run tcpdump then
> >to check if my rules are working as expected?
>
> Just a guess, here .... tun0 doesn't exist when the firewall rc
> script is run, so you may have to explicity state the name
> of the interface since it wouldn't be listed during device
> polling at boot time?
Well, it seems as if my firewall rules work as expected -- with just
the default rule, I cannot do anything on the net.
Another example is that I saw several SYN packets directed to
unprivileged ports that got answered with a RST packet by my machine.
When I block those SYN packets, I still see them on tun0 but the RST
responses disappear. Also, ipfw's counters show that it recognizes
those packets...
Sorry for not mentioning that earlier.
Dirk
More information about the freebsd-questions
mailing list