ipfw and tun0

Dirk GOUDERS gouders at et.bocholt.fh-ge.de
Fri Jul 22 07:26:46 GMT 2005

 > >I just started to use an ADSL line with PPPoE and want run a firewall
 > >between it and my local network.  What I am wondering about is that
 > >even if I only have the default everything-blocking rule (deny ip from
 > >any to any) I still see incoming packets on tun0 with tcpdump.
 > >
 > >Is this, because the firewall rules get checked after the packets
 > >leave the tun0 interface?  On what interface should I run tcpdump then
 > >to check if my rules are working as expected?
 > Just a guess, here .... tun0 doesn't exist when the firewall rc
 > script is run, so you may have to explicity state the name
 > of the interface since it wouldn't be listed during device
 > polling at boot time?

Well, it seems as if my firewall rules work as expected -- with just
the default rule, I cannot do anything on the net.

Another example is that I saw several SYN packets directed to
unprivileged ports that got answered with a RST packet by my machine.
When I block those SYN packets, I still see them on tun0 but the RST
responses disappear.  Also, ipfw's counters show that it recognizes
those packets...

Sorry for not mentioning that earlier.


More information about the freebsd-questions mailing list