ipfw and tun0
gouders at et.bocholt.fh-ge.de
Fri Jul 22 07:26:46 GMT 2005
> >I just started to use an ADSL line with PPPoE and want run a firewall
> >between it and my local network. What I am wondering about is that
> >even if I only have the default everything-blocking rule (deny ip from
> >any to any) I still see incoming packets on tun0 with tcpdump.
> >Is this, because the firewall rules get checked after the packets
> >leave the tun0 interface? On what interface should I run tcpdump then
> >to check if my rules are working as expected?
> Just a guess, here .... tun0 doesn't exist when the firewall rc
> script is run, so you may have to explicity state the name
> of the interface since it wouldn't be listed during device
> polling at boot time?
Well, it seems as if my firewall rules work as expected -- with just
the default rule, I cannot do anything on the net.
Another example is that I saw several SYN packets directed to
unprivileged ports that got answered with a RST packet by my machine.
When I block those SYN packets, I still see them on tun0 but the RST
responses disappear. Also, ipfw's counters show that it recognizes
Sorry for not mentioning that earlier.
More information about the freebsd-questions