ipfw denial log - what's this mean?
Rob
bitabyss at gmail.com
Thu Apr 10 18:55:18 UTC 2008
Hi Everyone,
My 6.2-Release system coughed up a report of denied packets from ipfw in its daily security run:
ipfw denied packets:
+++ /tmp/security.gnkQg5CA Thu Apr 10 03:04:15 2008
+00200 12 795 deny ip from any to 127.0.0.0/8
What does this mean? I understand that's the loopback interface, but I'm not terribly knowledgeable on ipfw. Is this some crack attempt, or normal background noise? I don't understand how lo0 would ever see any IP addresses other than its own?!
The whole rule set looks like this:
# ipfw show
00100 4749394 1011660210 allow ip from any to any via lo0
00200 12 795 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
01005 17272713 2535346056 fwd 12.219.128.1 tcp from 12.219.128.39 to any out
65000 174044808 81045388703 allow ip from any to any
65535 1 328 deny ip from any to any
-Thanks, Rob
More information about the freebsd-questions
mailing list