Blocking RIP requests on firewall
Mark Woodson
mwoodson at sricrm.com
Wed Aug 13 13:59:19 PDT 2003
(top quoting make following threads difficult)
On Wednesday 13 August 2003 12:49 pm, Darryl Hoar wrote:
> ipfstat -in shows:
>
> @1 pass in quick on xl0 proto udp from 10.0.0.1/32 to any port = 68 keep
> state
> @2 block return-rst in log quick on xl0 proto tcp from any to any
> @3 block return-icmp-as-dest(port-unr) in log quick on xl0 proto udp from
> any to any
This line is blocking the router messages. Put the rule above it in the list
and that should take care of it. That message would seem to be in effect
just blocking any udp traffic in on that interface. I'm not sure that the
rule is working like you expect it to. Not sure how to fix it, but I don't
think icmp port-unreach's come in as udp packets.
> @4 block in quick on xl0 proto udp from 10.0.0.1/32 to any port = 520
> @5 block in log quick on xl0 from any to any
> @6 pass in quick on xl1 proto tcp from any to any flags S/FSRPAU
> @7 pass in quick on xl1 proto udp from any to any keep state
> @8 pass in quick on xl1 proto icmp from any to any keep state
> @9 block in quick on xl1 from any to any
> @10 pass in quick on lo0 from any to any
>
> I don't get it . the log entries seem to be from rip, but its logging
> at rule 3.
If you ignore the reutnr-icmp-as-dest(port-unr) it make total sense, since it
is denying any udp from any address coming in on xl0.
-Mark
More information about the freebsd-questions
mailing list