IPFW strange events

Chris bsdnewbie at coolarrow.com
Sat Nov 1 08:55:37 PST 2003


This is occurring on a 4.8-RELEASE server using IPFW2...

I have numerous rules that block bogus networks... one of which is:

ipfw add 0104 deny log ip from to any

And I know it's working because using "ipfw list" I get:

00104 deny log ip from to any

Whenever that rule is active, it's blocking packets - "ipfw show":

00104         21       1148 deny log ip from to any


Various services stop working... so I look at /var/log/security and see NUMEROUS entries such as this:

Nov  1 10:30:00 server /kernel: ipfw: 104 Deny TCP out via lo0

Now I don't see anything in the rule about the localhost address, yet that's what it's blocking. But a little bit ahead of that rule, I do have this one:

ipfw add 082 divert natd all from any to any via fxp0

Would it help to put all the bogus network deny rules ahead of the divert rule?


More information about the freebsd-questions mailing list