Ipf problem

Jacob S stormspotter at 6Texans.net
Thu Jan 5 22:17:56 PST 2006

Hello list,

I'm having a problem setting up ipf on a FreeBSD server and can't
figure out where I'm going wrong. I copied my ipf.rules file from
another server I have where ipf is working great. But after I
customized the rules to this server it is filling /var/log/messages
with lines like the following:

Jan  4 15:15:21 pikeman ipmon[222]: 15:15:21.465822 2x em0 @0:33 b,53 ->,62097 PR udp len 20
314 IN Jan  4 15:15:21 pikeman ipmon[222]: 15:15:21.492578 em0 @0:33 b,25 ->,57210 PR tcp len 20 60 -AS IN Jan  4
15:15:21 pikeman ipmon[222]: 15:15:21.505821 em0 @0:33 b,25 ->,57209 PR tcp len 20 48 -AS IN 

The lines scroll by faster than I can read them, if I tail the logfile.
The blocked packets in this case are coming from standard ports to
non-standard ports. Doing a reverse lookup on the ips, it would seem
that my server has initiated the transfer and the other servers are
simply replying. (I deduce that from the blocked ips because they belong
to hostnames that I would not expect to be flooding my server. Namely,
the first ip is for l.root-servers.net.)

I've attached the ipf.rules file to this e-mail. A uname -r on the
server returns 5.4-RELEASE-p4. Can anybody see what I'm doing wrong? 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipf.rules
Type: application/octet-stream
Size: 9354 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060106/befb0b35/ipf.obj

More information about the freebsd-questions mailing list