On Wednesday 13 August 2003 11:27 am, Darryl Hoar wrote: > >-----Original Message----- > From: Mark Woodson [mailto:[EMAIL PROTECTED] > >Sent: Wednesday, August 13, 2003 11:54 AM > >To: [EMAIL PROTECTED] > >Subject: Re: Blocking RIP requests on firewall > > > >On Wednesday 13 August 2003 07:53 am, Darryl Hoar wrote: > >> Greetings, > >> I have a FreeBSD 4.7S machine that is running > >> IPFilter and is configured as a firewall. > >> > >> My external interface is xl0. > >> I put block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 > >> reloaded the rules (by rebooting. I have it locked down). > >> it still generates log entries in my firewall_log file. > > > >Can you show an example of the log entry you're seeing? > > > >> block return-rst in log quick on xl0 proto tcp from any to any > >> block return-icmp-as-dest(port-unr) in log quick on xl0 > > > >proto udp from any > >to any > > > >> block in quick on xl0 proto udp from 10.0.0.1 to any port = 520 > > > >if you change this to: > >block in quick on xl0 proto udp from any to any port = 520 > > > >You will drop any packet bound for port 520 without logging, > >not just ones from 10.0.0.1 > > > >> block in log quick on xl0 all > > > >The other entries have the log keyword so will be generating entries.
> here's a couple of the entries: > > Aug 13 13:20:59 darryl ipmon: 13:20:58.166238 xl0 @0:3 b > 10.0.0.1,router -> 10.0.0.255,router PR udp len 2 > 0 72 IN > Aug 13 13:21:28 darryl ipmon: 13:21:28.164643 xl0 @0:3 b > 10.0.0.1,router -> 10.0.0.255,router PR udp len 2 > 0 72 IN I'm kind of at a loss, since it's using rule 3 (which appears to be the rule you've got to not log). What's the output of ipfstat -in (shows the input filter with line #'s). -Mark _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"