Bad loopback traffic not stopped by ipfw.
Barney Wolff
barney at databus.com
Tue Feb 24 09:30:25 PST 2004
On Tue, Feb 24, 2004 at 05:11:22PM -0500, Andrea Venturoli wrote:
> IMHO opinion wrong packets are arriving from the upstream router (for which it would be useless to ask for a fix),
Your first three rules, before anything else, should be:
allow ip from any to any via lo0
deny log logamount 1000 ip from any to 127.0.0.0/8
deny log logamount 1000 ip from 127.0.0.0/8 to any
then see what ipfw says. Your ruleset does not block packets from 127
outbound.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-net
mailing list