Need help with IPFW rule

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Mon Oct 11 10:42:54 PDT 2004


Norm Vilmer <norm at etherealconsulting.com> writes:

> I get this message (below) on the console of my FreeBSD 4.10 firewall:
> 
> Connection attempt to TCP <my public ip>:20388 from 61.151.248.42:80
> flags 0x12
> 
> It appears that this is getting through the firewall and is logged to
> the console because log_in_vain is 1.
> 
> Question: What IPFW rule would block this without interfering with
> normal http traffic on port 80 (I have Apache running on the box and
> nat'd machines on the inside interface that access the Internet)?

In most peoples' configurations, this would be getting blocked by a
default block-all rule.  The users' connection out on port 80 would be
accepted by a rule that is specific to the outgoing direction, and
incoming packets on those connections would be accepted by either
keeping state or by letting in only non-SYN packets.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org:8088/~lowell/


More information about the freebsd-questions mailing list