Need help with IPFW rule
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Mon Oct 11 10:42:54 PDT 2004
Norm Vilmer <norm at etherealconsulting.com> writes:
> I get this message (below) on the console of my FreeBSD 4.10 firewall:
>
> Connection attempt to TCP <my public ip>:20388 from 61.151.248.42:80
> flags 0x12
>
> It appears that this is getting through the firewall and is logged to
> the console because log_in_vain is 1.
>
> Question: What IPFW rule would block this without interfering with
> normal http traffic on port 80 (I have Apache running on the box and
> nat'd machines on the inside interface that access the Internet)?
In most peoples' configurations, this would be getting blocked by a
default block-all rule. The users' connection out on port 80 would be
accepted by a rule that is specific to the outgoing direction, and
incoming packets on those connections would be accepted by either
keeping state or by letting in only non-SYN packets.
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org:8088/~lowell/
More information about the freebsd-questions
mailing list