Hello list, I'm having a problem setting up ipf on a FreeBSD server and can't figure out where I'm going wrong. I copied my ipf.rules file from another server I have where ipf is working great. But after I customized the rules to this server it is filling /var/log/messages with lines like the following:
Jan 4 15:15:21 pikeman ipmon[222]: 15:15:21.465822 2x em0 @0:33 b 198.32.64.12,53 -> 65.19.150.68,62097 PR udp len 20 314 IN Jan 4 15:15:21 pikeman ipmon[222]: 15:15:21.492578 em0 @0:33 b 216.200.145.35,25 -> 65.19.150.68,57210 PR tcp len 20 60 -AS IN Jan 4 15:15:21 pikeman ipmon[222]: 15:15:21.505821 em0 @0:33 b 205.188.156.249,25 -> 65.19.150.68,57209 PR tcp len 20 48 -AS IN The lines scroll by faster than I can read them, if I tail the logfile. The blocked packets in this case are coming from standard ports to non-standard ports. Doing a reverse lookup on the ips, it would seem that my server has initiated the transfer and the other servers are simply replying. (I deduce that from the blocked ips because they belong to hostnames that I would not expect to be flooding my server. Namely, the first ip is for l.root-servers.net.) I've attached the ipf.rules file to this e-mail. A uname -r on the server returns 5.4-RELEASE-p4. Can anybody see what I'm doing wrong? TIA, Jacob
ipf.rules
Description: Binary data
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
