Hello! I tried searching freebsd and ipfilter mailing list archives, but didn't find the answer to my question.
I'm running Apache 1.3.27 web server on FreeBSD 4.6.1-RELEASE-p10 (all security patches applied). I also use IPFilter on this machine to block unwanted traffic. To let the world see my web, I use this IPFilter rule in the ruleset: pass in quick on fxp0 proto tcp from any to 194.126.106.98 port = 80 flags S keep state keep frags Everything seems to be working OK and I haven't heard any complaints about the web server being unreachable, but still I see a lot of blocked traffic on port 80. For example: ... most commonly, incoming packets with AF flags ... Oct 17 17:22:53 heerold ipmon[51]: 17:22:52.119983 2x fxp0 @0:22 b 195.250.169.2 2,1070 -> 194.126.106.98,80 PR tcp len 20 40 -AF IN ... sometimes incoming packets with R flag ... Oct 17 18:10:11 heerold ipmon[51]: 18:10:11.223164 fxp0 @0:22 b 195.250.169.22,1064 -> 194.126.106.98,80 PR tcp len 20 40 -R IN ... and ocasionally even outgoing packets! ... Oct 18 08:38:05 heerold ipmon[51]: 08:38:05.086333 fxp0 @0:32 b 194.126.106.98,80 -> 213.219.109.38,62481 PR tcp len 20 44 -AS OUT The goal of my ruleset is, of course, to let through the minimum needed for Apache to work correctly and block the bogus packets even if they are destined for port 80. However, the amount of blocked packets leads me to think that the ruleset might be too strict. What would be the correct things to let through on port 80 for Apache to work correctly? -- Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/ * Radioactive cats have 18 half-lives. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
