OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: ipfw log accounting
From: Sergey V. Kart (sergeyGLB.NET)
Date: Tue Feb 29 2000 - 04:39:51 CST

On Tue, 29 Feb 2000, Rodney W. Grimes wrote:
> > In message <20000228215904.B31743cc942873-a.ewndsr1.nj.home.com>,
> > "Crist J. Cl
> > ark" writes:
> > > On Tue, Feb 29, 2000 at 01:46:53AM +0300, Lev Serebryakov wrote:
> > > [snip]
> > > > And one more question:
> > > > How could I write rule, which skip all broadcast traffic? My
> > > > computer is on big provider's net, and here is more than one
> > > > broadcast address (many subnets on one wire)...
> > >
> > > Never tried this and haven't glanced at the source to see if it has a
> > > chance of working, but _theoretically_ is there a reason that,
> > >
> > > deny ip from 0.0.0.255:0.0.0.255 to any
> > >
> > > A "reversed" netmask won't work?
> >
> > Been there done that. This works using either IPFW or IP Filter,
> > however you'll want to code it as the following, as the destination is
> > the broadcast address:
>
> Actually you need to be a bit selective, your host is going to have
> a real hard time doing arp's if you block all broadcast packets. Make
> sure you have a directly connected network specific ``allow'' of broadcast
> destinations.
Actually ARP works at 2 Layer of OSI ... If you'll block all broadcast
packets ARP will be working properly !

 
Signed.
 ====================================================================
   Sergey Kart | GLB.NET ISP Hub Administrator/Telecom Specialist
                                

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message