Hi,

I recently set up a bridging-firewall to protect some servers on my internal
net. The bridge is correctly blocking all IP-traffic. Nevertheless I find
some packets behind the firewall, that seem to have passed the firewall:

tcpdump: listening on bge0
20:36:50.247555 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15
20:36:52.251387 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15
20:36:54.146709 12.00:02:55:9c:26:ce.453 > 12.ff:ff:ff:ff:ff:ff.453:ipx-rip-resp 1004/1.2 13/1.2 99/1.2 1003/2.3 5/2.3 6/2.3[|ipx 248]
20:36:54.246443 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15
20:36:54.412285 CDP v2, ttl=180s DevID '17-3-[2731]' Addr (1): IPv4 10.0.12.243 PortID 'FastEthernet0/4' CAP 0x0a[|cdp]
20:36:56.246483 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15 20:36:57.023039 12.00:01:e6:71:9c:33.452 > 12.ff:ff:ff:ff:ff:ff.452:ipx-sap-resp[|ipx 64]
20:36:58.248710 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15 20:37:00.247279 802.1d config 8000.00:08:e3:af:5a:00.8010 root 8000.00:04:c1:f2:fb:40 pathcost 4 age 1 max 20 hello 2 fdelay 15

This looks like non-IP traffic to me. As I'm seeing these packets on both
the external interface of the firewall and on the server behind the firewall,
they don't seem to be blocked by my "deny ip from any to any" rule.

Is there any way to block these packets from crossing the bridge?

Stephan

-- 
Stephan Eckner                                           http://www.eckner.org/
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]