* Kapetanakis Giannis <bil...@edu.physics.uoc.gr> [2012-11-01 13:57]: > Nov 01 12:51:10.857175 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: FPE [bad hdr length] (DF) > Nov 01 12:51:12.724286 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: FPE 1137099714:1137099726(12) ack 0 > win 6667 urg 0 (DF) > Nov 01 12:51:14.027193 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: SFR [bad hdr length] (DF) > Nov 01 12:51:15.692047 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: RPWE [bad hdr length] (DF) > Nov 01 12:51:16.121181 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: SFPW [bad hdr length] (DF) > Nov 01 12:51:17.962807 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: SE [bad hdr length] (DF) > Nov 01 12:51:21.934774 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: SFW [bad hdr length] (DF) > Nov 01 12:51:26.985783 rule def/(short) pass in on vlanxxx: > 74.206.235.92.0 > xx.xx.xx.xx.0: SRPWE 1137099714:1137099730(16) win
> apparently something is blocked, but also something is passed since > I still get these mesages > on my pflog. need to resort to guesswork since your report lacks so much, but it looks like you are simply misdiagnosing. and I admit it isn't super obvious. seeing the "bad hdr length", pf will block these. the rule referred to then is the default rule. but we didn't get as far as rule matching, so that is misleading you. as said, this is entirely guessed. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
