netbsd-help: Re: Blocking broadcast packets with IPF

Subject: Re: Blocking broadcast packets with IPF
To: Todd Gruhn <tgruhn2@mail.com>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-help
Date: 07/04/2005 14:52:33
On Sun, Jul 03, 2005 at 06:32:01AM +0800, Todd Gruhn wrote:
> I switched from a modem conection to Comcast pppoe internet.
> Now /var/log/ipmonlog is full of log entries like this:
> 
> Jul  2 18:10:31 gandalf ipmon[242]: 18:10:31.258806 rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 370 IN broadcast 
> Jul  2 18:10:31 gandalf ipmon[242]: 18:10:31.345966 rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 370 IN broadcast 
> Jul  2 18:10:33 gandalf ipmon[242]: 18:10:33.384774 rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:10:34 gandalf ipmon[242]: 18:10:33.539746 rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:10:44 gandalf ipmon[242]: 18:10:44.329118 2x rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:10:48 gandalf ipmon[242]: 18:10:48.410766 2x rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:10:56 gandalf ipmon[242]: 18:10:56.500039 rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:11:08 gandalf ipmon[242]: 18:11:07.537773 2x rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:12:04 gandalf ipmon[242]: 18:12:03.951672 rtk0 @120:4 b 202.99.172.160,34440 -> pcp02406082pcs.gnscrp01.va.comcast.net[68.84.11.16],1027 PR udp len 20 
> 502 IN 
> Jul  2 18:20:05 gandalf ipmon[242]: 18:20:04.743763 rtk0 @120:4 b 222.241.95.3,41615 -> pcp02406082pcs.gnscrp01.va.comcast.net[68.84.11.16],1026 PR udp len 20 50
> 3 IN 
> Jul  2 18:20:05 gandalf ipmon[242]: 18:20:04.743829 rtk0 @120:4 b 222.241.95.3,41617 -> pcp02406082pcs.gnscrp01.va.comcast.net[68.84.11.16],1027 PR udp len 20 50
> 3 IN 
> Jul  2 18:24:26 gandalf ipmon[242]: 18:24:25.798694 2x rtk0 @100:2 b 10.71.168.1,bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast 
> Jul  2 18:26:35 gandalf ipmon[242]: 18:26:35.218324 rtk0 @120:4 b 146.70-85-177.reverse.theplanet.com[70.85.177.146],45846 -> pcp02406082pcs.gnscrp01.va.comcast.
> 
> How do I get rid of bootps -> 255.255.255.255,bootpc PR udp len 20 371 IN broadcast ??

Add a rule like
block in from any to 255.255.255.255
near the start of your ipf.conf file

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--