On Mon, Dec 13, 1999 at 03:19:15PM -0500, mcmahill@mtl.mit.edu wrote:
> I'm trying to block some particular network traffic.  The stuff in
> question (from tcpdump) is:
> 15:16:24.311352 SEPTUM.MIT.EDU.1121 > 18.62.255.255.sunrpc: udp 96

Not related to your question, but should that machine really be
broadcasting to a whole b-class? 

If you're not on the same subnet, bug your network admins to block
directed IP broadcasts. It'll also help prevent network abuse.

> So I put a line in /etc/ipf.conf:
> block in quick on ep1 from 18.62.0.0/16 to 18.62.255.255/32  port=sunrpc
> but this doesn't do it.  I still see the packets with tcpdump and ipfstat
> doesn't show any blocked.

tcpdump will show you the packets even if they're blocked, because
tcpdump grabs them at the _ethernet_ level. 

I think you need spaces around your '='.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
If you don't spend energy getting what you want,
	You'll have to spend it dealing with what you get.
					      - Unknown