Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Anyone good with ipfw2?

marioman38

marioman38

macrumors 6502a
Original poster
Aug 8, 2006
901
84
Lodi, CA
I'm trying to block the stupid TCP RST Packets my isp claimed that they have stopped injecting... they haven't stopped :mad:

I believe

"sudo ipfw add deny tcp from any to any 2284 in tcpflags rst"

should work, but it doesn't appear to be...

can anyone verify the ipfw command?

Thanks ;)
 
With the added space terminal replies "ipfw: unrecognised option [-1] tcp\n"

Without the space, terminal (ipfw) appears to accept the command, responding with "00100 deny tcp from any to any dst-port 2284 in tcpflags rst" adding the rule as rule 00100...

I am trying to upload a pile of raw images (14gb) to my buddy in nyc, but my isp is injecting these TCP Reset flags into my transfer (via transmission), so that we are disconnected ~every 30 secs...

Anyone know why the command

sudo ipfw add deny tcp from any to any 2284 in tcpflags rst

does not drop the injected TCP RST Packets being sent to port 2284 (my transfer port)
 
marioman38 said:
With the added space terminal replies "ipfw: unrecognised option [-1] tcp\n"

Without the space, terminal (ipfw) appears to accept the command, responding with "00100 deny tcp from any to any dst-port 2284 in tcpflags rst" adding the rule as rule 00100...

I am trying to upload a pile of raw images (14gb) to my buddy in nyc, but my isp is injecting these TCP Reset flags into my transfer (via transmission), so that we are disconnected ~every 30 secs...

Anyone know why the command

sudo ipfw add deny tcp from any to any 2284 in tcpflags rst

does not drop the injected TCP RST Packets being sent to port 2284 (my transfer port)
Click to expand...

If indeed your ISP is forging TCP RST packets, and they are getting through your firewall, you should be able to explicitly see them with either tcpdump or wireshark (formerly called ethereal). Is this the case?
 
ElectricSheep said:
wireshark (formerly called ethereal).
Click to expand...

So THAT's where it went! Thanks!

To see if the rule is active, use:

sudo ipfw list

EDIT: I am not convinced that ipfw is the de facto firewall in Leopard anymore. Despite having my firewall "on", ipfw shows me nothing but my stealth rule. Odd.

AH.

http://docs.info.apple.com/article.html?artnum=306938

Earlier ipfw technology is still accessible from the command line (in Terminal) and the Application Firewall does not overrule rules set with ipfw; if ipfw blocks an incoming packet, the Application Firewall will not process it.
Click to expand...
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back