Anyone good with ipfw2?

Discussion in 'macOS' started by marioman38, May 8, 2008.

  1. marioman38 macrumors 6502a

    marioman38

    Joined:
    Aug 8, 2006
    Location:
    Elk Grove, CA
    #1
    I'm trying to block the stupid TCP RST Packets my isp claimed that they have stopped injecting... they haven't stopped :mad:

    I believe

    "sudo ipfw add deny tcp from any to any 2284 in tcpflags rst"

    should work, but it doesn't appear to be...

    can anyone verify the ipfw command?

    Thanks ;)
     
  2. richard.mac macrumors 603

    richard.mac

    Joined:
    Feb 2, 2007
    Location:
    51.50024, -0.12662
    #2
  3. marioman38 thread starter macrumors 6502a

    marioman38

    Joined:
    Aug 8, 2006
    Location:
    Elk Grove, CA
    #3
    With the added space terminal replies "ipfw: unrecognised option [-1] tcp\n"

    Without the space, terminal (ipfw) appears to accept the command, responding with "00100 deny tcp from any to any dst-port 2284 in tcpflags rst" adding the rule as rule 00100...

    I am trying to upload a pile of raw images (14gb) to my buddy in nyc, but my isp is injecting these TCP Reset flags into my transfer (via transmission), so that we are disconnected ~every 30 secs...

    Anyone know why the command

    sudo ipfw add deny tcp from any to any 2284 in tcpflags rst

    does not drop the injected TCP RST Packets being sent to port 2284 (my transfer port)
     
  4. ElectricSheep macrumors 6502

    ElectricSheep

    Joined:
    Feb 18, 2004
    Location:
    Wilmington, DE
    #4
    If indeed your ISP is forging TCP RST packets, and they are getting through your firewall, you should be able to explicitly see them with either tcpdump or wireshark (formerly called ethereal). Is this the case?
     
  5. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #5
    So THAT's where it went! Thanks!

    To see if the rule is active, use:

    sudo ipfw list

    EDIT: I am not convinced that ipfw is the de facto firewall in Leopard anymore. Despite having my firewall "on", ipfw shows me nothing but my stealth rule. Odd.

    AH.

    http://docs.info.apple.com/article.html?artnum=306938

     

Share This Page