IPFW Passed package via IPFW or not

[kerogaz]

11:19:15.127535 IP 10.44.1.197.53056 > 142.250.203.195.443: UDP, length 1250
11:19:15.127833 IP 10.44.1.197.49830 > 142.250.203.195.443: Flags [S], seq 1864068734, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

I banned IP via IPFW 194.44.1.197 but according to UDP, why does the package not have 0 but 1250. I don't know if he passed or not

 

[covacat]

tcpdump will catch the packets before they enter the firewall

 

[SirDice]

Indeed, blocking packets on the firewall won't stop those packets from arriving on the interface.

 

[kerogaz]

Thanks

 

[mer]

tcpdump will catch the packets before they enter the firewall

Indeed, blocking packets on the firewall won't stop those packets from arriving on the interface

These are two very important points that seem to trip up a lot of people.
If you have the firewall logging actions the logs tell you what the firewall did with a packet.

A bouncer at a bar can't prevent people from walking up to the door, but he can prevent people from entering and the CCTV watching outside of the door sees everyone trying to enter.

 

[gotnull]

tcpdump will catch the packets before they enter the firewall

A bouncer at a bar can't prevent people from walking up to the door, but he can prevent people from entering and the CCTV watching outside of the door sees everyone trying to enter.

What a good analogy you gave us!
Thank you that is well explained, you can do that anytime you want/can