Don't be so dramatic. It's just a couple of packets that got blocked. Nothing more.If IPFW repels them, then they carry some kind of threat.
Like this?Add a rule above it numbered something like 65534 which says deny log ip from any to any. Then it will log anything that hits that rule and you can see what it is. As that rule will always be hit before the 65535 one.
It could well be packets it receives during the time when ipfw first loads from the kernel or kernel module, to the time when the rules are loaded from the rc script. In which case adding a new rule like this won't show you anything at all. During those few seconds that 65535 rule will be the only rule in the firewall, so all packets will hit it.
I have a local network with static address allocation I know all MAC and IP of users and I disconnect MAC and IP users Windows with a virus and users who use other people's IP addresses Now to disable MAC of computer with MAC which is not included in the list of allowed in rules of, for example, iptables, I put computer with CentOS before computer with FreeBSD.On my LAN, every IP corresponds a specific MAC. In addition ,find not his MAC, allowed in iptables rules ,for non-advanced user of network is harder than IP. And finally ,on any level gateway routers you also need to be able to filter MACOut of curiosity, can you list some cases, where you had a need of MAC-address filtering?
I have a local network with static address allocation I know all MAC and IP of users and I disconnect MAC and IP users Windows with a virus and users who use other people's IP addresses Now to disable MAC of computer with MAC which is not included in the list of allowed in rules of, for example, iptables, I put computer with CentOS before computer with FreeBSD.On my LAN, every IP corresponds a specific MAC. In addition ,find not his MAC, allowed in iptables rules ,for non-advanced user of network is harder than IP. And finally ,on any level gateway routers you also need to be able to filter MAC