1 Reply Latest reply: Aug 5, 2012 3:05 AM by TigerKR
TigerKR Level 1 Level 1 (30 points)

Hello,

 

I've got some strange entries in my kernel.log for ipfw:

 

     Mar 10 00:29:43 myhostname kernel[0]: ipfw: 5700 Deny TCP re.mo.te.ip:63955 m.y.i.p:80 out via lo0

     Mar  9 07:24:23 myhostname kernel[0]: ipfw: 5700 Deny UDP re.mo.te.ip:53 m.y.i.p:56154 out via lo0

     Mar  8 16:50:30 myhostname kernel[0]: ipfw: 5700 Deny UDP  re.mo.te.ip:3429 m.y.i.p:53 out via lo0

     Mar  8 04:49:53 myhostname kernel[0]: ipfw: 5700 Deny TCP re.mo.te.ip:4334 m.y.i.p:139 out via lo0

     Mar  6 13:55:10 myhostname kernel[0]: ipfw: 5700 Deny ICMP:3.3 re.mo.te.ip m.y.i.p out via lo0

     Mar  5 09:38:22 myhostname kernel[0]: ipfw: 5700 Deny TCP re.mo.te.ip:1315 m.y.i.p:25 out via lo0

     Feb 26 16:17:43 myhostname kernel[0]: ipfw: 5700 Deny TCP re.mo.te.ip:33952 m.y.i.p:110 out via lo0

 

My ipfw.conf has as its the first rule:

 

     add allow all from any to any via lo0

 

5700 is just the last line of my ipfw.conf:

 

     add deny log all from any to any

 

The question is, why is any of this traffic being routed to the loopback interface? I have like 15 of these entries per day in my log.

 

I'm running Mac OS X 10.7.3 (non-server) w/all updates.

 

Best,

 

TigerKR