From owner-freebsd-questions@FreeBSD.ORG Sat Aug 26 22:07:45 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E1CA16A4E7 for ; Sat, 26 Aug 2006 22:07:45 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E9014481E for ; Sat, 26 Aug 2006 22:07:41 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (patr530-a075.otenet.gr [212.205.215.75]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-2) with ESMTP id k7QM7M3u027125 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 27 Aug 2006 01:07:25 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k7QM76cu002706; Sun, 27 Aug 2006 01:07:07 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k7QM760I002705; Sun, 27 Aug 2006 01:07:06 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 27 Aug 2006 01:07:06 +0300 From: Giorgos Keramidas To: "J.D. Bronson" Message-ID: <20060826220706.GC2666@gothmog.pc> References: <7.0.1.0.2.20060826150124.01982d10@sixcompanies.com> <20060826204015.GI1311@gothmog.pc> <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.882, required 5, autolearn=not spam, AWL -0.28, BAYES_00 -2.60, UNPARSEABLE_RELAY 0.00) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter on 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Aug 2006 22:07:45 -0000 On 2006-08-26 16:05, "J.D. Bronson" wrote: > At 03:40 PM 8/26/2006, Giorgos Keramidas wrote: > > >Don't show us the ipf.conf file you are using, but the output of: > > > > % ipfstat -hni > > % ipfstat -hno > > > >Then we can really know what rules you have loaded in IP Filter. > > > # ipfstat -hni > 2 @1 pass in quick on bge0 all keep state keep frags > > # ipfstat -hno > 1 @1 pass out quick on bge0 all keep state keep frags > 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU > keep state keep frags > 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags > 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep > frags > > ...they seem to match exactly. Weird. This doesn't seem ot include *ANY* block rules at all. Is this a standard 6.1 installation, or do you have local IP Filter modifications (like, for instance, a modified 'default' rule which blocks everything, instead of allowing everything)?