From owner-freebsd-questions@FreeBSD.ORG Sun May 1 22:54:04 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F50516A4CE for ; Sun, 1 May 2005 22:54:04 +0000 (GMT) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id 120E143D39 for ; Sun, 1 May 2005 22:54:04 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 07176554B2 for ; Sun, 1 May 2005 22:54:04 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02C9716A4CE for ; Sun, 1 May 2005 22:54:04 +0000 (GMT) Received: from pyro.cenergynetworks.com (pyro.cenergynetworks.com [196.30.191.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C23B43D3F for ; Sun, 1 May 2005 22:54:03 +0000 (GMT) (envelope-from savage@savage.za.org) Received: from localhost.cenergynetworks.com ([127.0.0.1] helo=pyro.cenergynetworks.com) by pyro.cenergynetworks.com with smtp (Exim 4.50) id 1DSNK5-0001jB-rX for questions@lists.freebsd.org; Mon, 02 May 2005 00:54:01 +0200 Received: from wblv-146-195-133.telkomadsl.co.za ([165.146.195.133] helo=netphobia) by pyro.cenergynetworks.com with esmtpa (Exim 4.50) id 1DSNK4-0001j4-sT for questions@lists.freebsd.org; Mon, 02 May 2005 00:54:01 +0200 Message-ID: <000401c54ea0$ad1dea80$0a01a8c0@ops.cenergynetworks.com> From: "Chris Knipe" To: Date: Mon, 2 May 2005 00:54:03 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2527 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.0, Antispam-Data: 2005.3.10.17 X-Mailman-Approved-At: Mon, 02 May 2005 12:48:29 +0000 Subject: ipf out rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Chris Knipe List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 May 2005 22:54:04 -0000 Hi, Can anyone take a minute to just explain to me why ipf is blocking this... ipf.rules: # rl0 - Outgoing pass out quick on rl0 proto tcp from x.x.x.120/29 to any flags S keep state keep frags pass out quick on rl0 proto udp from x.x.x.120/29 to any keep state keep frags pass out quick on rl0 proto icmp from x.x.x.120/29 to any keep state keep frags block out log quick on rl0 all ipftest: opening rule file "ipf.new" in on rl0 tcp 196.25.1.1,2210 x.x.x.122,22 input: in on rl0 tcp 196.25.1.1,2210 x.x.x.122,22 pass ip 40(20) 6 196.25.1.1,2210 > x.x.x.122,22 -------------- out on rl0 tcp x.x.x.122,22 196.25.1.1,2210 input: out on rl0 tcp x.x.x.122,22 196.25.1.1,2210 block ip 40(20) 6 x.x.x.122,22 > 196.25.1.1,2210 Thanks. -- Chris. I love deadlines. I especially love the whooshing sound they make as they fly by..." - Douglas Adams, 'Hitchhiker's Guide to the Galaxy'