From owner-freebsd-stable Thu Apr 5 13:40:42 2001 Delivered-To: freebsd-stable@freebsd.org Received: from farc.ikami.com (farc.ikami.com [204.29.203.67]) by hub.freebsd.org (Postfix) with ESMTP id 3FE7537B43C for ; Thu, 5 Apr 2001 13:40:40 -0700 (PDT) (envelope-from nrh@ikami.com) Received: by farc.ikami.com (Postfix, from userid 1000) id 10E6B30114; Thu, 5 Apr 2001 15:40:39 -0500 (CDT) Date: Thu, 5 Apr 2001 15:40:39 -0500 From: nicholas harteau To: freebsd-stable@freebsd.org Subject: 4.2-RC & ipfilter Message-ID: <20010405154038.O64531@voyager.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm seeing an oddity on 4.2-RC with options IPFILTER ipfstat -io reports in and out reversed: [root@farc sys/compile/FARC] tail -9 /etc/ipf.rules block return-icmp(13) in log proto tcp from any to any port 0 >< 22 block return-icmp(13) in log proto tcp from any to any port 22 >< 25 block return-icmp(13) in log proto tcp from any to any port 25 >< 53 block return-icmp(13) in log proto tcp from any to any port 53 >< 80 block return-icmp(13) in log proto tcp from any to any port 80 >< 113 block return-icmp(13) in log proto tcp from any to any port 113 >< 1025 block return-icmp(13) in log proto tcp from any to any port = 3306 block return-icmp(13) in log proto udp from any to any port ne 53 block return-icmp(13) in log proto tcp/udp from any to any port = 111 [root@farc sys/compile/FARC] ipfstat -io | tail -9 empty list for ipfilter(in) block return-icmp(filter-prohib) out log proto tcp from any to any port 0 >< 22 block return-icmp(filter-prohib) out log proto tcp from any to any port 22 >< 25 block return-icmp(filter-prohib) out log proto tcp from any to any port 25 >< 53 block return-icmp(filter-prohib) out log proto tcp from any to any port 53 >< 80 block return-icmp(filter-prohib) out log proto tcp from any to any port 80 >< 113 block return-icmp(filter-prohib) out log proto tcp from any to any port 113 >< 1025 block return-icmp(filter-prohib) out log proto tcp from any to any port = 3306 block return-icmp(filter-prohib) out log proto udp from any to any port != 53 block return-icmp(filter-prohib) out log proto tcp/udp from any to any port = sunrpc still functions fine, however (i.e. I'm blocking those in, not out) can someone confirm or deny this for me? I'm running a slightly mixed codebase right now, so this may be an erroneous report. -- nicholas harteau nrh@ikami.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message