Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Apr 2001 15:40:39 -0500
From:      nicholas harteau <nrh@ikami.com>
To:        freebsd-stable@freebsd.org
Subject:   4.2-RC & ipfilter
Message-ID:  <20010405154038.O64531@voyager.net>
next in thread | raw e-mail | index | archive | help 

I'm seeing an oddity on 4.2-RC with options IPFILTER

ipfstat -io reports in and out reversed:
[root@farc sys/compile/FARC] tail -9 /etc/ipf.rules
block return-icmp(13) in log proto tcp from any to any port 0 >< 22
block return-icmp(13) in log proto tcp from any to any port 22 >< 25 
block return-icmp(13) in log proto tcp from any to any port 25 >< 53
block return-icmp(13) in log proto tcp from any to any port 53 >< 80
block return-icmp(13) in log proto tcp from any to any port 80 >< 113
block return-icmp(13) in log proto tcp from any to any port 113 >< 1025
block return-icmp(13) in log proto tcp from any to any port = 3306
block return-icmp(13) in log proto udp from any to any port ne 53
block return-icmp(13) in log proto tcp/udp from any to any  port = 111
[root@farc sys/compile/FARC] ipfstat -io | tail -9
empty list for ipfilter(in)
block return-icmp(filter-prohib) out log proto tcp from any to any port 0 >< 22
block return-icmp(filter-prohib) out log proto tcp from any to any port 22 >< 25
block return-icmp(filter-prohib) out log proto tcp from any to any port 25 >< 53
block return-icmp(filter-prohib) out log proto tcp from any to any port 53 >< 80
block return-icmp(filter-prohib) out log proto tcp from any to any port 80 >< 113
block return-icmp(filter-prohib) out log proto tcp from any to any port 113 >< 1025
block return-icmp(filter-prohib) out log proto tcp from any to any port = 3306
block return-icmp(filter-prohib) out log proto udp from any to any port != 53
block return-icmp(filter-prohib) out log proto tcp/udp from any to any port = sunrpc

still functions fine, however (i.e. I'm blocking those in, not out)

can someone confirm or deny this for me?  I'm running a slightly mixed
codebase right now, so this may be an erroneous report.


-- 
nicholas harteau
nrh@ikami.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010405154038.O64531>