Date: Sun, 5 May 2002 15:32:04 +0200 From: Michael Riexinger <mailinglists@grindking.de> To: freebsd-stable@freebsd.org Subject: Re: ipfilter problem Message-ID: <20020505133204.GA667@grind.grind.dom> In-Reply-To: <20020505152314.B73550@mail.webmonster.de> References: <20020504223450.GA1025@grind.grind.dom> <20020505152314.B73550@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun May 5 15:23:14 2002, Karsten W. Rohrbach wrote: > the problem can only be analyzed efficiently if you show us the rest of > the ruleset. anything else is pure guesswork, based on assumptions about > your ipf configuration. > > regards, > /k Ok, here they are. But I wonder why it worked withot problems with previous versions of FreeBSD/ipfilter. With netstat I can see FIN_WAIT_1 states to the newsserver. (tcp4 0 0 dialin-212-144-1.49368 news.fu-berlin.d.nntp FIN_WAIT_1) pass in quick on lo0 all pass out quick on lo0 all pass in quick on ed0 all pass out quick on ed0 all pass out quick on isp0 proto tcp/udp from any to any keep state pass out quick on isp0 proto icmp from any to any keep state pass in quick on isp0 proto tcp from any to any port = 80 pass in quick on isp0 proto tcp from any to any port = 60000 block return-icmp-as-dest(host-unr) in log quick on isp0 proto icmp from any to any block return-rst in log quick on isp0 proto tcp from any to any block return-icmp(port-unr) in log quick on isp0 proto udp from any to any greets, Michael -- "Testing? What's that? If it compiles, it is good, if it boots up, it is perfect." -- Linus Torvalds To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020505133204.GA667>