Date: Fri, 10 Mar 2006 09:44:47 +0500 From: "Roman Serbski" <mefystofel@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Help with IP Filter 4.1.8 Message-ID: <cca5083b0603092044n2c92a6cfo564fae129136594b@mail.gmail.com> In-Reply-To: <440C25FE.6050401@locolomo.org> References: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com> <4402232A.8010908@locolomo.org> <cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com> <44031DC4.6060804@locolomo.org> <cca5083b0602271945q5ef76163m5712a386e3eb3008@mail.gmail.com> <440C25FE.6050401@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Erik. Thank you for your help. > Ok, here are some things to try: > > 1) Other udp services, are responces also blocked? you can for example > try ntp. If so, then it is likely a bug in ip-filter. Yes. Same for other udp (I tested with ntp). The symptoms are the same - there is a hit on a rule allowing outgoing ntp, but then reply is blocked. > 2) Try using snort or tcpdump to capture the blocked packet and analyse > if it is malformed. Possibly include such a packet with your next post. I can collect tcpdump data only if I disable ipf or configure it to 'pass in/out all'. If I turn on my ruleset I don't see any data from tcpdump. Running 'tcpdump -vvv -i xl0' generates a message that tcpdump is listening on xl0 but no data is captured... > 3) try to see if you can upgrade to a newer ipfilter, latest is v4.1.10 I will try that, although I have faced with the problem while upgrading to v4.1.10. According to ipf docs (INSTALL.FreeBSD): To build a kernel with the IP filter, follow these steps: make freebsd5 - went successfully make install-bsd - went successfully FreeBSD/kinstall - generated patch error about conf.c file not being found.= .. Thank you. Roman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cca5083b0603092044n2c92a6cfo564fae129136594b>