From owner-freebsd-questions@FreeBSD.ORG Fri Mar 10 10:45:52 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AA9016A420 for ; Fri, 10 Mar 2006 10:45:52 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1062143D46 for ; Fri, 10 Mar 2006 10:45:52 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200]) by strange.daemonsecurity.com (Postfix) with ESMTP id 9855C2E041; Fri, 10 Mar 2006 11:45:57 +0100 (CET) Message-ID: <4411593D.60507@locolomo.org> Date: Fri, 10 Mar 2006 11:47:25 +0100 From: Erik Norgaard User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Roman Serbski References: <4402232A.8010908@locolomo.org> <44031DC4.6060804@locolomo.org> <440C25FE.6050401@locolomo.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Help with IP Filter 4.1.8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2006 10:45:52 -0000 Roman Serbski wrote: >> 1) Other udp services, are responces also blocked? you can for example >> try ntp. If so, then it is likely a bug in ip-filter. > > Yes. Same for other udp (I tested with ntp). The symptoms are the same > - there is a hit on a rule allowing outgoing ntp, but then reply is > blocked. It should be possible to capture on the interface in promiscuous mode. (I recall an article on SecurityFocus considering this as a security hole as it actually allows you to circumvent the firewall). Cheers, Erik