From owner-freebsd-questions@FreeBSD.ORG Sat Aug 26 21:05:23 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E736216A4DF for ; Sat, 26 Aug 2006 21:05:23 +0000 (UTC) (envelope-from jbronson@wixb.com) Received: from cheyenne.sixcompanies.com (cheyenne.sixcompanies.com [65.43.82.174]) by mx1.FreeBSD.org (Postfix) with ESMTP id A91B543D46 for ; Sat, 26 Aug 2006 21:05:23 +0000 (GMT) (envelope-from jbronson@wixb.com) Message-Id: <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> Date: Sat, 26 Aug 2006 16:05:57 -0500 To: Giorgos Keramidas From: "J.D. Bronson" In-Reply-To: <20060826204015.GI1311@gothmog.pc> References: <7.0.1.0.2.20060826150124.01982d10@sixcompanies.com> <20060826204015.GI1311@gothmog.pc> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter on 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Aug 2006 21:05:24 -0000 At 03:40 PM 8/26/2006, Giorgos Keramidas wrote: >Don't show us the ipf.conf file you are using, but the output of: > > % ipfstat -hni > % ipfstat -hno > >Then we can really know what rules you have loaded in IP Filter. # ipfstat -hni 2 @1 pass in quick on bge0 all keep state keep frags # ipfstat -hno 1 @1 pass out quick on bge0 all keep state keep frags 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU keep state keep frags 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep frags ...they seem to match exactly.