Date: Sun, 27 Aug 2006 01:07:06 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: "J.D. Bronson" <jbronson@wixb.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfilter on 6.1 Message-ID: <20060826220706.GC2666@gothmog.pc> In-Reply-To: <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> References: <7.0.1.0.2.20060826150124.01982d10@sixcompanies.com> <20060826204015.GI1311@gothmog.pc> <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006-08-26 16:05, "J.D. Bronson" <jbronson@wixb.com> wrote: > At 03:40 PM 8/26/2006, Giorgos Keramidas wrote: > > >Don't show us the ipf.conf file you are using, but the output of: > > > > % ipfstat -hni > > % ipfstat -hno > > > >Then we can really know what rules you have loaded in IP Filter. > > > # ipfstat -hni > 2 @1 pass in quick on bge0 all keep state keep frags > > # ipfstat -hno > 1 @1 pass out quick on bge0 all keep state keep frags > 1 @2 pass out quick on tun0 proto tcp from any to any flags S/FSRPAU > keep state keep frags > 1 @3 pass out quick on tun0 proto udp from any to any keep state keep frags > 0 @4 pass out quick on sppp0 proto icmp from any to any keep state keep > frags > > ...they seem to match exactly. Weird. This doesn't seem ot include *ANY* block rules at all. Is this a standard 6.1 installation, or do you have local IP Filter modifications (like, for instance, a modified 'default' rule which blocks everything, instead of allowing everything)?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060826220706.GC2666>