From owner-freebsd-questions@FreeBSD.ORG Sun Feb 26 15:15:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E90716A420 for ; Sun, 26 Feb 2006 15:15:43 +0000 (GMT) (envelope-from mefystofel@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B15443D45 for ; Sun, 26 Feb 2006 15:15:43 +0000 (GMT) (envelope-from mefystofel@gmail.com) Received: by wproxy.gmail.com with SMTP id i30so642502wra for ; Sun, 26 Feb 2006 07:15:42 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JbT3aZucchAWvcZOl9GJle7ZRKGu9cDI+4XQXaFsXom9j6qsnO5gp4//3wkczBYOs63vivh+fPHzy6cj3gbo47Ihf3YrvVo0u7Uu2V1CEdLWisahm/defcfdEqWTLpfmKQbill75Fnevb/FscqWUav9i1KeVWK2Cg41092Q1//0= Received: by 10.54.82.10 with SMTP id f10mr3364188wrb; Sun, 26 Feb 2006 07:15:42 -0800 (PST) Received: by 10.54.93.14 with HTTP; Sun, 26 Feb 2006 07:15:42 -0800 (PST) Message-ID: Date: Sun, 26 Feb 2006 20:15:42 +0500 From: Roman Serbski To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Help with IP Filter 4.1.8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Feb 2006 15:15:43 -0000 Hi all, I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE. Any help would be greatly appreciated. ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 =3D none set Default: pass all, Logging: available Active list: 0 Feature mask: 0xa I am trying to allow outgoing dns requests from my server to DNS server of ISP. Here is my ruleset: ipfstat -oh 0 pass out quick on lo0 from any to any 0 pass out quick on xl0 proto tcp from any to any port =3D domain flags S/FSRPAU keep state 1 pass out quick on xl0 proto udp from any to any port =3D domain keep stat= e 0 block out log quick on xl0 all ipfstat -ih 0 pass in quick on lo0 from any to any 0 block in quick on xl0 all I tried `host www.google.com` and the connection was timed out, although there was a hit on a rule allowing 53/udp. The interesting thing is that there is another server running 5.3-STABLE with ipf v3.4.35 (336) and it has the same ruleset and everything is working just fine. Thank you for your time.