Date: Thu, 6 Dec 2007 12:39:20 +0200 From: Lasse Holmberg <lape63@soul.lnet.fi> To: freebsd-sparc64@freebsd.org Subject: 6.3-RC1: IPFILTER (ipf) firewall not working? Message-ID: <20071206103920.GA35717@flipper.lnet.fi>
next in thread | raw e-mail | index | archive | help
Hej, I can't get ipf working with 6.3-RC1, ipmon just keeps logging: Dec 6 11:50:19 riks ipmon[506]: 11:50:18.378898 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad Dec 6 11:50:25 riks ipmon[506]: 11:50:24.378765 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad Dec 6 11:50:37 riks ipmon[506]: 11:50:36.378748 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad Dec 6 11:51:01 riks ipmon[506]: 11:51:00.378835 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad regards, Lasse -- -- kernel version: FreeBSD riks.homenet 6.3-RC1 FreeBSD 6.3-RC1 #0: Wed Nov 28 00:37:51 UTC 2007 root@edmunds.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC sparc64 boot messages: Dec 6 11:48:59 riks kernel: IP Filter: v4.1.28 initialized. Default = pass all, Logging = enabled Dec 6 11:48:59 riks kernel: Enabling ipfilter. Dec 6 11:48:59 riks kernel: Starting ipmon. /etc/rc.conf: ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" /etc/ipf.rules: pass in quick on lo0 all pass out quick on lo0 all # pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state pass out quick on hme0 proto tcp from any to any flags S keep state # pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state # block in log first quick on hme0 all block in log first quick on hme1 all
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071206103920.GA35717>