From owner-freebsd-stable Sun May 5 0:49:30 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mta01bw.bigpond.com (mta01bw.bigpond.com [139.134.6.78]) by hub.freebsd.org (Postfix) with ESMTP id EA43337B416 for ; Sun, 5 May 2002 00:49:26 -0700 (PDT) Received: from MICHAEL2 ([144.135.24.87]) by mta01bw.bigpond.com (Netscape Messaging Server 4.15 mta01bw Feb 26 2002 03:44:21) with SMTP id GVMOED00.55H for ; Sun, 5 May 2002 17:49:25 +1000 Received: from CPE-203-45-60-244.vic.bigpond.net.au ([203.45.60.244]) by bwmam07.mailsvc.email.bigpond.com(MailRouter V3.0l 56/2918520); 05 May 2002 17:49:24 Message-ID: <010401c1f409$65fbd350$2701a8c0@MICHAEL2> From: "Michael Phaze" To: References: <20020504223450.GA1025@grind.grind.dom> Subject: Re: ipfilter problem Date: Sun, 5 May 2002 17:49:32 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I used to use the return-rst rule, but at the end of the day it can cause to many hard to see problems. I used to think it was a good way to hide open ports, but its better just to suck in the packet and not reply because it makes it nmaps go alot slower (if not unscannable) which to me is more worth while then trying to hide services or hide the fact a firewall is there. Just my 2 cents :) ----- Original Message ----- From: "Michael Riexinger" To: Sent: Sunday, May 05, 2002 8:34 AM Subject: ipfilter problem > Hi, > > I have FreeBSD-STABLE (4.6-PRERELEASE) From May, 1st and I cannot > communicate with the host news.cis.dfn.de (neither nntp nor http, but > only this host, others work). When I remove this ipf rule it works: > > block return-rst in log quick on isp0 proto tcp from any to any > > But with a prior version of STABLE or 4.5-RELEASE it worked. > > greets, > Michael > > -- > "Testing? What's that? If it compiles, it is good, > if it boots up, it is perfect." -- Linus Torvalds > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message