Date: Fri, 6 Apr 2001 08:29:40 -0500 From: nicholas harteau <nrh@ikami.com> To: freebsd-stable@freebsd.org Subject: Re: 4.2...er 3-RC & ipfilter Message-ID: <20010406082940.D3716@voyager.net> In-Reply-To: <20010405154038.O64531@voyager.net>; from nrh@ikami.com on Thu, Apr 05, 2001 at 03:40:39PM -0500 References: <20010405154038.O64531@voyager.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I'm sorry, this is 4.3-RC, I'm just a little slow sometimes. Maybe that's why noone responded to my message ;) nicholas harteau wrote: > > I'm seeing an oddity on 4.2-RC with options IPFILTER > > ipfstat -io reports in and out reversed: > [root@farc sys/compile/FARC] tail -9 /etc/ipf.rules > block return-icmp(13) in log proto tcp from any to any port 0 >< 22 > block return-icmp(13) in log proto tcp from any to any port 22 >< 25 > block return-icmp(13) in log proto tcp from any to any port 25 >< 53 > block return-icmp(13) in log proto tcp from any to any port 53 >< 80 > block return-icmp(13) in log proto tcp from any to any port 80 >< 113 > block return-icmp(13) in log proto tcp from any to any port 113 >< 1025 > block return-icmp(13) in log proto tcp from any to any port = 3306 > block return-icmp(13) in log proto udp from any to any port ne 53 > block return-icmp(13) in log proto tcp/udp from any to any port = 111 > [root@farc sys/compile/FARC] ipfstat -io | tail -9 > empty list for ipfilter(in) > block return-icmp(filter-prohib) out log proto tcp from any to any port 0 >< 22 > block return-icmp(filter-prohib) out log proto tcp from any to any port 22 >< 25 > block return-icmp(filter-prohib) out log proto tcp from any to any port 25 >< 53 > block return-icmp(filter-prohib) out log proto tcp from any to any port 53 >< 80 > block return-icmp(filter-prohib) out log proto tcp from any to any port 80 >< 113 > block return-icmp(filter-prohib) out log proto tcp from any to any port 113 >< 1025 > block return-icmp(filter-prohib) out log proto tcp from any to any port = 3306 > block return-icmp(filter-prohib) out log proto udp from any to any port != 53 > block return-icmp(filter-prohib) out log proto tcp/udp from any to any port = sunrpc > > still functions fine, however (i.e. I'm blocking those in, not out) > > can someone confirm or deny this for me? I'm running a slightly mixed > codebase right now, so this may be an erroneous report. > > > -- > nicholas harteau > nrh@ikami.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- nicholas harteau nrh@ikami.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010406082940.D3716>