hey, after few current cvsup's ipfilter doesnt work properly. Seems none saw this problem. After boot process passed it seems ipfilter rules are not working properly (but they're loaded and you can see them via ipfstat -io). rules themself are applied for tun0 with ppp on it. If I run ipf -Fa -f /etc/ipf.conf manually ipfilter start working as it ought to. (same situation with ipnat) Question is.. i missed something in recent /etc/rc updates or its a bug? uname -a: FreeBSD lifebook 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Wed Aug 11 15:34:13 MSD 2004 root_at_lifebook:/usr/obj/usr/src/sys/LIFEBOOK i386 /etc/rc.conf: ipfilter_enable="YES" ipfilter_program="/sbin/ipf" ipfilter_rules="/etc/ipf.conf" ipfilter_flags="" ipnat_enable="YES" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.conf" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="YES" ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" /etc/ipf.conf: (pretty ugly) count out on tun0 from any to any count in on tun0 from any to any pass out quick on tun0 proto tcp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state pass out quick on tun0 proto udp from any to any keep state block return-icmp in log quick on tun0 proto udp from any to any block return-icmp(proto-unr) in log quick on tun0 proto icmp from any to any block return-rst in log quick on tun0 proto tcp from any to anyReceived on Wed Aug 11 2004 - 18:32:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:05 UTC