From owner-freebsd-stable Sat Jan 27 7:59: 3 2001 Delivered-To: freebsd-stable@freebsd.org Received: from volatile.chemikals.org (ci391991-a.grnvle1.sc.home.com [24.9.31.75]) by hub.freebsd.org (Postfix) with ESMTP id C173037B400 for ; Sat, 27 Jan 2001 07:58:43 -0800 (PST) Received: (from morganw@localhost) by volatile.chemikals.org (8.11.1/8.11.1) id f0RFwe698750; Sat, 27 Jan 2001 10:58:40 -0500 (EST) (envelope-from morganw) Date: Sat, 27 Jan 2001 10:58:40 -0500 (EST) From: Wesley Morgan To: Cc: Subject: weirdness on freebsd-stable Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have 2 boxes running -stable and I am seeing very very weird behavior. ipfilter suddenly decides that the current rules are nuts and won't allow any outbound connections. After much frustration and moving around of rules, I managed to get it working on one machine... Only to suddenly see that a few days later now inbound connections are not allowed! The second machine today began to deny the outbound connections and is exhibiting the identical behavior as the first. I think I have narrowed it down to some problem with state. The original failed machine will allow a connection to be negotiated (flags S) but no further packets. Removal of the 'flags S' parameter on all rules appears to fix the problem. Upgrading to the latest ipfilter does not seem to fix it. What on earth could this be? My world and kernel are not currently in sync (except for ipfilter) but how can that effect the firewall? -- _ __ ___ ____ ___ ___ ___ Wesley N Morgan _ __ ___ | _ ) __| \ morganw@chemikals.org _ __ | _ \._ \ |) | FreeBSD: The Power To Serve _ |___/___/___/ 6bone: 3ffe:1ce3:7::b4ff:fe53:c297 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message