From owner-freebsd-questions@FreeBSD.ORG  Mon Feb 27 15:42:11 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 118B116A423
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 15:42:11 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2B2ED43D77
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Feb 2006 15:41:59 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 6DE2E2E041;
	Mon, 27 Feb 2006 16:42:03 +0100 (CET)
Message-ID: <44031DC4.6060804@locolomo.org>
Date: Mon, 27 Feb 2006 16:41:56 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: Roman Serbski <mefystofel@gmail.com>
References: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com>	<4402232A.8010908@locolomo.org>
	<cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com>
In-Reply-To: <cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Help with IP Filter 4.1.8
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Feb 2006 15:42:11 -0000

Roman Serbski wrote:

> Adding the 'log' keyword produced the following record:
> 
> xl0 @0:2 b XXX.XXX.XXX.XXX,53 -> YYY.YYY.YYY.YYY,60808 PR udp len 20 298 IN bad

read this line: This tells you where the packet is blocked. IIRC @0:2 
means group 0 (you don't use groups) and 2 should be the second rule.

If you list the ruleset with ipfstat -n that should give you rules with 
the same labeling.

Also, add log keyword to your outgoing rule, to see that it is actually 
there the decision is made. You could have some default pass that does 
not create the state.

I know that you've checked and rechecked - but it is really helpful for 
us to have the whole ruleset. If you like, change your ip's to x.x.x.x 
(but keep different ips different).

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9