Date: Wed, 15 Feb 2006 10:56:45 +1000 From: Maxim Vetrov <muxas@mail.ru> To: freebsd-questions@FreeBSD.org Subject: Re: IPFILTER rule error Message-ID: <43F27C4D.9010904@mail.ru> In-Reply-To: <20060213141706.GA94131@flame.pc> References: <43F11FB2.7000105@mail.ru> <20060213141706.GA94131@flame.pc>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Sorry, I really do not want you to guess! Here is what you asked: kernel conf: ------------------------------------------------------- ... options IPFILTER options IPFILTER_LOG #options IPFILTER_DEFAULT_BLOCK #options IPSTEALTH ... ------------------------------------------------------- rc.conf: ------------------------------------------------------- ... ifconfig_rl0="inet 10.0.1.1 netmask 255.255.255.248" ... ipnat_enable="YES" ipfilter_enable="YES" ipmon_enable="YES" ... ------------------------------------------------------- services: ------------------------------------------------------- ... sunrpc 111/tcp rpcbind #SUN Remote Procedure Call sunrpc 111/udp rpcbind #SUN Remote Procedure Call ... ------------------------------------------------------- ipf.rules: ------------------------------------------------------- block in log on rl0 all head 20 block out log on rl0 all head 25 pass in quick on rl0 \ proto tcp/udp from any to any port = sunrpc keep state group 20 pass in quick on rl0 \ proto tcp/udp from any to any port = 717 keep state group 20 pass out quick on rl0 \ proto udp from any to any port = 111 keep state group 20 -------------------------------------------------------- Steps to load the rules: >ipf -Fa >ipf -f /etc/ipf.rules 1:ioctl (add/insert rule): No such process And there is one more problem - despite that I have packet logging enabled by default (-Ds) through syslogd, log is empty! syslog.conf: -------------------------------------------------------- ... security.* /var/log/security ... -------------------------------------------------------- That file exists and have root rw permissions. If this help: after I'd moved to 6.0 from 5.4 (backup-format-install-restore), this config stopped to work. I know that I'm doing something wrong but what exactly? Regards, Muxas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F27C4D.9010904>