Date: Thu, 21 Feb 2002 02:26:40 -0800 (PST) From: jay <jay@musubi.org> To: freebsd-security@FreeBSD.ORG Subject: ipf and IPFILTER_DEFAULT_BLOCK Message-ID: <20020221021005.H27119-100000@spam.musubi.org>
next in thread | raw e-mail | index | archive | help
i built a 4.5 kernel with the IPFILTER_DEFAULT_BLOCK option and after rebooting found that i had full access in and out of the server (ssh and other services worked), but could not ping or otherwise connect to localhost/127.0.0.1. (got a "sendto: no route to host" error). after my initial rules didn't work (they work on my openbsd firewall), i tried it with these rules... pass out quick on fxp0 proto icmp all pass in quick on fxp0 proto icmp all etc, etc... but still no luck. this happened with udp and tcp as well. ifconfig and netstat -rn showed everything as being normal... ipmon logged no packets being blocked (i had the log option in my rules) i rebuilt the kernel without IPFILTER_DEFAULT_BLOCK and i could ping localhost again. so... am i on crack or can anyone reproduce this? =jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020221021005.H27119-100000>