From owner-freebsd-security Thu Feb 21 2:26:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from musubi.org (abunai.musubi.org [64.81.53.11]) by hub.freebsd.org (Postfix) with ESMTP id 3143337B400 for ; Thu, 21 Feb 2002 02:26:41 -0800 (PST) Received: from musubi.org (localhost [127.0.0.1]) by musubi.org (8.12.1/8.12.1) with ESMTP id g1LAQeL2089838 for ; Thu, 21 Feb 2002 02:26:40 -0800 (PST)?g (envelope-from jay@musubi.org)œ Received: from localhost (jay@localhost) by musubi.org (8.12.1/8.12.1/Submit) with ESMTP id g1LAQerV089835 for ; Thu, 21 Feb 2002 02:26:40 -0800 (PST)?g (envelope-from jay@musubi.org) Date: Thu, 21 Feb 2002 02:26:40 -0800 (PST) From: jay To: freebsd-security@FreeBSD.ORG Subject: ipf and IPFILTER_DEFAULT_BLOCK Message-ID: <20020221021005.H27119-100000@spam.musubi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i built a 4.5 kernel with the IPFILTER_DEFAULT_BLOCK option and after rebooting found that i had full access in and out of the server (ssh and other services worked), but could not ping or otherwise connect to localhost/127.0.0.1. (got a "sendto: no route to host" error). after my initial rules didn't work (they work on my openbsd firewall), i tried it with these rules... pass out quick on fxp0 proto icmp all pass in quick on fxp0 proto icmp all etc, etc... but still no luck. this happened with udp and tcp as well. ifconfig and netstat -rn showed everything as being normal... ipmon logged no packets being blocked (i had the log option in my rules) i rebuilt the kernel without IPFILTER_DEFAULT_BLOCK and i could ping localhost again. so... am i on crack or can anyone reproduce this? =jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message