Date: Sat, 27 Jan 2001 07:59:59 -0800 From: Ron 'The InSaNe One' Rosson <insane@lunatic.oneinsane.net> To: freebsd-stable@freebsd.org Subject: IPFilter will not allow traceroute anymore Message-ID: <20010127075959.A83055@lunatic.oneinsane.net>
next in thread | raw e-mail | index | archive | help
On 01/23/2001 there was a change made to IPFilters ip_state.c file. The change for some reason has cuased tracerouting to stop working when using the following ruleset: # Ruleset taken from http://www.obfuscation.org/ipf/ipf-howto.txt # Section 7.1 pass in quick on lo0 all pass out quick on lo0 all block in log all block out all # This allows for AUTH pass in quick proto tcp from any to any port = 113 flags S/SA keep state #This allows for FTP pass in quick proto tcp from any port = 20 to any port 39999 >< 45000 flags S/SA keep state pass out quick proto icmp from any to any keep state pass out quick proto tcp/udp from any to any keep state keep frags The earlier version of this file had the same problem as well but there was a patch available that I have been using. With the changes made to the ip_state.c file this patch no longer applies cleanly. I will attach the patch as an attatchment to this email. If I should turn this into a send-pr Just say the word and it will done. TIA P.S. An admin who misses his traceroute ;-) -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ It only rains straight down. God doesn't do windows. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010127075959.A83055>