From owner-freebsd-current@FreeBSD.ORG Thu Oct 25 04:43:52 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C67E216A417 for ; Thu, 25 Oct 2007 04:43:52 +0000 (UTC) (envelope-from peter@wingless.org) Received: from bpd2mo1no.prod.shawcable.com (shawmail.shawcable.com [64.59.128.220]) by mx1.freebsd.org (Postfix) with ESMTP id 988B113C4A8 for ; Thu, 25 Oct 2007 04:43:52 +0000 (UTC) (envelope-from peter@wingless.org) Received: from bpd2mi4no.prod.shawcable.com (bpd2mi4no-qfe3.prod.shawcable.com [10.0.184.123]) by bpd2mo1no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JQG00720AFUCK40@bpd2mo1no.prod.shawcable.com> for freebsd-current@freebsd.org; Wed, 24 Oct 2007 22:43:06 -0600 (MDT) Received: from satan.pfak.org (h70-68-0-228.sbm.shawcable.net [70.68.0.228]) by bpd2mi4no.prod.shawcable.com (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JQG009QGAFUSK40@bpd2mi4no.prod.shawcable.com> for freebsd-current@freebsd.org; Wed, 24 Oct 2007 22:43:06 -0600 (MDT) Received: (qmail 72870 invoked from network); Thu, 25 Oct 2007 04:43:07 +0000 Received: by simscan 1.1.0 ppid: 72864, pid: 72866, t: 1.2032s scanners: clamav: 0.88.5/m:40/d:2060 spam: 3.1.5 Received: from unknown (HELO ?192.168.1.169?) (peter@wingless.org@unknown) by unknown with SMTP; Thu, 25 Oct 2007 04:43:06 +0000 Date: Wed, 24 Oct 2007 21:43:04 -0700 From: Peter Kieser To: freebsd-current@freebsd.org Message-id: <47201ED8.2090600@wingless.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on satan.pfak.org User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) X-Spam-Status: No, score=-2.6 required=4.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.8 X-Spam-Level: Subject: ipv6 ipfilter + keep state bug? (releng_7) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2007 04:43:52 -0000 Hello, I'm having similar issues (intermittent connectivity as if the dynamic rule table isn't being kept properly) using IP Filter with IPv6 and keep state rules as I was having with ipfw (see "ipfw2 keep-state + IPv6 on RELENG_7"), IPv4 keep state rules work as expected. I've verified that it is not infact a network problem (adding an "allow all" fixes the problem again). My rules are as follows, CVSup from today (Wed Oct 24 10:54:23 PDT), em0 is my external interface: pass in quick on lo0 all pass out quick on lo0 all pass out quick on em0 keep state pass in quick on em0 proto tcp from any to any port = 22 Has anyone reproduced this problem, or am I doing something totally wrong? I'm willing to help debug the issue.. Cheers, -Peter