From owner-freebsd-stable  Sun Mar 25 22: 5:16 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
	by hub.freebsd.org (Postfix) with ESMTP id AAB6537B71D
	for <freebsd-stable@freebsd.org>; Sun, 25 Mar 2001 22:05:14 -0800 (PST)
	(envelope-from randy@psg.com)
Received: from randy by rip.psg.com with local (Exim 3.16 #1)
	id 14hQ7u-000MmI-00
	for freebsd-stable@freebsd.org; Sun, 25 Mar 2001 22:05:14 -0800
From: Randy Bush <randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: FreeBSD Stable <freebsd-stable@freebsd.org>
Subject: ipfilter and aliases
Message-Id: <E14hQ7u-000MmI-00@rip.psg.com>
Date: Sun, 25 Mar 2001 22:05:14 -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

freebsd -stable a few daze old

my ether port is highly aliased, to collapse some old hosts and to serve
some virtual mod_ssl hosts.  it seems that simple rules such as

    pass in quick proto tcp from any to any port = 80 flags S/SFRA keep state

will let things in to the mail ip address on fxp0, but not to aliases.  i
get

    13:43:37.716877 3x fxp0 @0:31 b foo.bar.net,48841 -> alias.here,http \
                     PR tcp len 20 566 -AP IN 

clues solicited

randy

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message