From owner-freebsd-security  Tue Nov  3 00:24:40 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA05910
          for freebsd-security-outgoing; Tue, 3 Nov 1998 00:24:40 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from witch.xtra.co.nz (witch.xtra.co.nz [202.27.184.8])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA05905
          for <freebsd-security@FreeBSD.ORG>; Tue, 3 Nov 1998 00:24:34 -0800 (PST)
          (envelope-from junkmale@pop3.xtra.co.nz)
Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87])
	by witch.xtra.co.nz (8.9.1/8.9.1) with SMTP id VAA21281;
	Tue, 3 Nov 1998 21:24:11 +1300 (NZDT)
Message-Id: <199811030824.VAA21281@witch.xtra.co.nz>
From: "Dan Langille" <junkmale@xtra.co.nz>
Organization: DVL Software Limited
To: Darren Reed <avalon@coombs.anu.edu.au>
Date: Tue, 3 Nov 1998 21:24:20 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: IPFW problems...
Reply-to: junkmale@xtra.co.nz
CC: freebsd-security@FreeBSD.ORG
In-reply-to: <199811030816.VAA26113@predator.xtra.co.nz>
References: <199811022300.MAA19467@cyclops.xtra.co.nz> from "Dan Langille" at Nov 3, 98 12:00:24 pm
X-mailer: Pegasus Mail for Win32 (v3.01b)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 3 Nov 98, at 19:16, Darren Reed wrote:

> In some mail from Dan Langille, sie said:
> > 
> > As for my traceroute problems, my mind is unclear.  I admit that I
> > didn't take full notes.  As such, I supply the following in the hopes
> > that it may trigger something when you read it.  If it does not, then I
> > will reinstall IP Filter and get the full story.
> > 
> > I'm using IP Filter 3.2.9 under FreeBSD 2.2.7 RELEASE.
> > 
> > I believe I was able to traceroute when using NAT and without any deny
> > rules.  When I tried to add in the example firewall rules (from
> > rules/BASIC_2.FW), I found that disabling the following rule allowed
> > traceroute to work:
> > 
> > block in log quick all with short
> > 
> > When this rule was present, traceroute did not work at all.
> 
> Well, for whatever reason, I also appear to have licked this one in the
> most recent beta (3.2.10beta6) which I'm hoping to get out of beta RSN
> with as many of the niggling problems people are experiencing fixes as
> possible.
> 
> I'm not sure why it should have been a problem, however, since
> that should (only) match tiny fragments.

Well, if it's any help, I'm willing to test with any beta objects you're 
willing to let me have.

cheers.

--
Dan Langille
The FreeBSD Diary
http://www.FreeBSDDiary.com/freebsd

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message