From owner-freebsd-questions@FreeBSD.ORG Thu Jun 9 19:24:34 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60BF916A41C for ; Thu, 9 Jun 2005 19:24:34 +0000 (GMT) (envelope-from sineathj1@citadel.edu) Received: from imf16aec.mail.bellsouth.net (imf16aec.mail.bellsouth.net [205.152.59.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id F193943D53 for ; Thu, 9 Jun 2005 19:24:33 +0000 (GMT) (envelope-from sineathj1@citadel.edu) Received: from ibm56aec.bellsouth.net ([65.0.232.44]) by imf16aec.mail.bellsouth.net with ESMTP id <20050609192432.CQSL13767.imf16aec.mail.bellsouth.net@ibm56aec.bellsouth.net> for ; Thu, 9 Jun 2005 15:24:32 -0400 Received: from GARUDA ([65.0.232.44]) by ibm56aec.bellsouth.net with SMTP id <20050609192432.LVRL11957.ibm56aec.bellsouth.net@GARUDA>; Thu, 9 Jun 2005 15:24:32 -0400 Message-ID: <001001c56d28$a67c4a90$0463a8c0@GARUDA> From: "James Bowman Sineath, III" To: "Danny Howard" References: <004301c56c8a$686010a0$0463a8c0@GARUDA> <42A88757.8070601@toldme.com> Date: Thu, 9 Jun 2005 15:23:00 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: FreeBSD Questions Subject: Re: ipf blocking pass rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2005 19:24:34 -0000 Thank you, I wasn't aware that it did that. Your response was my first impression as well, however I looked at it further and I don't believe that is the case. When I have log first in my other rules, it rarely takes effect. I used it to cut down on the number of logs produced, but it only does so within a very short amount of time. I also have not experienced that problem with any other rules or ports, even though I have log first in most of my rules. It always seems to block every other connection attempt, regardless of timing. It passes the first connection, then the second connection occurs five minutes later and is blocked, then the process is repeated. Five minutes later I get another connection attempt that is passed, then the next one is blocked five minutes later. I don't have this problem with any other ports or rules, even though this rule is identical to my other pass in rules except for port number. Thanks again. > James Bowman Sineath, III wrote: > > James, > > You should send messages to the list directly. When you start your > question by hitting "reply" to a question about shell accounts, your > message will be lumped under there in a lot of mail clients, and is less > likely to be see. > >> I have the following rule in my ipf.rules: >> >> pass in log first quick on xl0 proto tcp from any to any port = 25 keep >> state >> >> for some reason it will pass the first connection but block the next. A >> log is below. Any ideas on why this is happening would be much >> appreciated. > > I'm no IPF expert, but I'd wonder if "pass in log FIRST quick" is doing > exactly what you describe correctly ... > > -d > > -- > http://dannyman.toldme.com/ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"