From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 23 16:21:22 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7583F16A41F
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Jun 2005 16:21:22 +0000 (GMT)
	(envelope-from freebsd@meijome.net)
Received: from sigma.octantis.com.au (sigma.octantis.com.au [207.44.188.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2740A43D49
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Jun 2005 16:21:21 +0000 (GMT)
	(envelope-from freebsd@meijome.net)
Received: (qmail 10683 invoked from network); 24 Jun 2005 02:21:21 +1000
Received: from unknown (HELO ?192.168.13.3?) (202.59.110.3)
	by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP;
	24 Jun 2005 02:21:20 +1000
Message-ID: <42BAE17A.4040503@meijome.net>
Date: Fri, 24 Jun 2005 02:21:14 +1000
From: Norberto Meijome <freebsd@meijome.net>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <BAY20-F271D2273E9724F83E2D293A8EA0@phx.gbl>
In-Reply-To: <BAY20-F271D2273E9724F83E2D293A8EA0@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: IPFILTER 'again' ?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2005 16:21:22 -0000

Stephan Weaver wrote:
> Hello,
> 
> I notice this in my /var/log/ipfilter.log.
> 23/06/2005 10:36:06.691347 vr0 @0:29 b 196.3.132.4,53 -> 
> 192.168.1.1,61827 PR udp len 20 66 IN
> 23/06/2005 10:36:07.652341 vr0 @0:29 b 196.3.132.4,53 -> 
> 192.168.1.1,61828 PR udp len 20 70 IN

which one is rule #29? ( ipfstat -ion ). that's the one that's hitting 
to get blocked.

FWIW, my counting from the top (skipping comments) is

> block in log first quick on vr0 proto tcp all flags U/SFRAU

... i cant make much sense of this (no surprises there :-D), tcp rule 
blocking udp...so I'm pretty certain I'm wrong in something obvious.

cheers,
beto