From owner-freebsd-questions@FreeBSD.ORG Sat Aug 26 23:55:49 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72D1416A4E1 for ; Sat, 26 Aug 2006 23:55:49 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from igloo.linux.gr (igloo.linux.gr [62.1.205.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B25843D45 for ; Sat, 26 Aug 2006 23:55:47 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.pc (patr530-a089.otenet.gr [212.205.215.89]) (authenticated bits=128) by igloo.linux.gr (8.13.7/8.13.7/Debian-2) with ESMTP id k7QNtWJN031949 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 27 Aug 2006 02:55:35 +0300 Received: from gothmog.pc (gothmog [127.0.0.1]) by gothmog.pc (8.13.7/8.13.7) with ESMTP id k7QNtG4l003452; Sun, 27 Aug 2006 02:55:16 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.pc (8.13.7/8.13.7/Submit) id k7QNtGea003451; Sun, 27 Aug 2006 02:55:16 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 27 Aug 2006 02:55:16 +0300 From: Giorgos Keramidas To: "J.D. Bronson" Message-ID: <20060826235516.GA3421@gothmog.pc> References: <7.0.1.0.2.20060826150124.01982d10@sixcompanies.com> <20060826204015.GI1311@gothmog.pc> <7.0.1.0.2.20060826160530.01982d10@sixcompanies.com> <20060826220706.GC2666@gothmog.pc> <7.0.1.0.2.20060826170941.01982d10@sixcompanies.com> <20060826221904.GD2666@gothmog.pc> <7.0.1.0.2.20060826174612.01982d10@sixcompanies.com> <20060826233750.GA3300@gothmog.pc> <7.0.1.0.2.20060826185111.01970438@sixcompanies.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7.0.1.0.2.20060826185111.01970438@sixcompanies.com> X-Hellug-MailScanner: Found to be clean X-Hellug-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.855, required 5, autolearn=not spam, AWL -0.26, BAYES_00 -2.60, UNPARSEABLE_RELAY 0.00) X-Hellug-MailScanner-From: keramida@ceid.upatras.gr X-Spam-Status: No Cc: freebsd-questions@freebsd.org, Duane Hill Subject: Re: ipfilter on 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Aug 2006 23:55:49 -0000 On 2006-08-26 18:52, "J.D. Bronson" wrote: > At 06:37 PM 8/26/2006, Giorgos Keramidas wrote: > >Cool! If this is indeed the fix, let us know :) > > > >If you also feel like it and you are not limited by contract or > >other things, I'd be interested to see how you modified IP Filter > >to make it use a "block by default" policy. > > > >Regards, > >Giorgos > > This fixed it. WHEW! Great :) > Simply adding this to my own kernel: > > options IPFILTER > options IPFILTER_LOG > options IPFILTER_DEFAULT_BLOCK Ok this was what I wanted to make sure :) > then: > > # ipf -V > > ipf: IP Filter: v4.1.8 (416) > Kernel: IP Filter: v4.1.8 > Running: yes > Log Flags: 0 = none set > Default: block all, Logging: available > Active list: 0 > Feature mask: 0xa