Date: Tue, 30 Sep 2003 04:23:25 -0700 (PDT) From: echelon <e_chelon@yahoo.com> To: Darren Reed <avalon@caligula.anu.edu.au> Cc: freebsd-stable@freebsd.org Subject: Re: IPFILTER_DEFAULT_BLOCK & No route to host Message-ID: <20030930112325.48361.qmail@web41204.mail.yahoo.com> In-Reply-To: <200309300349.h8U3nosJ005713@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, may be this is fine to get "No route to host" when ping 127.0.0.1/ localhost if IPFILTER_DEFAULT_BLOCK option is set. However, I use the following rules for the internal network interface (xl1) # Group 9000 (internal network interface) block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 23 group 9000 block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 21 group 9000 pass in quick on xl1 all group 9000 With these rules, I believe I should able to ping and SSH the freebsd box from my internal network no matter the option IPFILTER_DEFAULT_BLOCK is set or not. However, this is true only if the IPFILTER_DEFAULT_BLOCK option is removed. The same rules were used with IPFilter 3.4.18 on FreeBSD 4.2 and no such problem was encountered. Thanks. e_chelon --- Darren Reed <avalon@caligula.anu.edu.au> wrote: > > That's how it is meant to work. > > Good to know it's working as intended. > > Cheers, > Darren > __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030930112325.48361.qmail>