Date: Mon, 07 Apr 2003 01:38:39 +0100 From: John Murphy <jfm@blueyonder.co.uk> To: questions@FreeBSD.ORG Subject: 4.8 ipfilter ruleset compatibility question Message-ID: <74i19v4isusmlrpohohodush0gnmmsutvk@4ax.com>
next in thread | raw e-mail | index | archive | help
Paranoia rules so my outside interface is currently down while I discover what has changed to cause an ipfilter ruleset which worked fine under IP Filter: v3.4.20 to be wide open without logging (apparently) with = v3.4.31. I've upgraded from 4.4 to 4.8 release by re-installation and then = copying: /etc/rc.conf and the usual others from the old drive to the new. = Including the old, previously working, ipf.rules and ipnat.rules. Everything worked except /var/log/ipf.log remained 0bytes for far too = long. top said ipmon was running. The /var/log/messages indications of ipf = startup compare favourably: Apr 1 22:01:42 wall /kernel: IP Filter: v3.4.20 initialized. Default =3D= pass all, Logging =3D enabled Apr 6 22:05:37 wall /kernel: IP Filter: v3.4.31 initialized. Default =3D= pass all, Logging =3D enabled A <cough> GRC scan showed ports scanned as closed, which is ok but = ipf.log =3D 0 and I need "stealth" and logs! I changed the first rule from: # Block all incoming packets on the external interface, and log them. block in log on ed0 all to block in log quick on ed0 all Now a GRC scan indicates "stealth" and the log file has come alive with = the usual noise. ipnat still works? I'm convinced there's no rule which overrides the first and passes = everything without logging, so has something drastically changed to cause this? Not sure if it's related but I've just tried top again: wall# top top: nlist failed John.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74i19v4isusmlrpohohodush0gnmmsutvk>