From owner-freebsd-isp Thu Dec 13 9:30:56 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.day-light.net (dle.day-light.net [64.37.72.2]) by hub.freebsd.org (Postfix) with ESMTP id 61B3E37B405 for ; Thu, 13 Dec 2001 09:30:53 -0800 (PST) Received: from w1 (118-203.bestdsl.net [216.162.118.203]) by mail.day-light.net (Postfix) with SMTP id A097743E52; Thu, 13 Dec 2001 11:30:52 -0600 (CST) Reply-To: From: "John Brooks" To: "'Fabrizio Ravazzini'" Cc: Subject: RE: Ipf & Bridging ??? Date: Thu, 13 Dec 2001 11:28:16 -0600 Message-ID: <000901c183fb$9108fd80$1505010a@daylight.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <20011213164800.67963.qmail@web20102.mail.yahoo.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Some items to check Are you positive that rl0 is on the internet side? Is that your entire ruleset? it would help to see all the rules and their order Did you also flush out the state table? there may be previously allowed connections bypassing the new rules - run: ipf -FS What does /var/log/ipflog show? (assuming default location) Add the keyword "log" to all rules then run: ipf -Fa -f /path/to/rules/ipf.rules -E tail -f /path/to/logfile/ipflog You should be able to see each new log entry as it occurs Run: dmesg | grep "IP Filter" (you should get a response) Run: ipfstat -hion (shows activity per rule) Run: ifconfig -a (confirm your nics) Is this a new box? Is this box currently in use? Have you ever had ipf running on this box before? So many questions... -- John Brooks Email: john@stlbsd.org -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Thursday, December 13, 2001 10:48 AM To: john@day-light.com Cc: freebsd-isp@freebsd.org Subject: RE: Ipf & Bridging ??? hello thanks for the help, ipf is installed in the kernel i compiled, options IPFILTER options IPFILTER_LOG There's also the ipfiletr_enable="YES" in my rc.conf in /etc/ipf.rules: pass in all pass out all block in quick on rl0 from any to any then if I digit: ipf -Fa -f /path/to/rules/ipf.rules -E I have the output: IP Filter:already initialized IP Filter:already initialized But there is still the problem, can you help me? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message