Date: Mon, 09 Aug 2010 15:21:51 +0300 From: Eugenijus Urbonas <eugenijusu@inbox.lv> To: freebsd-questions@freebsd.org Subject: ipf filter: froblem with "keep state" or "flags S" parameter Message-ID: <4C5FF2DF.6090102@inbox.lv>
next in thread | raw e-mail | index | archive | help
Hello! Some time ago I already had business with ipf and everything was ok (I used manual to create rules), server worked perfetcly. Now I'am trying to setup the same server, but with newer version of FreeBSD (8.1-RELEASE), the same manuals, the same settings, everything works except firewall, and there is something strange: for example, I have rules in my /etc/ipf.rules: Code: pass out quick on fxp0 all pass in log quick on fxp0 proto tcp from any to any port = 80 block in log first quick on fxp0 all in this case ipmon shows: Code: ... fxp0 *@0:1 p *xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... that is OK now I change second rule to: Code: pass in log quick on fxp0 proto tcp from any to any port = 80 flags S keep state # because I want to use statefull firewall ofcourse in this case ipmon shows: Code: ... fxp0 *@0:2 b* xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... and that is NOT OK I don't understand why, but now my connection does not match my rule... why? can someone explain in to me? May it be that there is some kind of bug and i have to patch my system?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C5FF2DF.6090102>