From owner-freebsd-questions@FreeBSD.ORG Mon Aug 9 12:41:29 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A13971065672 for ; Mon, 9 Aug 2010 12:41:29 +0000 (UTC) (envelope-from eugenijusu@inbox.lv) Received: from mail.balticom.lv (mail.balticom.lv [82.193.64.9]) by mx1.freebsd.org (Postfix) with ESMTP id 2DC928FC16 for ; Mon, 9 Aug 2010 12:41:28 +0000 (UTC) Received: from [192.168.77.1] (balticom-16-217.balticom.lv [77.93.16.217]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.balticom.lv (Postfix) with ESMTP id DD85D85489 for ; Mon, 9 Aug 2010 15:17:16 +0300 (EEST) Message-ID: <4C5FF2DF.6090102@inbox.lv> Date: Mon, 09 Aug 2010 15:21:51 +0300 From: Eugenijus Urbonas User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipf filter: froblem with "keep state" or "flags S" parameter X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Aug 2010 12:41:29 -0000 Hello! Some time ago I already had business with ipf and everything was ok (I used manual to create rules), server worked perfetcly. Now I'am trying to setup the same server, but with newer version of FreeBSD (8.1-RELEASE), the same manuals, the same settings, everything works except firewall, and there is something strange: for example, I have rules in my /etc/ipf.rules: Code: pass out quick on fxp0 all pass in log quick on fxp0 proto tcp from any to any port = 80 block in log first quick on fxp0 all in this case ipmon shows: Code: ... fxp0 *@0:1 p *xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... that is OK now I change second rule to: Code: pass in log quick on fxp0 proto tcp from any to any port = 80 flags S keep state # because I want to use statefull firewall ofcourse in this case ipmon shows: Code: ... fxp0 *@0:2 b* xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... and that is NOT OK I don't understand why, but now my connection does not match my rule... why? can someone explain in to me? May it be that there is some kind of bug and i have to patch my system?