From owner-freebsd-stable  Sun May  5  6:32:42 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from grindking.dyndns.org (dialin-212-144-131-015.arcor-ip.net [212.144.131.15])
	by hub.freebsd.org (Postfix) with ESMTP id 7AC6337B40D
	for <freebsd-stable@freebsd.org>; Sun,  5 May 2002 06:32:15 -0700 (PDT)
Received: by grindking.dyndns.org (Postfix, from userid 1001)
	id BFC7340BE; Sun,  5 May 2002 15:32:04 +0200 (CEST)
Date: Sun, 5 May 2002 15:32:04 +0200
From: Michael Riexinger <mailinglists@grindking.de>
To: freebsd-stable@freebsd.org
Subject: Re: ipfilter problem
Message-ID: <20020505133204.GA667@grind.grind.dom>
Mail-Followup-To: freebsd-stable@freebsd.org
References: <20020504223450.GA1025@grind.grind.dom> <20020505152314.B73550@mail.webmonster.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020505152314.B73550@mail.webmonster.de>
User-Agent: Mutt/1.3.28i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Sun May  5 15:23:14 2002, Karsten W. Rohrbach wrote:
> the problem can only be analyzed efficiently if you show us the rest of
> the ruleset. anything else is pure guesswork, based on assumptions about
> your ipf configuration.
> 
> regards,
> /k
Ok, here they are. But I wonder why it worked withot problems with
previous versions of FreeBSD/ipfilter. With netstat I can see FIN_WAIT_1
states to the newsserver. 
(tcp4       0      0  dialin-212-144-1.49368 news.fu-berlin.d.nntp  
FIN_WAIT_1)


pass in quick on lo0 all
pass out quick on lo0 all

pass in quick on ed0 all
pass out quick on ed0 all

pass out quick on isp0 proto tcp/udp from any to any keep state
pass out quick on isp0 proto icmp from any to any keep state

pass in quick on isp0 proto tcp from any to any port = 80
pass in quick on isp0 proto tcp from any to any port = 60000 

block return-icmp-as-dest(host-unr) in log quick on isp0 proto icmp from
any to any 
block return-rst in log quick on isp0 proto tcp from any to any
block return-icmp(port-unr) in log quick on isp0 proto udp from any to
any

greets,
Michael

-- 
"Testing? What's that? If it compiles, it is good, 
if it boots up, it is perfect."  -- Linus Torvalds 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message