Date: Tue, 30 Sep 2003 14:14:12 +1000 From: Jason <talon@unix.org.au> To: freebsd-security@freebsd.org Subject: Re: IPFILTER_DEFAULT_BLOCK & No route to host Message-ID: <20030930141412.0443f6b4.talon@unix.org.au> In-Reply-To: <20030930032735.73176.qmail@web41204.mail.yahoo.com> References: <20030930032735.73176.qmail@web41204.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--L0+3vfn3=.5R8LvD
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Mon, 29 Sep 2003 20:27:35 -0700 (PDT)
echelon <e_chelon@yahoo.com> wrote:
> Hi,
>
> After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
> with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
>
> Thank you.
> e_chelon
>
This is IPF's proper behavior
You will need to add some rules to your ipf.rules file.
try adding the rules,
pass in quick on lo0 all
pass out quick on lo0 all
pass in log quick on (some nic) all
pass out log quick on (some nic) all
run /sbin/ipf -Fa -f /etc/ipf.rules
when your done :)
--
Talon
--L0+3vfn3=.5R8LvD
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/eQMeklIE3tOD8U8RArLtAKCOrFoYENcuFugmdC5Gia+3j6H5+gCfZa2h
u4FRcq5k3DtDVvFAfa+SZUc=
=nvQz
-----END PGP SIGNATURE-----
--L0+3vfn3=.5R8LvD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030930141412.0443f6b4.talon>