From owner-freebsd-security@FreeBSD.ORG  Mon Sep 29 21:10:09 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57DF416A4B3
	for <freebsd-security@freebsd.org>;
	Mon, 29 Sep 2003 21:10:09 -0700 (PDT)
Received: from shadowspawn.unix.org.au (unix.org.au [202.22.160.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C9C5D44032
	for <freebsd-security@freebsd.org>;
	Mon, 29 Sep 2003 21:10:07 -0700 (PDT)
	(envelope-from talon@unix.org.au)
Received: from forsaken.unix.org.au (shadowspawn.unix.org.au [10.0.0.20])
	by shadowspawn.unix.org.au (Postfix) with SMTP id C86A57457B
	for <freebsd-security@freebsd.org>;
	Tue, 30 Sep 2003 14:14:22 +1000 (EST)
Date: Tue, 30 Sep 2003 14:14:12 +1000
From: Jason <talon@unix.org.au>
To: freebsd-security@freebsd.org
Message-Id: <20030930141412.0443f6b4.talon@unix.org.au>
In-Reply-To: <20030930032735.73176.qmail@web41204.mail.yahoo.com>
References: <20030930032735.73176.qmail@web41204.mail.yahoo.com>
Organization: Data Storm
X-Mailer: Sylpheed version 0.9.3claws (GTK+ 1.2.10; i386-portbld-freebsd4.8)
X-Operating-System: 
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha1"; boundary="L0+3vfn3=.5R8LvD"
Subject: Re: IPFILTER_DEFAULT_BLOCK & No route to host
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2003 04:10:09 -0000

--L0+3vfn3=.5R8LvD
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 29 Sep 2003 20:27:35 -0700 (PDT)
echelon <e_chelon@yahoo.com> wrote:

> Hi,
> 
> After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
> with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
> 

> Thank you.
> e_chelon
> 

This is IPF's proper behavior

You will need to add some rules to your ipf.rules file.

try adding the rules,

     pass in quick on lo0 all
     pass out quick on lo0 all

     pass in log quick on (some nic) all
     pass out log quick on (some nic) all

run /sbin/ipf -Fa -f /etc/ipf.rules
when your done :)

-- 

Talon

--L0+3vfn3=.5R8LvD
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE/eQMeklIE3tOD8U8RArLtAKCOrFoYENcuFugmdC5Gia+3j6H5+gCfZa2h
u4FRcq5k3DtDVvFAfa+SZUc=
=nvQz
-----END PGP SIGNATURE-----

--L0+3vfn3=.5R8LvD--