Date: Mon, 18 Oct 2004 14:31:41 +0200 From: Jeroen van Nieuwenhuizen <jnieuwen@jeroen.se> To: freebsd-current@freebsd.org Subject: ipfilter keep state troubles Message-ID: <20041018123141.GB10716@hermod.jeroen.se>
next in thread | raw e-mail | index | archive | help
--QTprm0S8XgL7H0Dt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello all, Using the RELENG_5_3 tag I ran into some troubles using ipfilter compiled into the kernel with default policy set to block. The problem is that I can no longer ping the local interface with the command: ping 127.0.0.1. Using a simpeler firewall configuration I noted that it has probably something to do with the keep state directive Using the rules pass out all pass in all I can ping to 127.0.0.1 Using the rules pass out all keep state pass in all I can not ping to 127.0.0.1 Anyone any ideas? Kind regards, Jeroen --=20 Jeroen van Nieuwenhuizen (M.Sc[CompSc]) jnieuwen@jeroen.se http://www.jeroen.se I know I'm not perfect but I can smile --QTprm0S8XgL7H0Dt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBc7etEEpVlsaqr2ERApYsAKCBYhmcAisVMoaxuAENZ71k+CNG2ACbB0Wz lE37kGzEbmTI0khj9BGLi8Q= =/9PX -----END PGP SIGNATURE----- --QTprm0S8XgL7H0Dt--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041018123141.GB10716>