From owner-freebsd-current@FreeBSD.ORG Mon Oct 18 12:31:44 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3286A16A4CE for ; Mon, 18 Oct 2004 12:31:44 +0000 (GMT) Received: from hermod.jeroen.se (vanaheim.demon.nl [82.161.130.45]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46E7843D46 for ; Mon, 18 Oct 2004 12:31:43 +0000 (GMT) (envelope-from jnieuwen@jeroen.se) Received: by hermod.jeroen.se (Postfix, from userid 1001) id CD9B64142; Mon, 18 Oct 2004 14:31:41 +0200 (CEST) Date: Mon, 18 Oct 2004 14:31:41 +0200 From: Jeroen van Nieuwenhuizen To: freebsd-current@freebsd.org Message-ID: <20041018123141.GB10716@hermod.jeroen.se> Mail-Followup-To: freebsd-current@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QTprm0S8XgL7H0Dt" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: Project Phoenix The Legend X-Copyright: J.C. van Nieuwenhuizen [M.Sc]. X-Disclaimer: This message is an illusion. X-There: Is More Then One Way To Do It. X-Operating-System: FreeBSD 5.2.1-RELEASE-p8 i386 X-Mailman-Approved-At: Mon, 18 Oct 2004 12:43:20 +0000 Subject: ipfilter keep state troubles X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 12:31:44 -0000 --QTprm0S8XgL7H0Dt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello all, Using the RELENG_5_3 tag I ran into some troubles using ipfilter compiled into the kernel with default policy set to block. The problem is that I can no longer ping the local interface with the command: ping 127.0.0.1. Using a simpeler firewall configuration I noted that it has probably something to do with the keep state directive Using the rules pass out all pass in all I can ping to 127.0.0.1 Using the rules pass out all keep state pass in all I can not ping to 127.0.0.1 Anyone any ideas? Kind regards, Jeroen --=20 Jeroen van Nieuwenhuizen (M.Sc[CompSc]) jnieuwen@jeroen.se http://www.jeroen.se I know I'm not perfect but I can smile --QTprm0S8XgL7H0Dt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBc7etEEpVlsaqr2ERApYsAKCBYhmcAisVMoaxuAENZ71k+CNG2ACbB0Wz lE37kGzEbmTI0khj9BGLi8Q= =/9PX -----END PGP SIGNATURE----- --QTprm0S8XgL7H0Dt--