From owner-freebsd-sparc64@FreeBSD.ORG  Thu Dec  6 11:06:48 2007
Return-Path: <owner-freebsd-sparc64@FreeBSD.ORG>
Delivered-To: freebsd-sparc64@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7127F16A417
	for <freebsd-sparc64@freebsd.org>; Thu,  6 Dec 2007 11:06:48 +0000 (UTC)
	(envelope-from lkh@flipper.lnet.fi)
Received: from smtp.lnet.fi (smtp.lnet.fi [86.50.48.17])
	by mx1.freebsd.org (Postfix) with ESMTP id 319D913C45A
	for <freebsd-sparc64@freebsd.org>; Thu,  6 Dec 2007 11:06:48 +0000 (UTC)
	(envelope-from lkh@flipper.lnet.fi)
Received: from flipper.lnet.fi (flipper.lnet.fi [86.50.40.226])
	by smtp.lnet.fi (Postfix) with ESMTP id CDA1213766F;
	Thu,  6 Dec 2007 12:39:20 +0200 (EET)
Received: by flipper.lnet.fi (Postfix, from userid 256)
	id DD0E61FC; Thu,  6 Dec 2007 12:39:20 +0200 (EET)
Date: Thu, 6 Dec 2007 12:39:20 +0200
From: Lasse Holmberg <lape63@soul.lnet.fi>
To: freebsd-sparc64@freebsd.org
Message-ID: <20071206103920.GA35717@flipper.lnet.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: 6.3-RC1:  IPFILTER (ipf) firewall not working?
X-BeenThere: freebsd-sparc64@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting FreeBSD to the Sparc <freebsd-sparc64.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-sparc64>, 
	<mailto:freebsd-sparc64-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-sparc64>
List-Post: <mailto:freebsd-sparc64@freebsd.org>
List-Help: <mailto:freebsd-sparc64-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-sparc64>,
	<mailto:freebsd-sparc64-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2007 11:06:48 -0000

Hej,

I can't get ipf working with 6.3-RC1, ipmon just keeps logging:

Dec  6 11:50:19 riks ipmon[506]: 11:50:18.378898 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec  6 11:50:25 riks ipmon[506]: 11:50:24.378765 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec  6 11:50:37 riks ipmon[506]: 11:50:36.378748 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad
Dec  6 11:51:01 riks ipmon[506]: 11:51:00.378835 hme0 @0:3 b 172.16.0.2,1475 -> 172.16.0.3,22 PR tcp len 20 60 -S IN bad

regards, Lasse

-- --

kernel version:
FreeBSD riks.homenet 6.3-RC1 FreeBSD 6.3-RC1 #0: Wed Nov 28 00:37:51 UTC 2007     root@edmunds.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  sparc64


boot messages:
Dec  6 11:48:59 riks kernel: IP Filter: v4.1.28 initialized.  Default = pass all, Logging = enabled
Dec  6 11:48:59 riks kernel: Enabling ipfilter.
Dec  6 11:48:59 riks kernel: Starting ipmon.


/etc/rc.conf:
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"


/etc/ipf.rules:
pass in quick on lo0 all
pass out quick on lo0 all
#
pass out quick on hme0 proto tcp from any to $MY-DNS-IP port = 53 flags S keep state
pass out quick on hme0 proto udp from any to $MY-DNS-IP port = 53 keep state
pass out quick on hme0 proto tcp from any to any flags S keep state
#
pass in log first quick on hme0 proto tcp from any to any port = 22 flags S keep state
#
block in log first quick on hme0 all
block in log first quick on hme1 all