Date: Tue, 22 May 2001 08:24:00 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Chojin" <chojin@nerim.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: IPF Rule problem Message-ID: <009501c0e2c2$7712d6b0$3028680a@tgt.com> References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin>
next in thread | previous in thread | raw e-mail | index | archive | help
Your block in rule broke it. The previous accepts were probably from a rule you didn't list. # in rare cases do we change these rules pass in quick on lo0 pass out quick on lo0 Look through your rules and you will probably see this. That is why they worked. 127.0.0.1 is on lo0. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Chojin" <chojin@nerim.net> To: <freebsd-security@FreeBSD.ORG> Sent: Tuesday, May 22, 2001 7:05 AM Subject: IPF Rule problem > In my rules I put this: > pass out quick proto tcp from any to any keep state > pass out quick proto udp from any to any keep state > pass out quick proto icmp from any to any keep state > block out quick all > > (123.123.123.123 is an example) > pass in quick proto tcp from any to any port = 23 keep state > ... > block in log quick all > > When I use telnet -s 192.168.69.1 123.123.123.123 it works > telnet -s 127.0.0.1 123.123.123.123 works too > telnet -s 123.123.123.123 123.123.123.123 doesn't work > > Why ? > > Regards. > > Chojin > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?009501c0e2c2$7712d6b0$3028680a>