From owner-freebsd-security  Tue May 22  6:24: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28])
	by hub.freebsd.org (Postfix) with ESMTP id B992837B424
	for <freebsd-security@FreeBSD.ORG>; Tue, 22 May 2001 06:24:04 -0700 (PDT)
	(envelope-from veldy@veldy.net)
Received: from HP2500B (fuggle.veldy.net [64.1.117.28])
	by veldy.net (Postfix) with SMTP
	id C12E1BA56; Tue, 22 May 2001 08:24:01 -0500 (CDT)
Message-ID: <009501c0e2c2$7712d6b0$3028680a@tgt.com>
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Chojin" <chojin@nerim.net>, <freebsd-security@FreeBSD.ORG>
References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin>
Subject: Re: IPF Rule problem
Date: Tue, 22 May 2001 08:24:00 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Your block in rule broke it.  The previous accepts were probably from a rule
you didn't list.

# in rare cases do we change these rules
pass in quick on lo0
pass out quick on lo0

Look through your rules and you will probably see this.  That is why they
worked.  127.0.0.1 is on lo0.

Tom Veldhouse
veldy@veldy.net

----- Original Message -----
From: "Chojin" <chojin@nerim.net>
To: <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, May 22, 2001 7:05 AM
Subject: IPF Rule problem


> In my rules I put this:
> pass out quick proto tcp from any to any keep state
> pass out quick proto udp from any to any keep state
> pass out quick proto icmp from any to any keep state
> block out quick all
>
> (123.123.123.123 is an example)
> pass in quick proto tcp from any to any port = 23 keep state
> ...
> block in log quick all
>
> When I use telnet -s 192.168.69.1 123.123.123.123 it works
> telnet -s 127.0.0.1 123.123.123.123 works too
> telnet -s 123.123.123.123 123.123.123.123  doesn't work
>
> Why ?
>
> Regards.
>
> Chojin
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message