Date: Tue, 22 May 2001 08:28:51 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: <freebsd-security@freebsd.org>, <chojin@nerim.net> Subject: Re: IPF Rule problem Message-ID: <00b101c0e2c3$248722b0$3028680a@tgt.com> References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin> <009501c0e2c2$7712d6b0$3028680a@tgt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I misready your email below. Perhaps you should send your entire ruleset to the list -- a partial list is probably not good enough. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Chojin" <chojin@nerim.net>; <freebsd-security@FreeBSD.ORG> Sent: Tuesday, May 22, 2001 8:24 AM Subject: Re: IPF Rule problem > Your block in rule broke it. The previous accepts were probably from a rule > you didn't list. > > # in rare cases do we change these rules > pass in quick on lo0 > pass out quick on lo0 > > Look through your rules and you will probably see this. That is why they > worked. 127.0.0.1 is on lo0. > > Tom Veldhouse > veldy@veldy.net > > ----- Original Message ----- > From: "Chojin" <chojin@nerim.net> > To: <freebsd-security@FreeBSD.ORG> > Sent: Tuesday, May 22, 2001 7:05 AM > Subject: IPF Rule problem > > > > In my rules I put this: > > pass out quick proto tcp from any to any keep state > > pass out quick proto udp from any to any keep state > > pass out quick proto icmp from any to any keep state > > block out quick all > > > > (123.123.123.123 is an example) > > pass in quick proto tcp from any to any port = 23 keep state > > ... > > block in log quick all > > > > When I use telnet -s 192.168.69.1 123.123.123.123 it works > > telnet -s 127.0.0.1 123.123.123.123 works too > > telnet -s 123.123.123.123 123.123.123.123 doesn't work > > > > Why ? > > > > Regards. > > > > Chojin > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b101c0e2c3$248722b0$3028680a>