From owner-freebsd-security  Tue May 22  6:29: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28])
	by hub.freebsd.org (Postfix) with ESMTP id 23AA037B424
	for <freebsd-security@freebsd.org>; Tue, 22 May 2001 06:28:59 -0700 (PDT)
	(envelope-from veldy@veldy.net)
Received: from HP2500B (fuggle.veldy.net [64.1.117.28])
	by veldy.net (Postfix) with SMTP
	id 7D271BA56; Tue, 22 May 2001 08:28:52 -0500 (CDT)
Message-ID: <00b101c0e2c3$248722b0$3028680a@tgt.com>
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: <freebsd-security@freebsd.org>, <chojin@nerim.net>
References: <Pine.BSF.4.21.0105221226100.202-100000@portal.none.ua> <005301c0e2b7$8a4a6dc0$0245a8c0@chojin> <009501c0e2c2$7712d6b0$3028680a@tgt.com>
Subject: Re: IPF Rule problem
Date: Tue, 22 May 2001 08:28:51 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I misready your email below.  Perhaps you should send your entire ruleset to
the list -- a partial list is probably not good enough.

Tom Veldhouse
veldy@veldy.net

----- Original Message -----
From: "Thomas T. Veldhouse" <veldy@veldy.net>
To: "Chojin" <chojin@nerim.net>; <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, May 22, 2001 8:24 AM
Subject: Re: IPF Rule problem


> Your block in rule broke it.  The previous accepts were probably from a
rule
> you didn't list.
>
> # in rare cases do we change these rules
> pass in quick on lo0
> pass out quick on lo0
>
> Look through your rules and you will probably see this.  That is why they
> worked.  127.0.0.1 is on lo0.
>
> Tom Veldhouse
> veldy@veldy.net
>
> ----- Original Message -----
> From: "Chojin" <chojin@nerim.net>
> To: <freebsd-security@FreeBSD.ORG>
> Sent: Tuesday, May 22, 2001 7:05 AM
> Subject: IPF Rule problem
>
>
> > In my rules I put this:
> > pass out quick proto tcp from any to any keep state
> > pass out quick proto udp from any to any keep state
> > pass out quick proto icmp from any to any keep state
> > block out quick all
> >
> > (123.123.123.123 is an example)
> > pass in quick proto tcp from any to any port = 23 keep state
> > ...
> > block in log quick all
> >
> > When I use telnet -s 192.168.69.1 123.123.123.123 it works
> > telnet -s 127.0.0.1 123.123.123.123 works too
> > telnet -s 123.123.123.123 123.123.123.123  doesn't work
> >
> > Why ?
> >
> > Regards.
> >
> > Chojin
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message