From owner-freebsd-stable@FreeBSD.ORG Fri Mar 11 12:50:58 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22EA816A4CE for ; Fri, 11 Mar 2005 12:50:58 +0000 (GMT) Received: from mail.gmx.net (pop.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id CA4EA43D53 for ; Fri, 11 Mar 2005 12:50:56 +0000 (GMT) (envelope-from emanuel.strobl@gmx.net) Received: (qmail invoked by alias); 11 Mar 2005 12:50:55 -0000 Received: from flb.schmalzbauer.de (EHLO cale.flintsbach.schmalzbauer.de) (62.245.232.135) by mail.gmx.net (mp020) with SMTP; 11 Mar 2005 13:50:55 +0100 X-Authenticated: #301138 From: Emanuel Strobl To: freebsd-stable@freebsd.org Date: Fri, 11 Mar 2005 13:50:47 +0100 User-Agent: KMail/1.7.2 References: <20050212061756.GF4769@kt-is.co.kr> <200502211924.10327.max@love2party.net> <200503111311.03343@harrymail> In-Reply-To: <200503111311.03343@harrymail> X-Birthday: 10/06/72 X-CelPhone: +49 173 9967781 X-Tel: +49 89 18947781 X-Country: Germany X-Address: Munich, 80686 X-OS: FreeBSD MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2763250.1f29yxMuzH"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200503111350.52724@harrymail> X-Y-GMX-Trusted: 0 cc: Max Laier cc: Daniel Hartmeier cc: yongari@kt-is.co.kr cc: stable@freebsd.org cc: pf@freebsd.org Subject: Re: Return-icmp doesn't work [Was: Re: Recent panics caused by pf] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2005 12:50:58 -0000 --nextPart2763250.1f29yxMuzH Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Freitag, 11. M=E4rz 2005 13:10 schrieb Emanuel Strobl: > I'm on the firewall again and verified that block return works for tcp-rs= t, > but not for return-icmp (with or without code), it seems packets just get > droped, regardless for which protocol (tested UDP, ICMP, TCP). Sorry for the noise, it's my mistake, ping doesn't show me the error messag= e.=20 I think I can remember that the last time I created/tested a ruleset (with= =20 4.6) I got detaild error messages like "telnet: connect to address 82.135.28.195: Destination Host Unreachable" but now I just get=20 "telnet: connect to address 82.135.28.195: Connection refused" without the error report. Is it possible that in former times these ICMP error messages were printed = on=20 the console which now the kernel doesn't anymore? > > Then I have another problem which may be a design problem. > I am multihomed and have several pass reply-to rules. So far things are > working fine but block return doesn't! Of course, the return gets over the > default route, so what I needed is a block return route-to or something > like that. > Do you know any detour how this could be achieved? This problem is still unsolved :( Thnaks, =2DHarry > > Thanks, > > -Harry > > > > Thanks, > > > > > > > > > -Harry (P.S.: Emanuel and Harry are the same persons (me) the gmx > > > address is just a fake identity for mailing lists) > > > > okay ... you see us perplexed ;) --nextPart2763250.1f29yxMuzH Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCMZQsBylq0S4AzzwRAhdNAJwMOPgSOuDpXREjcI0ryPZrKgM06gCcD+C5 h3zMRkKHi7Aqs/4ZVDnSZy4= =6RHR -----END PGP SIGNATURE----- --nextPart2763250.1f29yxMuzH--