From owner-freebsd-current Wed Jan 26 15: 2: 6 2000 Delivered-To: freebsd-current@freebsd.org Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15]) by hub.freebsd.org (Postfix) with ESMTP id 8B351152BD; Wed, 26 Jan 2000 15:01:51 -0800 (PST) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: from hades.hell.gr (pat40.x-treme.gr [212.120.197.232]) by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id BAA00618; Thu, 27 Jan 2000 01:01:36 +0200 Received: (from charon@localhost) by hades.hell.gr (8.9.3/8.9.3) id BAA03666; Thu, 27 Jan 2000 01:01:39 +0200 (EET) (envelope-from keramida@diogenis.ceid.upatras.gr) Date: Thu, 27 Jan 2000 01:01:39 +0200 From: Giorgos Keramidas To: Kris Kennaway Cc: current@FreeBSD.ORG Subject: Re: ipfilter and ipfstat Message-ID: <20000127010139.A3331@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <20000125051418.A62880@charon.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@hub.freebsd.org on Tue, Jan 25, 2000 at 09:23:23PM -0800 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E X-Phone-Number: +30-94-6203692, +30-93-2886457 X-Address: Theodorou Kirinaiou 61, 26334 Patra, Greece Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 25, 2000 at 09:23:23PM -0800, Kris Kennaway wrote: > On Tue, 25 Jan 2000, the Webslave wrote: > > > > Okay, so I finally decided to take the plunge and check out ipfilter. ipf > > > seemed to load my ruleset with no problems, but ipfstat dies with: > > > > > > ioctl(SIOCGETFS): Invalid argument > > > > And what would that ruleset be? > > > > # Default to deny > block in log on tun0 from any to any [snip] I have tested your ruleset in my ipf/ipfstat version. The one I have comes from the 4.0-20000124-CURRENT snapshot, since I haven't had the time to cvsup/make-world since. The results of the tests are shown below, and as you can see ipfstat reports the rules correctly. hades# ipf -FA hades# cd /tmp hades# ipf -f ipf.conf hades# ipfstat -nio @1 pass out quick on tun0 proto tcp/udp from any to any keep state @2 pass out quick on tun0 proto icmp from any to any keep state @3 pass out quick on lo0 from any to any @1 block in log on tun0 from any to any @2 block in quick on tun0 from 192.168.0.0/16 to any @3 block in quick on tun0 from 172.16.0.0/12 to any @4 block in quick on tun0 from 10.0.0.0/8 to any @5 block in quick on tun0 from 127.0.0.0/8 to any @6 pass in quick on tun0 proto tcp from any to any port = 12345 flags S/FSRPAU keep state keep frags @7 pass in quick on tun0 proto udp from any to any port = 31337 keep state @8 pass in quick on lo0 from any to any hades# ipf -FA hades# ipf -f /etc/ipf.conf What version of ipfilter/ipfstat are you using? I don't now if cvsup'ing your sources to a more recent version might help at all, but I don't see a problem with these rules and ipfstat... I'm sorry if that is not of any help to you, but I can't seem to find anything wrong here :/ -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > "Don't let your schooling interfere with your education." [Mark Twain] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message