Date: Thu, 14 Mar 2002 12:10:48 -0500 From: Chris Johnson <cjohnson@palomine.net> To: Dan Langille <dan@langille.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: ipfilter keep state broken? Message-ID: <20020314121048.A43100@palomine.net> In-Reply-To: <20020314164723.4E1543F0E@bast.unixathome.org>; from dan@langille.org on Thu, Mar 14, 2002 at 11:47:21AM -0500 References: <20020314164723.4E1543F0E@bast.unixathome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Mar 14, 2002 at 11:47:21AM -0500, Dan Langille wrote: > I upgraded my webserver on March 9 from the post 4.5-RELASE stable. Today > I've been noticing very unusal access issues on the box. For example, I > could not get to my webserver from one remote box using https. I had to > change my rules before it would work: > > Here is the after and before. I had to replace the keep state with two > rules (a.c.b.d is the IP address in question): > > < pass in quick proto tcp from a.b.c.d/32 to any port = https > < pass out quick proto tcp from any to a.b.c.d/32 port = https > --- > > pass in quick proto tcp from a.b.c.d/32 to any port = https flags S keep state Could it be that this didn't actually fix your problem but that you made some other change in the process? For example, did you flush your state table? Is it possible that it was getting full? Chris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8kNmWyeUEMvtGLWERAmZQAJ9IOQaHaFUfsyJMdLHerEjBpkYI3QCffmnR xJWVLy9g0Mnzs0PDuG9nk28= =yPtU -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020314121048.A43100>