From owner-freebsd-stable Fri Jan 19 1: 2:18 2001 Delivered-To: freebsd-stable@freebsd.org Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129]) by hub.freebsd.org (Postfix) with ESMTP id BB8FE37B699 for ; Fri, 19 Jan 2001 01:01:57 -0800 (PST) Received: from parthe.lpthe.jussieu.fr (parthe.lpthe.jussieu.fr [134.157.10.1]) by shiva.jussieu.fr (8.10.0/jtpda-5.3.3) with ESMTP id f0J91uq98334 for ; Fri, 19 Jan 2001 10:01:56 +0100 (CET) Received: from rose.lpthe.jussieu.fr (root@[134.157.10.102]) by parthe.lpthe.jussieu.fr (8.11.1/jtpda-5.3.1) with ESMTP id f0J91u320121 for ; Fri, 19 Jan 2001 10:01:56 +0100 (MET) Received: (from michel@localhost) by rose.lpthe.jussieu.fr (8.11.1/8.11.1) id f0J91uT00506 for stable@FreeBSD.ORG; Fri, 19 Jan 2001 10:01:56 +0100 (CET) (envelope-from michel) Date: Fri, 19 Jan 2001 10:01:55 +0100 From: Michel Talon To: stable@FreeBSD.ORG Subject: Re: FreeBSD port: nmap-5-32 under 4.2-STABLE, No route to host -> IPFilter keep state problem Message-ID: <20010119100155.A461@lpthe.jussieu.fr> Mail-Followup-To: stable@FreeBSD.ORG References: <20010119025750.V30538@hand.dotat.at> <200101190349.f0J3nnR01417@otterhole.yi.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i In-Reply-To: <200101190349.f0J3nnR01417@otterhole.yi.org> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jan 18, 2001 at 10:49:49PM -0500, Al wrote: > My IPFilter rules include: > pass out quick proto icmp from any to any keep state > all the rules use quick, and no preceeding rules deny traffic. > It looks like the keep state function on IPFilter is broken? > I also changed the IPfilter default to deny traffic, may that > broke something? I will test some more. I may have misundesrstood, but i thought that keep state was only for TCP and UDP packets (and of short time validity for UDP). There are examples of managing ICMP in the IPFilter doc. -- Michel Talon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message