Date: Mon, 30 Oct 2006 12:41:40 -0500 From: Stephen Clark <Stephen.Clark@seclark.us> To: stable@freebsd.org Subject: Strange problem with ipfilter Message-ID: <45463954.9010201@seclark.us>
next in thread | raw e-mail | index | archive | help
Hello List, We are having a strange problem with RELENG_6_1 and ipfilter 4.1.8. We are running gre tunnels over fast_ipsec tunnels. We have the following rule in ipf: pass out proto icmp from any to any keep state When we ping from the remote end across the ipsec tunnel to the ipsec local endpoint address it works fine. When we ping the local gre endpoint from the remote end ipf blocks the icmp-reply. This works with 4.9 and ipfilter 3.4.31. We can work around this by disabling the ipf rule - but is anyone else experiencing problems with ipfilter 4.1.8? Thanks, Steve -- "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety." (Ben Franklin) "The course of history shows that as a government grows, liberty decreases." (Thomas Jefferson)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45463954.9010201>