Date: Fri, 29 Oct 2004 13:20:27 GMT From: "David Haworth" <dave@fyonn.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/73202: IPF causing major tcp problems with 3rd party apps (apache, exim etc) Message-ID: <200410291320.i9TDKRAH051388@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/73202; it has been noted by GNATS.
From: "David Haworth" <dave@fyonn.net>
To: "Giorgos Keramidas" <keramida@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/73202: IPF causing major tcp problems with 3rd party apps
(apache, exim etc)
Date: Fri, 29 Oct 2004 14:17:42 +0100 (BST)
> I think you have problems because of the unmatched `in' rules for some
> services that you make visible from outside. I call these rules
> `unmatched' because there is no matching `out' rule to let the replies
> get out too:
well, there is an allow all out rule at the bottom, but my thought was
that it worked absolutely fine when I was running 5.1, if ipf has become
more strict about it's syntax then fair enough. to be honest, I thought it
unlikely that such a showstopper could exist this close to release so if
it's just me writing some slightly off colour rules then fair enough, we
can close the bug. I just wanted to flag it if it wasn't.
> Let us know if that fixes the problems you're seeing.
well, I've transitioned the ruleset to pf now which is working fine and
it's a production box in colo, so I can't keep swapping kernels in and
out. I am happy to accept that you're above suggestion is correct.
dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410291320.i9TDKRAH051388>