From owner-freebsd-questions@FreeBSD.ORG Tue Feb 14 14:58:50 2006 Return-Path: X-Original-To: freebsd-questions@FreeBSD.org Delivered-To: freebsd-questions@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F4A416A420 for ; Tue, 14 Feb 2006 14:58:50 +0000 (GMT) (envelope-from muxas@mail.ru) Received: from mx5.mail.ru (mx5.mail.ru [194.67.23.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id F07DD43D46 for ; Tue, 14 Feb 2006 14:58:49 +0000 (GMT) (envelope-from muxas@mail.ru) Received: from [80.243.64.197] (port=43032 helo=[10.0.1.5]) by mx5.mail.ru with asmtp id 1F91dg-0000Yb-00 for freebsd-questions@FreeBSD.org; Tue, 14 Feb 2006 17:58:48 +0300 Message-ID: <43F27C4D.9010904@mail.ru> Date: Wed, 15 Feb 2006 10:56:45 +1000 From: Maxim Vetrov User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051217 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org References: <43F11FB2.7000105@mail.ru> <20060213141706.GA94131@flame.pc> In-Reply-To: <20060213141706.GA94131@flame.pc> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: IPFILTER rule error X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 14:58:50 -0000 Hi, Sorry, I really do not want you to guess! Here is what you asked: kernel conf: ------------------------------------------------------- ... options IPFILTER options IPFILTER_LOG #options IPFILTER_DEFAULT_BLOCK #options IPSTEALTH ... ------------------------------------------------------- rc.conf: ------------------------------------------------------- ... ifconfig_rl0="inet 10.0.1.1 netmask 255.255.255.248" ... ipnat_enable="YES" ipfilter_enable="YES" ipmon_enable="YES" ... ------------------------------------------------------- services: ------------------------------------------------------- ... sunrpc 111/tcp rpcbind #SUN Remote Procedure Call sunrpc 111/udp rpcbind #SUN Remote Procedure Call ... ------------------------------------------------------- ipf.rules: ------------------------------------------------------- block in log on rl0 all head 20 block out log on rl0 all head 25 pass in quick on rl0 \ proto tcp/udp from any to any port = sunrpc keep state group 20 pass in quick on rl0 \ proto tcp/udp from any to any port = 717 keep state group 20 pass out quick on rl0 \ proto udp from any to any port = 111 keep state group 20 -------------------------------------------------------- Steps to load the rules: >ipf -Fa >ipf -f /etc/ipf.rules 1:ioctl (add/insert rule): No such process And there is one more problem - despite that I have packet logging enabled by default (-Ds) through syslogd, log is empty! syslog.conf: -------------------------------------------------------- ... security.* /var/log/security ... -------------------------------------------------------- That file exists and have root rw permissions. If this help: after I'd moved to 6.0 from 5.4 (backup-format-install-restore), this config stopped to work. I know that I'm doing something wrong but what exactly? Regards, Muxas