Date: Thu, 5 Apr 2001 15:40:39 -0500 From: nicholas harteau <nrh@ikami.com> To: freebsd-stable@freebsd.org Subject: 4.2-RC & ipfilter Message-ID: <20010405154038.O64531@voyager.net>
next in thread | raw e-mail | index | archive | help
I'm seeing an oddity on 4.2-RC with options IPFILTER ipfstat -io reports in and out reversed: [root@farc sys/compile/FARC] tail -9 /etc/ipf.rules block return-icmp(13) in log proto tcp from any to any port 0 >< 22 block return-icmp(13) in log proto tcp from any to any port 22 >< 25 block return-icmp(13) in log proto tcp from any to any port 25 >< 53 block return-icmp(13) in log proto tcp from any to any port 53 >< 80 block return-icmp(13) in log proto tcp from any to any port 80 >< 113 block return-icmp(13) in log proto tcp from any to any port 113 >< 1025 block return-icmp(13) in log proto tcp from any to any port = 3306 block return-icmp(13) in log proto udp from any to any port ne 53 block return-icmp(13) in log proto tcp/udp from any to any port = 111 [root@farc sys/compile/FARC] ipfstat -io | tail -9 empty list for ipfilter(in) block return-icmp(filter-prohib) out log proto tcp from any to any port 0 >< 22 block return-icmp(filter-prohib) out log proto tcp from any to any port 22 >< 25 block return-icmp(filter-prohib) out log proto tcp from any to any port 25 >< 53 block return-icmp(filter-prohib) out log proto tcp from any to any port 53 >< 80 block return-icmp(filter-prohib) out log proto tcp from any to any port 80 >< 113 block return-icmp(filter-prohib) out log proto tcp from any to any port 113 >< 1025 block return-icmp(filter-prohib) out log proto tcp from any to any port = 3306 block return-icmp(filter-prohib) out log proto udp from any to any port != 53 block return-icmp(filter-prohib) out log proto tcp/udp from any to any port = sunrpc still functions fine, however (i.e. I'm blocking those in, not out) can someone confirm or deny this for me? I'm running a slightly mixed codebase right now, so this may be an erroneous report. -- nicholas harteau nrh@ikami.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010405154038.O64531>