Date: Sun, 26 Feb 2006 20:15:42 +0500 From: Roman Serbski <mefystofel@gmail.com> To: freebsd-questions@freebsd.org Subject: Help with IP Filter 4.1.8 Message-ID: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com>
index | next in thread | raw e-mail
Hi all, I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE. Any help would be greatly appreciated. ipf: IP Filter: v4.1.8 (416) Kernel: IP Filter: v4.1.8 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 0 Feature mask: 0xa I am trying to allow outgoing dns requests from my server to DNS server of ISP. Here is my ruleset: ipfstat -oh 0 pass out quick on lo0 from any to any 0 pass out quick on xl0 proto tcp from any to any port = domain flags S/FSRPAU keep state 1 pass out quick on xl0 proto udp from any to any port = domain keep state 0 block out log quick on xl0 all ipfstat -ih 0 pass in quick on lo0 from any to any 0 block in quick on xl0 all I tried `host www.google.com` and the connection was timed out, although there was a hit on a rule allowing 53/udp. The interesting thing is that there is another server running 5.3-STABLE with ipf v3.4.35 (336) and it has the same ruleset and everything is working just fine. Thank you for your time.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cca5083b0602260715w2f4a9e49o494f2f537afca2db>