Roman Serbski wrote:
Hi all,
I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE.
Any help would be greatly appreciated.
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0xa
I am trying to allow outgoing dns requests from my server to DNS
server of ISP. Here is my ruleset:
ipfstat -oh
0 pass out quick on lo0 from any to any
0 pass out quick on xl0 proto tcp from any to any port = domain flags
S/FSRPAU keep state
1 pass out quick on xl0 proto udp from any to any port = domain keep state
0 block out log quick on xl0 all
ipfstat -ih
0 pass in quick on lo0 from any to any
0 block in quick on xl0 all
Could you change your last rule to this:
block in log quick on xl0 all
and then tell what you see in the log. This would give some information
if any traffic is blocked in the first place. Actually, adding the log
keyword to all rules for the xl0 interface might be a good idea for
debugging.
Also, is this the complete ruleset or did you remove rules you thought
were irrelevant? If so, then post the whole ruleset.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
