Hello Erik. Thank you for your help. > Ok, here are some things to try: > > 1) Other udp services, are responces also blocked? you can for example > try ntp. If so, then it is likely a bug in ip-filter.
Yes. Same for other udp (I tested with ntp). The symptoms are the same - there is a hit on a rule allowing outgoing ntp, but then reply is blocked. > 2) Try using snort or tcpdump to capture the blocked packet and analyse > if it is malformed. Possibly include such a packet with your next post. I can collect tcpdump data only if I disable ipf or configure it to 'pass in/out all'. If I turn on my ruleset I don't see any data from tcpdump. Running 'tcpdump -vvv -i xl0' generates a message that tcpdump is listening on xl0 but no data is captured... > 3) try to see if you can upgrade to a newer ipfilter, latest is v4.1.10 I will try that, although I have faced with the problem while upgrading to v4.1.10. According to ipf docs (INSTALL.FreeBSD): To build a kernel with the IP filter, follow these steps: make freebsd5 - went successfully make install-bsd - went successfully FreeBSD/kinstall - generated patch error about conf.c file not being found... Thank you. Roman _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
