-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Jeremy wrote: | I am using ipfilter 4.1.28 on FreeBSD 6.3 as a home firewall. On | several occasions recently, ipfilter has suddenly started blocking NTP | traffic between the firewall and an internal host. I haven't made | any changes to either system. Can anyone explain what might be | triggering this. Looking through my logs, there are no other obvious | cases where packets are incorrectly blocked. | | The firewall has relatively little traffic and 'ipfstat -s' doesn't | report anything anomolous. | | The only possibly relevant thing I can see is that all the blockings | started just after a 5-minute boundary and cron runs 'ipfs -W' every 5 | minutes. I have previously bumped into a problem where 'ipfs -W' was | blocking state-entry creation/updating whilst it ran and this was | causing TCP connections to be dropped but here the problem is continuing | well after 'ipfw -W' completes.
Sigh, the observability into IPFilter version 4 is rather woeful when things like this happen. If "ipfstat -s" isn't showing any problems (like maximum/no memory being non-zero) then there's not much I can do. I should upload a newer version of ipfitler 5.0 for you to try... Darren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjxS1UACgkQP7JIXtvLbFVrvQCgzKR4/zutcTc7ZEWN3GLJxGS6 /uYAoJXVychCumIZrUdYksFKjYohsU9s =TSG0 -----END PGP SIGNATURE-----
