Hi all, Ok, I'm a hurry, the problem is so strange, I'm looking for any advice.
I had an ipf.conf file without any incoming icmp rule, neither blocking not passing. There was an outgoing icmp rule, allowing all. And the result: icmp packets were half-blocked, sometimes they were, sometimes they weren't: 64 bytes from machine (192.168.1.1): icmp_seq=92. time=0.866 ms 64 bytes from machine (192.168.1.1): icmp_seq=96. time=1.13 ms 64 bytes from machine (192.168.1.1): icmp_seq=104. time=1.06 ms 64 bytes from machine (192.168.1.1): icmp_seq=105. time=0.851 ms 64 bytes from machine (192.168.1.1): icmp_seq=121. time=0.760 ms 64 bytes from machine (192.168.1.1): icmp_seq=122. time=1.12 ms I checked with snoop: all ping requests were really received on the wire, but not all were answered. I added a rule allowing incoming packets, did ipfboot reipf, and instantly, all ping requests were answered: pass in quick on e1000g0 proto icmp from pool/22 to machine keep state This is a Solaris 9 x86 box, pfil 2.1.9, ipfilter 4.1.13 Not the first weird things I'm having there, either, and it's making quite a lot of trouble those days, without anything showing in the logs or anywhere... Laurent
