[EMAIL PROTECTED] wrote:
> Per Phil Dibowitz's suggestion:
>
> Attached is an altered version of my ipf.conf file. It is only
altered
> to change the real IPs to bogus IPs for protection / paranoia.
> Realizing the confusion introduced by bogus IPs, our subnet is 70
(xxx.xxx.70.xx).
> So, in my previous Email, substitute all references to subnet 78
with
> subnet 70 (ipmonlog, etc.)
>
> Phil is right. As shown in the attached file, blocks are done by
Rule 18: block in log all
>
> Thanks, in advance, for any help that you may offer.
It's not clear to me what's wrong. A few things to keep in mind:
1. You're mixing 'quick' and 'nonquick' rules. This is a bad idea
from
a hard-to-debug and will-bite-you-in-the-ass perspective. Go one or
the
other. Either you want first-match or last-match.
Done. Changed Rule 18 to "block in quick log all". All other rules use
"quick".
Still blocking trusted hosts.
2. Are you doing NAT? How you're doing NAT changes how your rules are
interpreted.
No. NAT is not involved.
3. Please see the FAQ, and what to post to the list, your still
missing lots: http://www.phildev.net/ipf/IPFmail.html
Okay.
Sorry I couldn't be more help.
Oh, and please don't email me directly - the list is here for a
reason.
Okay. Sorry for the breech in protocol.
________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and
industry-leading spam and email virus protection.
