Mika Borner wrote: > Hi > > I'm having troubles with ipfilter: > > /etc/ipf/ipf.conf: > > pass out all keep state > pass in quick proto icmp all icmp-type echo > pass in quick proto tcp from any to any port = ssh keep state > block in log all > > ssh goes through well, but pinging the machine gives now answer back. There > is no block message in the ipmon.log. > > Lowering the shields, and ping works... > > Any ideas? >
While you'd expect the "pass out all keep state" to match, it doesn't because "keep state" has been programmed to "fail" on packets that are clearly reply packets and therefore aren't an indication of something that state should be kept about. The "fail" causes the packet to be blocked. Try adding "keep state" after "icmp-type echo". Darren _______________________________________________ networking-discuss mailing list [email protected]
