Re: ipfilter and ipfstat
On Tue, 1 Feb 2000, Guido van Rooij wrote: ipfstat and its friends (ipf, ipnat and ipmon) now live in /sbin It might be you are using an old version (these programs used to live in /usr/sbin but are moved to /sbin to be able to use them early atr system startup). Aha! This looks to be the case - thanks, Guido! Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ipfilter and ipfstat
On Tue, Jan 25, 2000 at 09:23:23PM -0800, Kris Kennaway wrote: On Tue, 25 Jan 2000, the Webslave wrote: Okay, so I finally decided to take the plunge and check out ipfilter. ipf seemed to load my ruleset with no problems, but ipfstat dies with: ioctl(SIOCGETFS): Invalid argument And what would that ruleset be? # Default to deny block in log on tun0 from any to any [snip] I have tested your ruleset in my ipf/ipfstat version. The one I have comes from the 4.0-2124-CURRENT snapshot, since I haven't had the time to cvsup/make-world since. The results of the tests are shown below, and as you can see ipfstat reports the rules correctly. hades# ipf -FA hades# cd /tmp hades# ipf -f ipf.conf hades# ipfstat -nio @1 pass out quick on tun0 proto tcp/udp from any to any keep state @2 pass out quick on tun0 proto icmp from any to any keep state @3 pass out quick on lo0 from any to any @1 block in log on tun0 from any to any @2 block in quick on tun0 from 192.168.0.0/16 to any @3 block in quick on tun0 from 172.16.0.0/12 to any @4 block in quick on tun0 from 10.0.0.0/8 to any @5 block in quick on tun0 from 127.0.0.0/8 to any @6 pass in quick on tun0 proto tcp from any to any port = 12345 flags S/FSRPAU keep state keep frags @7 pass in quick on tun0 proto udp from any to any port = 31337 keep state @8 pass in quick on lo0 from any to any hades# ipf -FA hades# ipf -f /etc/ipf.conf What version of ipfilter/ipfstat are you using? I don't now if cvsup'ing your sources to a more recent version might help at all, but I don't see a problem with these rules and ipfstat... I'm sorry if that is not of any help to you, but I can't seem to find anything wrong here :/ -- Giorgos Keramidas, keramida @ ceid . upatras . gr "Don't let your schooling interfere with your education." [Mark Twain] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ipfilter and ipfstat
On Mon, Jan 24, 2000 at 12:02:26AM -0800, Kris Kennaway wrote: Okay, so I finally decided to take the plunge and check out ipfilter. ipf seemed to load my ruleset with no problems, but ipfstat dies with: ioctl(SIOCGETFS): Invalid argument And what would that ruleset be? -- Giorgos Keramidas, keramida @ ceid . upatras . gr "Don't let your schooling interfere with your education." [Mark Twain] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ipfilter and ipfstat
On Tue, 25 Jan 2000, the Webslave wrote: Okay, so I finally decided to take the plunge and check out ipfilter. ipf seemed to load my ruleset with no problems, but ipfstat dies with: ioctl(SIOCGETFS): Invalid argument And what would that ruleset be? # Default to deny block in log on tun0 from any to any # Block unroutables block in quick on tun0 from 192.168.0.0/16 to any block in quick on tun0 from 172.16.0.0/12 to any block in quick on tun0 from 10.0.0.0/8 to any block in quick on tun0 from 127.0.0.0/8 to any # Allow us to initiate any outgoing connections pass out quick on tun0 proto tcp/udp from any to any keep state pass out quick on tun0 proto icmp from any to any keep state # Allow incoming trojans pass in quick on tun0 proto tcp from any to any port = 12345 flags S keep state keep frags pass in quick on tun0 proto udp from any to any port = 31337 keep state # Allow loopback pass out quick on lo0 pass in quick on lo0 Note that I haven't been able to test this ruleset for legitimacy yet because I can't interface with ipfstat :-) Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
ipfilter and ipfstat
Okay, so I finally decided to take the plunge and check out ipfilter. ipf seemed to load my ruleset with no problems, but ipfstat dies with: ioctl(SIOCGETFS): Invalid argument I have remade the 'ipl' target in MAKEDEV, and my kernel and userland are in sync. I have options IPFILTER and options IPFILTER_LOG in the kernel (because the kld wouldn't load for me). What am I doing wrong? Kris "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message