kern/73202: IPF causing major tcp problems with 3rd party apps
(apache, exim etc)
David Haworth
dave at fyonn.net
Fri Oct 29 06:20:28 PDT 2004
The following reply was made to PR kern/73202; it has been noted by GNATS.
From: "David Haworth" <dave at fyonn.net>
To: "Giorgos Keramidas" <keramida at freebsd.org>
Cc: bug-followup at freebsd.org
Subject: Re: kern/73202: IPF causing major tcp problems with 3rd party apps
(apache, exim etc)
Date: Fri, 29 Oct 2004 14:17:42 +0100 (BST)
> I think you have problems because of the unmatched `in' rules for some
> services that you make visible from outside. I call these rules
> `unmatched' because there is no matching `out' rule to let the replies
> get out too:
well, there is an allow all out rule at the bottom, but my thought was
that it worked absolutely fine when I was running 5.1, if ipf has become
more strict about it's syntax then fair enough. to be honest, I thought it
unlikely that such a showstopper could exist this close to release so if
it's just me writing some slightly off colour rules then fair enough, we
can close the bug. I just wanted to flag it if it wasn't.
> Let us know if that fixes the problems you're seeing.
well, I've transitioned the ruleset to pf now which is working fine and
it's a production box in colo, so I can't keep swapping kernels in and
out. I am happy to accept that you're above suggestion is correct.
dave
More information about the freebsd-bugs
mailing list