4.8 ipfilter ruleset compatibility question
Jim Mock
mij at soupnazi.org
Sun Apr 6 19:03:03 PDT 2003
On Mon, 07 Apr 2003 at 01:38:39 +0100, John Murphy wrote:
> Paranoia rules so my outside interface is currently down while I
> discover what has changed to cause an ipfilter ruleset which worked
> fine under IP Filter: v3.4.20 to be wide open without logging
> (apparently) with v3.4.31.
>
> I've upgraded from 4.4 to 4.8 release by re-installation and then
> copying: /etc/rc.conf and the usual others from the old drive to the
> new. Including the old, previously working, ipf.rules and
> ipnat.rules.
>
> Everything worked except /var/log/ipf.log remained 0bytes for far too
> long. top said ipmon was running. The /var/log/messages indications
> of ipf startup compare favourably:
>
> Apr 1 22:01:42 wall /kernel: IP Filter: v3.4.20 initialized. Default
> = pass all, Logging = enabled
>
> Apr 6 22:05:37 wall /kernel: IP Filter: v3.4.31 initialized. Default
> = pass all, Logging = enabled
>
> A <cough> GRC scan showed ports scanned as closed, which is ok but
> ipf.log = 0 and I need "stealth" and logs!
>
> I changed the first rule from: # Block all incoming packets on the
> external interface, and log them. block in log on ed0 all to block in
> log quick on ed0 all
>
> Now a GRC scan indicates "stealth" and the log file has come alive
> with the usual noise. ipnat still works?
>
> I'm convinced there's no rule which overrides the first and passes
> everything without logging, so has something drastically changed to
> cause this?
>
> Not sure if it's related but I've just tried top again:
> wall# top
> top: nlist failed
Things like this usually happen if your kernel is out of sync with your
userland. "ps" is probably also broken if you're out of sync.
- jim
--
- jim mock. email: mij at soupnazi.org web: http://soupnazi.org -
- freebsd project: jim at FreeBSD.org opendarwin: mij at opendarwin.org -
More information about the freebsd-questions
mailing list