IPFILTER rule error
Erik Norgaard
norgaard at locolomo.org
Wed Feb 15 07:23:49 PST 2006
Maxim Vetrov wrote:
> ################################################################################
> # Internal interface #1 - rl0 (10.0.1.0/29) #
> ################################################################################
>
> #%%%%%%%%%%%%%%%%% Block-and-log everything that is not allowed explicitly %%%%%
> block in log on rl0 all head 20
> block out log on rl0 all head 25
> #%%%%%%%%%%%%%%%%% Allow Sun RPC incoming calls %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> pass in quick on rl0 \
> proto tcp/udp from any to any port = sunrpc keep state group 20
> pass in quick on rl0 \
> proto tcp/udp from any to any port = 717 keep state group 20
> # the next line raise the error when uncommented
> #pass out quick on rl0 \
> # proto udp from any to any port = 111 keep state group 20
I think someone else already pointed at this: You try to add a rule for
outbound traffic to the inbound group in the offending line. Try correct
to group 25.
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
More information about the freebsd-questions
mailing list