Help with IP Filter 4.1.8
fbsd_user
fbsd_user at a1poweruser.com
Sun Feb 26 09:20:07 PST 2006
Since you say the same ipf rules work on your 5.3 system and you
are trying to run them on 6.1-PRERELEASE, I would say the problem
is 6.1-PRERELEASE.
Prereleases versions and RC version are not intended for public use.
They are version for people who know how to debug kernel code and
help the developers test new version.
It does not look like you know how to debug kernel code or you
would not be asking this question.
You should be using 6.0 as that's the current production version.
If you still have this problem on 6.0 then repost your question.
-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Roman Serbski
Sent: Sunday, February 26, 2006 10:16 AM
To: freebsd-questions at freebsd.org
Subject: Help with IP Filter 4.1.8
Hi all,
I am having a problem with ipf after recent upgrade to 6.1-PRERELEASE.
Any help would be greatly appreciated.
ipf: IP Filter: v4.1.8 (416)
Kernel: IP Filter: v4.1.8
Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0xa
I am trying to allow outgoing dns requests from my server to DNS
server of ISP. Here is my ruleset:
ipfstat -oh
0 pass out quick on lo0 from any to any
0 pass out quick on xl0 proto tcp from any to any port = domain flags
S/FSRPAU keep state
1 pass out quick on xl0 proto udp from any to any port = domain keep
state
0 block out log quick on xl0 all
ipfstat -ih
0 pass in quick on lo0 from any to any
0 block in quick on xl0 all
I tried `host www.google.com` and the connection was timed out,
although there was a hit on a rule allowing 53/udp.
The interesting thing is that there is another server running
5.3-STABLE with ipf v3.4.35 (336) and it has the same ruleset and
everything is working just fine.
Thank you for your time.
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list