Help with IP Filter 4.1.8
Roman Serbski
mefystofel at gmail.com
Mon Feb 27 05:49:07 PST 2006
On 2/27/06, Erik Nørgaard <norgaard at locolomo.org> wrote:
> Could you change your last rule to this:
>
> block in log quick on xl0 all
>
> and then tell what you see in the log. This would give some information
> if any traffic is blocked in the first place. Actually, adding the log
> keyword to all rules for the xl0 interface might be a good idea for
> debugging.
>
> Also, is this the complete ruleset or did you remove rules you thought
> were irrelevant? If so, then post the whole ruleset.
Thank you. I removed 'flags' as it was suggested by Giorgos Keramidas
but it didn't help.
This is not the complete ruleset, I mean there are a lot of other
rules, but I removed everything to be sure and left only outgoing
53/udp, 53/tcp. Once again, I checked this ruleset on 5.3-STABLE with
ipf v3.4.35 (336) and it worked good.
Adding the 'log' keyword produced the following record:
xl0 @0:2 b XXX.XXX.XXX.XXX,53 -> YYY.YYY.YYY.YYY,60808 PR udp len 20 298 IN bad
where XXX - is IP address of DNS server of ISP, and YYY is the server
I'm running ipf on. There was a hit on a rule allowing outgoing 53/udp
and it seems like the response from DNS server was blocked. Outgoing
port number returned by YYY is always changing - on a second run it
was 51212.
Of course I can allow incoming connections to ports > 1024, but I
really would like to understand why it was working with ipf v3.4.35
and not with v4.1.8.
Once again, thank you all for your help.
More information about the freebsd-questions
mailing list