Help with IP Filter 4.1.8
Roman Serbski
mefystofel at gmail.com
Fri Mar 10 04:44:53 UTC 2006
Hello Erik. Thank you for your help.
> Ok, here are some things to try:
>
> 1) Other udp services, are responces also blocked? you can for example
> try ntp. If so, then it is likely a bug in ip-filter.
Yes. Same for other udp (I tested with ntp). The symptoms are the same
- there is a hit on a rule allowing outgoing ntp, but then reply is
blocked.
> 2) Try using snort or tcpdump to capture the blocked packet and analyse
> if it is malformed. Possibly include such a packet with your next post.
I can collect tcpdump data only if I disable ipf or configure it to
'pass in/out all'. If I turn on my ruleset I don't see any data from
tcpdump. Running 'tcpdump -vvv -i xl0' generates a message that
tcpdump is listening on xl0 but no data is captured...
> 3) try to see if you can upgrade to a newer ipfilter, latest is v4.1.10
I will try that, although I have faced with the problem while
upgrading to v4.1.10. According to ipf docs (INSTALL.FreeBSD):
To build a kernel with the IP filter, follow these steps:
make freebsd5 - went successfully
make install-bsd - went successfully
FreeBSD/kinstall - generated patch error about conf.c file not being found...
Thank you.
Roman
More information about the freebsd-questions
mailing list