ipfilter problem in sparc64

Victor Giusti victor at unirc.eu
Wed Jan 3 14:06:35 PST 2007 

Hi all
im have a sparc ultra 5 running freebsd 6.2-prerelease:

FreeBSD hathor.unirc.eu 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu 
Dec 28 21:29:39 CET 2006     
victor at hathor.unirc.eu:/usr/src/sys/sparc64/compile/hathor  sparc64
hathor#


and one intel PIII running:
%uname -a
FreeBSD terbium 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Dec 28 
23:18:22 CET 2006     
victor at terbium:/mnt/data/src/sys/i386/compile/terbium  i386

freebsd installed  in the same day..


On Intel ipf it works ok

but in sparc NO!!!
im load the config and the network stop
im not have  DEFAULT_DROP option on the kernel




this is my ipf config tested on the two systems:

------------
#acepto todo desde local host
pass in  quick    on lo0 from any to any
pass out quick    on lo0 from any to any

pass in quick on sis0 from any to any    >>> NOTE: hme0 on sparc
pass out quick on sis0 from any to any  >>> this is the only diferent

# acepto todo desde la red interna
# aca chau icmp
pass out quick on tun0 proto icmp from any to any icmp-type 8 keep state
pass in  quick on tun0 proto icmp from any to any icmp-type 0

#traceroute
pass out on tun0 proto udp from any to any port 33434 >< 33690 keep state
pass in on tun0 proto icmp from any to any icmp-type timex
pass  in     quick on tun0 proto tcp from any to any port = 22  flags S 
keep stat
pass  in     quick on tun0 proto tcp from any to any port = 25  flags S 
keep state
pass  in     quick on tun0 proto tcp from any to any port = 80  flags S 
keep state
pass  in     quick on tun0 proto tcp from any to any port = 110  flags S 
keep state
pass  in     quick on tun0 proto tcp from any to any port = 6667  flags 
S keep state
pass  in     quick on tun0 proto tcp from any to any port = 6697  flags 
S keep state
pass  in     quick on tun0 proto tcp from any to any port = 6668  flags 
S keep state
pass  in     quick on tun0 proto tcp from any to any port = 7001  flags 
S keep state

#denegamos todo para afuera
pass  out    quick on tun0 proto tcp/udp from any to any keep state
#block return-icmp-as-dest(host-unr) in quick on tun0 all
block in quick on tun0 all
block out    quick all

----------------

I use this config without problems since 2001 (on x86 arch)
im have this problem whith FreeBSD/sparc64 6.0 6.1 and the last  6.2 rc1


ipf version its the same in the two systems:



sparc#ipf -V
ipf: IP Filter: v4.1.13 (528)
Kernel: IP Filter: v4.1.13             Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10a

intel#ipf -V
ipf: IP Filter: v4.1.13 (416)
Kernel: IP Filter: v4.1.13             Running: yes
Log Flags: 0 = none set
Default: pass all, Logging: available
Active list: 0
Feature mask: 0x10a



Any IDEA?

More information about the freebsd-sparc64 mailing list