IPFILTER_DEFAULT_BLOCK & No route to host
echelon
e_chelon at yahoo.com
Tue Sep 30 04:23:26 PDT 2003
Ok, may be this is fine to get "No route to host" when ping 127.0.0.1/ localhost if
IPFILTER_DEFAULT_BLOCK option is set.
However, I use the following rules for the internal network interface (xl1)
# Group 9000 (internal network interface)
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 23 group 9000
block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 21 group 9000
pass in quick on xl1 all group 9000
With these rules, I believe I should able to ping and SSH the freebsd box from my internal network
no matter the option IPFILTER_DEFAULT_BLOCK is set or not.
However, this is true only if the IPFILTER_DEFAULT_BLOCK option is removed.
The same rules were used with IPFilter 3.4.18 on FreeBSD 4.2 and no such problem was
encountered.
Thanks.
e_chelon
--- Darren Reed <avalon at caligula.anu.edu.au> wrote:
>
> That's how it is meant to work.
>
> Good to know it's working as intended.
>
> Cheers,
> Darren
>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
More information about the freebsd-stable
mailing list