kern/75601: ipfilter not allowing SSH to box on FreeBSD 5.3
Giorgos Keramidas
keramida at ceid.upatras.gr
Sun Jan 9 16:20:21 PST 2005
The following reply was made to PR kern/75601; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at ceid.upatras.gr>
To: Nick Hale <nhale at charter.net>
Cc: bug-followup at freebsd.org
Subject: Re: kern/75601: ipfilter not allowing SSH to box on FreeBSD 5.3
Date: Mon, 10 Jan 2005 02:15:04 +0200
On 2005-01-10 00:10, Nick Hale <nhale at charter.net> wrote:
> Correct. It should be that way. Pass in packets from this host to
> any ip locally and pass out packets from any ip locally to this host
> is technically what those rules say. I've been using that setup now
> since the boxes were running 5.0 without change and it's always
> worked up until now.
The fact that it worked until 5.0 is probably a happenstance. It's not
correct. The correct filter rules are (as of 5.2.1-RELEASE IIRC):
pass in any packet destined to a local ip address
pass out any packet originating from a local ip address
More information about the freebsd-bugs
mailing list