ipfilter keep state troubles
Jeroen van Nieuwenhuizen
jnieuwen at jeroen.se
Mon Oct 18 05:31:44 PDT 2004
Hello all,
Using the RELENG_5_3 tag I ran into some troubles using ipfilter
compiled into the kernel with default policy set to block. The
problem is that I can no longer ping the local interface
with the command: ping 127.0.0.1.
Using a simpeler firewall configuration I noted that
it has probably something to do with the keep state
directive
Using the rules
pass out all
pass in all
I can ping to 127.0.0.1
Using the rules
pass out all keep state
pass in all
I can not ping to 127.0.0.1
Anyone any ideas?
Kind regards,
Jeroen
--
Jeroen van Nieuwenhuizen (M.Sc[CompSc])
jnieuwen at jeroen.se http://www.jeroen.se
I know I'm not perfect but I can smile
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041018/a9c8567f/attachment.bin
More information about the freebsd-current
mailing list