mg-fbsd3 at grant.org
Thu Mar 29 20:13:50 UTC 2007
On 3/29/07, Steve Bertrand <iaccounts at ibctech.ca> wrote:
> Michael Grant wrote:
> > I'm fairly sure the problem is not in ipf, something I've been running
> > for years on other machines. If run ipmon, it shows me what's being
> > blocked and by which rule. Pings are not being blocked by ipf.
> > The relevent ipf rules are:
> > block in log on em0 all head 100
> > pass in quick proto icmp from any to any keep frags group 100
> > block out on em0 all head 200
> > pass out quick proto icmp all keep state keep frags group 200
> > ipfw, which I didn't really intend on using but it seems to be enabled
> > anyway, I have this:
> > 10000 allow icmp from any to any icmptypes 8 out
> > 10100 allow icmp from any to any icmptypes 0 in
> > 10200 allow icmp from any to any icmptypes 11 in
> > 65535 allow ip from any to any
> > Is there an equivalent of ipmon for ipfw?
> # ipfw show
> Also, during your tcpdump, did you see the icmp replies going back out,
> or just coming in?
I saw the pings arriving but no response.
More information about the freebsd-questions