ipfilter unwanted blocking
Oleksii Krykun
kryol at bigmir.net
Wed Dec 16 19:04:34 UTC 2009
Hi,
I use FreeBSD 7.2-RELEASE with IPFilter used as proxy server for our LAN.
I have following rules for external interface:
block in log on rl0 all head 100
block out log on rl0 all head 200
pass out quick proto udp from a.b.c.d/32 to any keep state group 200
pass out quick proto tcp from a.b.c.d/32 to any flags S/SA keep state keep
frags group 200
All works but sometimes IPF block all (or most of them) packets to ports 80
and 53 for about 2-3 up to 40-50 s.
After this IPF returns to normal operation.
How to investigate this problem? I tried remove flags and "keep frags" but
without success.
No regularity.
Is this a IPF problem, wrong packages or kernel settings? Any idea?
More information about the freebsd-questions
mailing list