IPFILTER_DEFAULT_BLOCK & No route to host
Jason
talon at unix.org.au
Mon Sep 29 21:10:09 PDT 2003
On Mon, 29 Sep 2003 20:27:35 -0700 (PDT)
echelon <e_chelon at yahoo.com> wrote:
> Hi,
>
> After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
> with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
>
> Thank you.
> e_chelon
>
This is IPF's proper behavior
You will need to add some rules to your ipf.rules file.
try adding the rules,
pass in quick on lo0 all
pass out quick on lo0 all
pass in log quick on (some nic) all
pass out log quick on (some nic) all
run /sbin/ipf -Fa -f /etc/ipf.rules
when your done :)
--
Talon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030930/00f4a261/attachment.bin
More information about the freebsd-security
mailing list