Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

'keep state' broken after recent ipfilter update?


I've just updated a -current i386 machine acting as a ipf/ipnat router
to actual -current (complete built from scratch) including ipfilters

Now a ipf.conf sequence of

  block in log on ex0 all
  pass out quick on ex0 proto tcp from [local-ip-addr] to any flags S/SA keep 

no longer allows outgoing tcp connections (on ex0 from
[local-ip-addr]) which was working before this ipfilter update. Now
incoming tcp packets as a response to the outgoing connection are
blocked by the first rule.

Does anybody else see this? Is this a intended (config) change?


Home | Main Index | Thread Index | Old Index