Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: ipf/ipnat behavior
On Sat, 31 May 2008, Christos Zoulas wrote:
In article <Pine.NEB.4.64.0805310914170.6394%quicky.whooppee.com@localhost>,
Paul Goyette <paul%whooppee.com@localhost> wrote:
-=-=-=-=-=-
I'm still trying to track down some anomolous behavior I'm seeing on my
-current (as of about 12 hours ago) nat box. I've noticed that even
when I have an empty /etc/ipf.conf file (no filter rules at all),
ipfstat still claims that packets are being dropped/blocked! Is this
normal?
See the attached output for an example...
Do you have IPFILTER_DEFAULT_DROP?
Not unless it gets included somewhere else by default and doesn't show
up in 'config -x'. I have it explicitly commented out:
{153} grep IPFIL /build/src/sys/arch/amd64/conf/ZIPPY
options IPFILTER_LOG # ipmon(8) log support
options IPFILTER_LOOKUP # ippool(8) support
#options IPFILTER_DEFAULT_BLOCK # block all packets by default
{154} config -x | grep IPF
options IPFILTER_LOG # ipmon(8) log support
options IPFILTER_LOOKUP # ippool(8) support
#options IPFILTER_DEFAULT_BLOCK # block all packets by default
----------------------------------------------------------------------
| Paul Goyette | PGP DSS Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul%whooppee.com@localhost |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette%juniper.net@localhost |
----------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index