>Number:         7947
>Category:       kern
>Synopsis:       ipf blocks more than it should
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul  9 10:20:01 1999
>Last-Modified:
>Originator:     Christophe Kalt
>Organization:
	
>Release:        1.4
>Environment:
	
System: NetBSD azurite 1.4 NetBSD 1.4 (TP560) #0: Fri Jul 9 11:54:01 EDT 1999 root@azurite:/fs1/NetBSD/1.4/src/sys/arch/i386/compile/TP560 i386
>Description:
With the following one line configuration for ipf:

# echo "log out proto icmp" | ipf -F a -v -f -

no icmp seems to leave the system. for example, with a remote system pinging,
ipmon & tcpdump show:

12:58:39.899925 REMOTE > LOCAL: icmp: echo request (DF)
09/07/1999 12:58:39.900139             ppp0 @0:1 L LOCAL -> REMOTE PR icmp len 20 84 icmp 0/0
12:58:40.893019 REMOTE > LOCAL: icmp: echo request (DF)
09/07/1999 12:58:40.893216             ppp0 @0:1 L LOCAL -> REMOTE PR icmp len 20 84 icmp 0/0
12:58:41.889909 REMOTE > LOCAL: icmp: echo request (DF)
12:58:42.883648 REMOTE > LOCAL: icmp: echo request (DF)
12:58:43.884959 REMOTE > LOCAL: icmp: echo request (DF)

the outgoing packet on ppp0 is logged by ipf, but never goes out.

am I missing the obvious? :)
>How-To-Repeat:
# echo "log out proto icmp" | ipf -F a -v -f -
>Fix:
	
>Audit-Trail:
>Unformatted: