>Number:         25622
>Category:       kern
>Synopsis:       ipfilter 4.1.1 in -current does not send back a RST
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue May 18 06:53:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        NetBSD 2.0E
>Organization:
>Environment:
	I've verified this same behavior on my i386 and sparc
Architecture: i386 and sparc
Machine: i386 and sparc
>Description:
	ipfilter 4.1.1 in -current (at least kernel and userland based
	of yesterdays sources) has the following problem: If it
	matches a 'block return-rst ...' rule on the pppoe0 device
	(maybe all 'ifconfig -C devices?) it does not send back the
	requested RST packet (But the packet is logged if you have
	'log' within the rule). If a 'regular' nic device ('le0' or
	'fxp0' in my case) is used the RST packet is
	generated/returned.
>How-To-Repeat:
	Activate ipfilter and add kind of above mentioned 'block
	return-rst ...' rule to a pppoe0 connected machine; then try
	to connect to the pppoe0 device of this machine so that the
	rule is matched and see what happens: There is no response!

	If you connect directly to this machines nic ('le0', 'fxp0'
	depends on local hardware :-)), you'll receive immediately the
	wanted RST packet.
>Fix:
	Not known.
>Release-Note:
>Audit-Trail:
>Unformatted:
 		packet on pppoe0 (all 'ifconfig -C' devs?) as wanted
 		by a 'block return-rst ...' rule