Re: kern/47749: NetBSD 6.0 Only Replies to First ICMP Echo (ping)

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,inittab%unixdev.net@localhost
Subject: Re: kern/47749: NetBSD 6.0 Only Replies to First ICMP Echo (ping)
From: Greg Schenzel <inittab%unixdev.net@localhost>
Date: Sat, 20 Apr 2013 22:10:05 +0000 (UTC)

The following reply was made to PR kern/47749; it has been noted by GNATS.

From: Greg Schenzel <inittab%unixdev.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/47749: NetBSD 6.0 Only Replies to First ICMP Echo (ping)
Date: Sat, 20 Apr 2013 14:45:44 -0600

 --tKW2IUtsqtDRztdT
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 Works as expected after running "ipf -D". Here are my first 12 rules.
 The remaining rules are specific tcp/udp ports on the external
 interface (tlp1). This issue occurs on both tlp0 and tlp1 with IPF
 enabled.=20
 
 ### - completely kill
 #   too short to be real
 block in log quick all with short
 #   source routing is set
 block in log quick all with opt lsrr
 block in log quick all with opt ssrr
 #   reserved address space
 block in log quick on tlp1 from 10.0.0.0/8 to any
 block in log quick on tlp1 from 172.16.0.0/12 to any
 block in log quick on tlp1 from 192.168.0.0/16 to any
 
 ### - set default interface rules
 pass out log quick proto icmp from any to any keep state
 pass out log quick proto tcp/udp from any to any keep state keep frags
 pass in log on tlp0 from any to any
 pass in log on lo0 from any to any
 block in log on tlp1 from any to any
 
 ### - icmp
 #   allow ping and traceroute
 #pass in log quick on tlp1 proto icmp from any to any icmp-type 0
 #pass in log quick on tlp1 proto icmp from any to any icmp-type 8
 #pass in log quick on tlp1 proto icmp from any to any icmp-type 11
 pass in log quick proto icmp from any to any
 
 
 --tKW2IUtsqtDRztdT
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: Digital signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iEYEARECAAYFAlFy/ngACgkQ2ua/BJvbazccCwCdFEX8VUCXCsv75dC/3w9BKxeB
 tNoAn26rEJcfkGVoSxVjjTk825VrIsPU
 =ANwV
 -----END PGP SIGNATURE-----
 
 --tKW2IUtsqtDRztdT--

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: bin/47752: Add crunchgen support to /usr/sbin/envstat and /usr/sbin/powerd
Previous by Thread: Re: kern/47749: NetBSD 6.0 Only Replies to First ICMP Echo (ping)
Next by Thread: Re: kern/47749: NetBSD 6.0 Only Replies to First ICMP Echo (ping)
Indexes:

Home | Main Index | Thread Index | Old Index