kern/47850: ipfstat is broken.

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/47850: ipfstat is broken.
From: christos%netbsd.org@localhost
Date: Thu, 23 May 2013 21:35:00 +0000 (UTC)

>Number:         47850
>Category:       kern
>Synopsis:       ipfstat does not list all the rules anymore
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 23 21:35:00 +0000 2013
>Originator:     Christos Zoulas
>Release:        NetBSD 6.99.20
>Organization:
        Entropy Unlimited, Ltd.
>Environment:
NetBSD quasar.astron.com 6.99.20 NetBSD 6.99.20 (QUASAR) #3: Thu May 23 
09:30:24 EDT 2013  
christos%quasar.astron.com@localhost:/usr/src/sys/arch/amd64/compile/QUASAR 
amd64
Architecture: x86_64
Machine: amd64
>Description:
        ipf loads the rules properly but ipfstat does not list them.

>How-To-Repeat:
0 root:wheel@t61//etc/ipf.d#  ipf -vf /tmp/ipf.conf 
block in log quick on iwn0(!) all head 600
block in quick inet from any to 10.0.0.0/25 port = 137 group 600
block in quick inet from 0.0.0.0/32 port = 68 to 255.255.255.255/32 port = 67 
group
 600
block in log quick inet from 10.0.0.0/8 to any group 600
block in log quick inet from 192.168.0.0/16 to any group 600
block in log quick inet from 172.16.0.0/12 to any group 600
block in log quick inet from 127.0.0.0/8 to any group 600
block in log quick inet from 0.0.0.0/8 to any group 600
block in log quick inet from 169.254.0.0/16 to any group 600
block in log quick inet from 192.0.2.0/24 to any group 600
block in log quick inet from x.y.64.0/23 to any group 600
block in log quick inet from 224.0.0.0/3 to any group 600
block in log quick inet from 10.0.0.8/32 to any group 600
block in log quick inet from any to 10.0.0.0/32 group 600
block in log quick inet from any to 10.0.0.127/32 group 600
pass in log quick inet proto udp from any to 10.0.0.8/32 port = ntalk keep 
state gr
oup 600 # count 0
block in log first quick inet proto tcp from any to 10.0.0.8/32 port = smtp 
flags S
/FSRPAU keep state keep frags head 620 group 600 # count 0
pass in quick inet proto tcp from x.y.139.172/32 to 10.0.0.8/32 port = smtp flag
s S/FSRPAU keep state keep frags group 620 # count 0
pass in quick inet proto tcp from x.y.140.215/32 to 10.0.0.8/32 port = smtp flag
s S/FSRPAU keep state keep frags group 620 # count 0
pass in quick inet proto tcp from x.y.220.129/32 to 10.0.0.8/32 port = smtp 
flags
 S/FSRPAU keep state keep frags group 620 # count 0
pass in quick inet proto tcp from x.y.7.79/32 to 10.0.0.8/32 port = smtp flags 
S/F
SRPAU keep state keep frags group 620 # count 0
pass in quick inet proto tcp from x.y.21.145/32 to 10.0.0.8/32 port = smtp 
flags S
/FSRPAU keep state keep frags group 620 # count 0
pass in quick inet proto tcp from x.y.220.129/32 to 10.0.0.8/32 port = ssh 
flags 
S/FSRPAU keep state keep frags group 600 # count 0
pass in quick inet proto udp from x.y.220.129/32 to 10.0.0.8/32 port = ssh keep 
s
tate group 600 # count 0
pass in quick inet proto tcp from x.y.140.215/32 to 10.0.0.8/32 port = ssh flags
 S/FSRPAU keep state keep frags group 600 # count 0
pass in quick inet proto udp from x.y.140.215/32 to 10.0.0.8/32 port = ssh keep 
state group 600 # count 0
pass in quick inet proto udp from x.y.220.129/32 to 10.0.0.8/32 port = 58800 
grou
p 600
pass in quick inet proto udp from x.y.139.172/32 to 10.0.0.8/32 port = 58800 gro
up 600
pass in quick inet proto udp from x.y.140.215/32 to 10.0.0.8/32 port = 58800 gro
up 600
block in quick inet proto icmp from any to 10.0.0.8/32 group 600
block in quick inet proto tcp from any to 10.0.0.8/32 group 600
block in quick inet proto udp from any to 10.0.0.8/32 group 600
block out log quick on iwn0(!) all head 650
block out log quick inet from any to 10.0.0.0/8 group 650
block out log quick inet from any to 192.168.0.0/16 group 650
block out log quick inet from any to 172.16.0.0/12 group 650
block out log quick inet from any to 127.0.0.0/8 group 650
block out log quick inet from any to 0.0.0.0/8 group 650
block out log quick inet from any to 169.254.0.0/16 group 650
block out log quick inet from any to 192.0.2.0/24 group 650
block out log quick inet from any to x.y.64.0/23 group 650
block out log quick inet from any to 224.0.0.0/3 group 650
pass out quick inet proto tcp from 10.0.0.8/32 to any port = nntp flags S/SA 
keep s
tate keep frags group 650 # count 0
pass out quick inet proto tcp from 10.0.0.8/32 to any port = mmcc flags S/SA 
keep s
tate keep frags group 650 # count 0
pass out quick inet proto tcp from 10.0.0.8/32 to any flags S/FSRPAU keep state 
kee
p frags group 650 # count 0
pass out quick inet proto udp from 10.0.0.8/32 to any keep state group 650 # 
count 
0
pass out quick inet proto icmp from 10.0.0.8/32 to any keep state group 650 # 
count
 0
0 root:wheel@t61//etc/ipf.d# ipfstat -ion
@1 block out log quick on iwn0 all head 650
@1 block in log quick on iwn0 all head 600


>Fix:
?

Prev by Date: Re: install/47845 (fail to install xulrunner-19.0.2nb1.tgz netbsd 6.1 amd64 wrong checksum)
Next by Date: Re: bin/47776: dhcpcd(8) requries hostname(1)
Previous by Thread: Re: install/47845 (fail to install xulrunner-19.0.2nb1.tgz netbsd 6.1 amd64 wrong checksum)
Next by Thread: Re: kern/47850: ipfstat is broken.
Indexes:

Home | Main Index | Thread Index | Old Index