On Mon, Apr 10, 2000 at 03:10:51AM -0500, Brian Stark wrote:
> 
> So, I'm really confused... the filtering I do for icmp traffic appears to
> work, but the tcp traffic filtering seems broken.
> 
> If it helps to understand the basic layout of my config file, it is like
> this:
> 
>   callisto:{root}# cat /etc/ipf.conf | grep head 
>   block  in     quick on ppp0 all head 100  
>     block  in     quick on ppp0 proto tcp all head 110 group 100
>     block  in     quick on ppp0 proto udp all head 120 group 100
>     block in      quick on ppp0 proto icmp all head 130 group 100
>     block in      quick on ppp0 proto igmp all head 140 group 100
>   block out     quick on ppp0 all head 200
>   callisto:{root}# 
> 
> 
> Could it be that there is something wrong in IP Filter 3.3.6, or perhaps
> there is a necessary change for the config file that I am not aware of?
> 
> Would it make any sense to try this with a newer version of IP Filter
> (latest appears to be 3.3.12)? I downloaded the version 3.3.12 from
> coombs.anu.edu.au and while reviewing the HISTORY file I came across the
> following entry that looked interesting:
> 
>   3.3.8   01/02/2000 - Released
> 
>   fix state handling of SYN packets.

I think this is related to 'keep state', which you don't seem to use here.

Could you also post the rules for the group 200 ? It's possible that the
TCP packets comes in but the ansewr never gets out.
You could check this with tcpdump  and netstat, while trying to connect.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--