, NetBSD Users <netbsd-users@netbsd.org>
From: Jukka Marin <jmarin@pyy.jmp.fi>
List: netbsd-users
Date: 04/10/2001 12:46:47
On Tue, Apr 10, 2001 at 09:36:02AM +0300, Jukka Marin wrote:
> It seems my "out" rules on ep3 have no effect at the moment. I use groups
> for the network interfaces like this (this is the beginning of my ipf.conf):
I added more "log" keywords to see which rule passes the packets to ep3
when they should be blocked. In the log, I get
Apr 10 12:40:46 foo ipmon[257]: 12:40:46.208017 ep3 @65535:0 p
goo.gaa.com -> foobar.com PR icmp len 20 21504 icmp 8/0 K-S IN
The packet was passed by rule 65535:0, huh? There is no such rule. What
does 65535 mean? If it means "the default" or something like that, then
why did adding "log" to _real_ out rules make ipf log these messages? They
weren't being logged before.
Must be something I don't understand...
-jm