On Jan 23, 2005, at 14:29, Manuel Bouyer wrote:
>
> Yes, IPF_BLOCK_DEFAULT doesn't log.

   Any thoughts about changing that?  Maybe adding an 
IPF_BLOCK_DEFAULT_LOG
kernel config option, as well?  Just a suggestion...  Should it go to 
tech-kern, or
does the IPF stuff sortof not fall into that?

> ipf -D should disable it. Or you can a "pass quick all" at the top of
> your rules.

   Yup.  A variety of tests showed that this was the problem.  It hadn't 
occured
to me that I'd be silently blocking the packets, and I guess I was 
surprised that
getting an error from a blocked packet also happened.  I mean, shouldn't
it just silently disappear?  Why does the application know that the 
packet-
filter dropped the packet?  I mean, it's not like I block'ed it with 
return-rst
or anything...

                                   - Chris