on 5/13/02 1:42 PM, Manuel Bouyer at bouyer@antioche.eu.org wrote:

> On Tue, May 07, 2002 at 08:35:49PM -0700, Monroe Williams wrote:
>> 
>> I'm using the "keep state" rules on an ipf firewall, and I think I must be
>> missing something.
>> 
>> When using the rules:
>> 
>> pass out quick on ex0 proto udp from any to any keep state
>> pass out quick on ex0 proto icmp from any to any keep state
>> 
>> it appears that every packet that passes out on the interface creates a new
>> state table entry.  For example, running ping for a short while on a
> 
> Maybe try something like this:
> pass out first quick on ex0 proto udp from any to any keep state
> pass out quick on ex0 proto udp from any to any keep state
> pass out first quick on ex0 proto icmp from any to any keep state
> pass out quick on ex0 proto icmp from any to any keep state
> 
> This works for me, on 1.5.2

Are you sure?  with these rules:

pass out first quick on ex0 proto icmp from any to any keep state
...
pass out first quick on ex2 proto icmp from any to any keep state

I get:

[root@gate etc]# /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
36: unexpected keyword (first) - from
51: unexpected keyword (first) - from
Set 0 now inactive
[root@gate etc]#

Looking at the man page, it appears that the "first" keyword is only meant
to be used with the "log" action or option.

-- monroe
------------------------------------------------------------------------
Monroe Williams                                  monroe@criticalpath.com