Subject: Re: ICMP acting weird in ipf 4.1.3? (netbsd-2.0_RC1)
To: Jeff Rizzo <>
From: Pavel Cahyna <>
List: current-users
Date: 09/30/2004 17:22:36
> so, clearly, the reply packets are being blocked by the outgoing "keep 
> state" rule, and sure enough, when I comment that rule out, I can ping 
> my machine from outside again.  Strangely enough, pinging from _inside_ 
> works whether or not the rule is in place.  (as I expect it should)
> My question is:  this obviously changed between ipf 4.1.1 and 4.1.3 (at 
> least as realized in 2.0_BETA/RC1, though I chatted with someone on IRC 
> who is having a similar issue).  Is this the way it's supposed to work, 
> or is something actually broken?  (I suspect the latter)

See PR 26856: pass in ... keep state actually block some packets, 
this is exactly the same problem. Please append the information that
it was introduced between ipf 4.1.1 and 4.1.3 to this PR. I suspected
it, but wasn't sure.

Bye	Pavel