Subject: Re: kern/11670: ipf eventually blocks all traffic (thus ignoring any rules set)
To: None <firstname.lastname@example.org>
From: Manuel Bouyer <email@example.com>
Date: 12/09/2000 15:13:46
On Sat, Dec 09, 2000 at 04:26:12AM -0800, firstname.lastname@example.org wrote:
> NetBSD hermes 1.4.3 NetBSD 1.4.3 (GENERIC) #60: Wed Nov 1 01:35:30 MET 2000 email@example.com:/usr/src/sys/arch/i386/compile/GENERIC i386
> With ipf enabled (sysctl -w net.inet.ip.forwarding=1), after say a few hours of solid traffic (at modem speed) all traffic is blocked.
FYI, ipf is enabled with ipf -E. sysctl -w net.inet.ip.forwarding=1 only
allows packet forwarding (you can have ipf running without routing
> see below "Fix to the problem if known" for more details.
> "ipf -D" followed by "ipf -E -Fa -f /etc/ipf.conf" will fix the problem a few times. Finally only a "ipf -D" will allow any traffic at all. A reboot is then necessary to achieve the use of any filter rules.
Do you use NAT in addition to IPF ? Did this work with 1.4.2 ?
While the traffic is blocked, could you run tcpdump on both interfaces
and see what traffic there is ?
Manuel Bouyer <firstname.lastname@example.org>