--On Saturday, 9 December 2000 3:57 PM "Greg A. Woods" wrote:
> [ On Saturday, December 9, 2000 at 04:26:12 (-0800),
> stephen.welker@nemostar.com.au wrote: ]
>> Subject: kern/11670: ipf eventually blocks all traffic (thus ignoring
>> any rules set)
>>
>> With ipf enabled (sysctl -w net.inet.ip.forwarding=1), after say a few
>> hours of solid traffic (at modem speed) all traffic is blocked.
>
> Are your rules potentially blocking significant numbers of packets?
>
> Are you running "ipmon"?  If so did you give it the '-n' option?  If so,
> then do not -- that'll cause it to block waiting for DNS lookups, and
> that'll potentially cause the /dev/log buffers to fill.

Yes I do run ipmon, but only with a custom kernal: GENERIC kernals do not 
have ipfilter logging enabled.

The problem still exists for a GENERIC kernal.

> BTW, what do you mean by "thus ignoring any rules set"?  Do you mean
> simply that traffic which should be passed is no longer passed?

The traffic that was being passed, after say an hour, stops being passed.

BTW: the traffic is on a ppp (33k modem) interface, so we are not talking 
about huge amount of traffic. It did work fine in 1.4.1.

--
Stephen.