--On Saturday, 9 December 2000 3:59 PM "Greg A. Woods" wrote:
> [ On Sunday, December 10, 2000 at 02:08:25 (+1100), Stephen Welker wrote:
> ]
>> Subject: Re: kern/11670: ipf eventually blocks all traffic (thus
>> ignoring  any rules set)
>>
>> Dec  6 17:47:26 hermes ipmon[79]: 17:47:25.335973             ppp0 @0:15
>> b  mail2.bigpond.com,25 -> mx.nemostar.com.au,65211 PR tcp len 20 65
>> -AFP IN
>
> Ah, yes, clearly you are running "ipmon" with "-n".  Take out the '-n'
> and things should come back to life (and you should see a *lot* more log
> entries too! :-)

Yes I do run ipmon, but only with a custom kernal: GENERIC kernals do not 
have ipfilter logging enabled.

The GENERIC kernal still exhibits this problem.

It worked fine in 1.4.1.

The traffic is on a ppp (33k modem) interface, so we are not talking about 
huge amount of traffic.

I did see a lot of blocked packets on 1.4.1, mostly NetBIOS probes, 
1000-3000 per day; resulting in a 1MB log file per week.

Incidently I have the "-n" option on in ipmon so that I can determine the 
probes the I am experiencing by a simple "grep netbios local0 | wc" filter.

Which also brings me to another problem: ipmon does not log the port 
service name only the number even when directed by the "-n" option - this 
worked on NetBSD-1.4.1. Feature request: an option to only expand the port 
number to name in the log only (thus avoiding the DNS issue as mentioned 
earlier).

--
Stephen.