>Number:         22779
>Category:       kern
>Synopsis:       Using IPF slows down ping, telnet requests etc
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Sep 14 07:54:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Amar
>Release:        1.6
>Organization:
HSS
>Environment:
i386
>Description:
We have built our kernel and have ported to a compact flash. Everything works fine but when we start using ipf ping slows down drastically. If i ping a computer on my network the ping is initiated but it gets delayed by over a minute and then starts showing the packet responses. These are well below 1ms but why does the ping start so late?

The same thing happens with telnet when someone tries to telnet on my system it says connecting but gives the login prompt after this great delay.

When i do an ipf -Fa then everything seems to be working normally. The rule set i use is as follows: 

block in all

pass in proto tcp from any to any port = 22
pass in proto tcp from any to any port = 23
pass in proto tcp from any to any port = 80
pass in proto tcp from any to any port = 443

pass in proto udp from any to any port = 161
pass in proto udp from any to any port = 162

pass in proto icmp from any to any

pass in proto tcp from any port = 20 to any
pass in proto tcp from any port = 21 to any
pass in proto tcp from any port = 69 to any

pass in proto tcp/udp from any port = 1812 to any
pass in proto tcp/udp from any port = 123 to any
pass in proto tcp/udp from any port = 53 to any


i initialize ipf with ipf -E -Z -Fa -f rule_file. The ipf i use is the one that came in the NetBSD 1.6 package.

Please Help Me!

Thanx
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: