On Jan 23, 2005, at 09:25, Manuel Bouyer wrote:
> On Sat, Jan 22, 2005 at 01:09:35PM -0500, Chris Ross wrote:
>> vlan5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>         vlan: 27 parent: wm0
>>         address: 00:08:c7:16:84:bb
>>         inet 192.168.118.60 netmask 0xffffffc0 broadcast 
>> 192.168.118.63
>>         inet6 fe80::208:c7ff:fe16:84bb%vlan5 prefixlen 64 scopeid 0xb
>> borderguard# ping 192.168.118.20
>> PING 192.168.118.20 (192.168.118.20): 56 data bytes
>> ping: sendto: Permission denied
>> ping: sendto: Permission denied
>
> Have you setup ipfilter on this box ?

   Yes, but I am not filtering vlan5.  And there is nothing in the log 
related to
this.  There's no filtering at all applied to icmp.  Hmm, tho, I think 
I did compile
the kernel as IPF_BLOCK_DEFAULT.  Does the default block kernel 
compilation
*not* log?  That seems odd...

   Is there any way I can check if the packets are being blocked by ipf? 
  Can
I turn it off, without rebooting and/or changing the kernel?  I don't 
know if
that module can be dynamically disabled, and since it's not my rules 
(I'm
pretty sure) that are the problem, I'd need to disable it in whole...

   Thanks for the thought-provoking question.  :-)

                         - Chris