Subject: Re: NetBSD 2.0
To: Richard Ibbotson <richard@sheflug.co.uk>
From: Daniel Carosone <dan@geek.com.au>
List: port-i386
Date: 12/13/2004 10:49:52
--Or8LRHETumScJgaM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 12, 2004 at 05:01:50PM +0000, Richard Ibbotson wrote:

> Nice software.  Good to see a new release :)

Sure is.

> It's silly question time again.  After building a new firewall/router=20
> box and running 'ipf -Fa -f /etc/ipf.conf' I find that all rules are=20
> loaded  as they should.  Running ipfstat shows that 11 output packets=20
> are blocked in the first 30 minutes of use but nothing is blocked=20
> coming in.  This makes me a bit suspicious :) =20

Indeed.

> Running 'ipftest -v' I get a reply which says "no rules loaded" even=20
> though I have loaded them myself.  Does anyone think that this is a=20
> bug in ipftest ?  The rules have definitely been loaded.

ipftest doesn't look at the kernel, it's a stand-alone tool. You need
to tell it -r rule-file, but I suspect you want to be looking at
ipfstat -i/-o instead.

> Tried a reboot but the same still happens.

Please make sure the version of your userland tools is in sync with
the kernel (ipf -V).

--
Dan.

--Or8LRHETumScJgaM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFBvNkgEAVxvV4N66cRAr6gAJ4xp8TTdgmtxhCWDfMAwizhACdVOwCfR9jY
Ig8R6L1q96RJBLBb5sBMeJ4=
=lsNp
-----END PGP SIGNATURE-----

--Or8LRHETumScJgaM--