That is really odd, your ipf.rules file doesn't match your ipfstat -i -h. I don't see any 192.168.1.89 in your file, and yet its in your ipfstat table. :/
Well at any rate, your ipf.rules file is a mess. I would try to rewrite them, Bruno Fernandes has some great examples (seems to have left out ftp proxy :) ). Its very important that your filter rules are easy to understand, so that you don't make a mistake and allow something you didn't want to allow. One more thing ipf takes the LAST hit (unless quick statement is used) so you could say. #Generic block everything. block in from any to any block out from any to any block in proto $proto from any to any FLAGS $badpackets #allow this stuff. pass out from $inside to $outside keep state pass out from $inside to $dmz keep state etc etc so if a packet comes in that doesn't match a pass rule it should get blocked (block was the only match) also check this out. http://www.obfuscation.org/ipf/ Also look for proxy ftp on this page. (its part of ipnat) ipfstat -i -h can be very helpful also. and watch ipmon when using log statement, it will tell you the pass/block rule number (again very helpful). --- irado furioso com tudo <[EMAIL PROTECTED]> wrote: > > > bob bobing wrote: > > > please paste the output of ipfstat -i -h, ipnat -l > and > > the contens of your ipfrules file, and ipnatrules > > file. > > > > Just an FYI, ipnat happens before ipf, so your > rules > > need to be written post nat. > > __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls