On Mon, 14-Mar-2005 at 18:01:33 -0500, Mario Antonio wrote: > I am running IPF v3.4.35 in FreeBSD 4.11-RELEASE > For the last years I have been running IPF without any problem, but last > week after upgrading three machines from FreeBSD > 4.9-RELEASE to 4.11-RELEASE, I have been having some issues. > > First I needed to recompile the kernel with IPv6 support for IPF to work > (Ok, I took care of that) > > > One of the problems I am having is that I cannot make the machine pingable. > The problem is in the outbound rules since when I > flush them (ipf -Fo), the machine becomes pingable. > the weird thing is not even ICMP logs are recorded > > This is the only set of rules for outbound: > > ============================================================================ > ======= > block out log quick on fxp0 all head 30 > # Internet Outbound > pass out quick on fxp0 proto tcp from any to any keep state keep frags group > 30 > pass out quick on fxp0 proto udp from any to any keep state keep frags group > 30 > pass out quick on fxp0 proto icmp from any to any keep state keep frags > group 30 > ============================================================================ > ======== > > I have also tried the following rule, and the result is the same: > pass out quick on fxp0 all keep state keep frags > > > > Someone already posted an email in this mailing list on 2004-08-15 17:48:24 > saying that :"Everything worked before 3.4.35 was MFC'ed to FreeBSD > 4.10-STABLE"
That was me :-) > > Am I missing something? The patch in http://lists.freebsd.org/pipermail/freebsd-net/2004-November/005577.html fixes _my_ problem w.r.t. returning ICMP packets. Maybe it fixes yours as well, maybe it kills your machine :-). -Andre -- Windows NT Multitasking: Messing up several things at once.
