Andre, Thanks a lot for your prompt answer.
I will give to your patch a try on a testing machine (I am now thinking to replace IPF with IPFW or PF--nevertheless, I would like to trust IPF again--) Mario Antonio ----- Original Message ----- From: "Andre Albsmeier" <[EMAIL PROTECTED]> To: "Mario Antonio" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, March 15, 2005 8:09 AM Subject: Re: ICMP Issues FreeBSD > On Mon, 14-Mar-2005 at 18:01:33 -0500, Mario Antonio wrote: > > I am running IPF v3.4.35 in FreeBSD 4.11-RELEASE > > For the last years I have been running IPF without any problem, but last > > week after upgrading three machines from FreeBSD > > 4.9-RELEASE to 4.11-RELEASE, I have been having some issues. > > > > First I needed to recompile the kernel with IPv6 support for IPF to work > > (Ok, I took care of that) > > > > > > One of the problems I am having is that I cannot make the machine pingable. > > The problem is in the outbound rules since when I > > flush them (ipf -Fo), the machine becomes pingable. > > the weird thing is not even ICMP logs are recorded > > > > This is the only set of rules for outbound: > > > > ============================================================================ > > ======= > > block out log quick on fxp0 all head 30 > > # Internet Outbound > > pass out quick on fxp0 proto tcp from any to any keep state keep frags group > > 30 > > pass out quick on fxp0 proto udp from any to any keep state keep frags group > > 30 > > pass out quick on fxp0 proto icmp from any to any keep state keep frags > > group 30 > > ============================================================================ > > ======== > > > > I have also tried the following rule, and the result is the same: > > pass out quick on fxp0 all keep state keep frags > > > > > > > > Someone already posted an email in this mailing list on 2004-08-15 17:48:24 > > saying that :"Everything worked before 3.4.35 was MFC'ed to FreeBSD > > 4.10-STABLE" > > That was me :-) > > > > > Am I missing something? > > The patch in > > http://lists.freebsd.org/pipermail/freebsd-net/2004-November/005577.html > > fixes _my_ problem w.r.t. returning ICMP packets. Maybe it fixes yours > as well, maybe it kills your machine :-). > > -Andre > > -- > Windows NT Multitasking: Messing up several things at once. > --- > [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System] > > --- [This e-mail was scanned for viruses by Webjogger's AntiVirus Protection System]
