Hello everyone,
During the past week of intensive work on a DNS project, I've put IPFilter 3.4.35 in production. Troubleshooting DNS with IP Filter became the order of the day, but I've also noticed that sometimes, seemingly at random, no output will be generated by `ipfstat -ion`, and it also seems that IP Filter won't log firther packet traversal when the packet matches the rule.
Searching up the IP Filter mailing list archives didn't turn up much; it was inconclusive at best.
I've noticed this: the ruleset is in place -- certain packets are passed and other are blocked, clearly matching the rules, the list generated by `ipfstat -ion` is reported as empty (in and out).
Also, if I have a set of rules that define how a packet will flow, and am using 'local0.info' through syslogd, the rest of the flow won't show up in the log. Perhaps I should 'up' the facility to debug, but I didn't test this yet, as I've solved the problems in the manwhile. Nevertheless, it seems like a bug.
Examples:
pass in log level local0.info quick on qfe2 from x.x.x.x to x.x.x.x/32 keep state
pass out log level local0.info quick on qfe0 from x.x.x.x to x.x.x.x/32 keep state
SOMETIMES, and I say sometimes, I'll see the packet be passed IN on qfe2, but I'll never see it logged as passed OUT on qfe0. Sometimes, I won't see either in the log.
I allow that this may be an 'idiot user' error, but it looks like a bug to me.
