[ Charset ISO-8859-1 unsupported, converting... ] > For some reason, ip_rules.c are not generated after doing make freebsd5. It > must be done manually with: > > make ip_rules.c
I've added some checks for force this to be done. The problem here is that these files (ip_rules.c and ip_rules.h) are very much dependant on the environment in which ipfilter is being run so they have to be generated. What they are is filter rules converted into C code. > After installed and upgraded the ipf that comes as part of FreeBSD 5.3 ( ipf > 3.4.35 ) I noticed some troubles with pass rules with "flags S keep state" > statements: packets that matched those rules went blocked. Those rules were > working fine in 3.4.35. > > I had to redefine those pass rules, removing "flags S" statement, to allow > packets get passed in ipf 4.1.8. The packets weren'd being passed, at all ? In 4.1.8, if it can't add state for a "pass .. keep state" rule, it will block the packet. I'm changing this to just skip it (for "quick" rules) but I'm not sure this will fix your problem. Darren
