Caveat #1 - ippool is broken in my OS (NetBSD 2.x/3.x) so
I haven't gotten too far, but as I understand it....8-)
Did you load your table(s)?
# ippool -f ippool.conf
What happens when you list your pools?
# ippool -l
Thanks,
gene
> All,
> I am having a problem trying to use ippools in my
> configuration. I have defined a simple pair of rules and a simply pool
> to test with and I am running into problems. My ipf.conf is simply the
> following.
>
> block in log quick proto tcp/udp from 128.125.253.114 to any port = 22
> block in log quick proto tcp/udp from pool/100 to any port = 22
>
> my ippool.conf is as follows
>
> table role = ipf type = hash number = 100
> { 128.125.253.124/32; 128.125.253.214/32;
> };
>
> Connections from 128.125.253.114 are blocked correctly (because if the
> first rule), but the IPs in the pool are not blocked. I suspect the
> problem has something to do with the fact that the pool definition as
> a ! next to in ipfstat -io, but since I am new to ipf and ippools I am
> not sure.
>
> [EMAIL PROTECTED] ipf]# ipfstat -io
> empty list for ipfilter(out)
> block in log quick proto tcp/udp from 128.125.253.114/32 to any port 22
> block in log quick proto tcp/udp from pool/100(!) to any port = 22
>
> Anyone have any idea what I am doing wrong here?
>
>
> Other potentially usefull information that Phil's FAQ recommends.
>
> [EMAIL PROTECTED] ipf]# uname -a
> SunOS msg-mx4.usc.edu 5.9 Generic_118558-19 sun4u sparc
> SUNW,Sun-Fire-V240
> [EMAIL PROTECTED] ipf]# isainfo -vk
> 64-bit sparcv9 kernel modules
> [EMAIL PROTECTED] ipf]# ifconfig -a
> lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index
> 2
> inet 127.0.0.1 netmask ff000000
> bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
> index 3
> inet 128.125.137.9 netmask ffffffe0 broadcast 128.125.137.31
> ether 0:3:ba:51:bc:fd
> [EMAIL PROTECTED] ipf]# netstat -rn
>
> Routing Table: IPv4
> Destination Gateway Flags Ref Use Interface
> -------------------- -------------------- ----- ----- ------ ---------
> 128.125.137.0 128.125.137.9 U 1 100 bge0
> 224.0.0.0 128.125.137.9 U 1 0 bge0
> default 128.125.137.1 UG 1 659
> 127.0.0.1 127.0.0.1 UH 1 10 lo0
> [EMAIL PROTECTED] ipf]# netstat -i
> Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs
> Collis Queue
> lo0 8232 loopback localhost 269 0 269 0 0
> 0
> bge0 1500 msg-mx4.usc.edu msg-mx4 1381209 0 1284851 0
> 0 0
>
> [EMAIL PROTECTED] ipf]# ipf -V
> ipf: IP Filter: v4.1.13 (592)
> Kernel: IP Filter: v4.1.13
> Running: yes
> Log Flags: 0 = none set
> Default: pass all, Logging: available
> Active list: 1
> Feature mask: 0x187
> [EMAIL PROTECTED] ipf]# ipfstat
> bad packets: in 0 out 0
> IPv6 packets: in 0 out 0
> input packets: blocked 6 passed 1252102 nomatch 469596
> counted 0 short 0
> output packets: blocked 0 passed 1154179 nomatch 421689
> counted 0 short 0
> input packets logged: blocked 6 passed 0
> output packets logged: blocked 0 passed 0
> packets logged: input 0 output 0
> log failures: input 0 output 0
> fragment state(in): kept 0 lost 0 not fragmented 0
> fragment state(out): kept 0 lost 0 not fragmented 0
> packet state(in): kept 0 lost 0
> packet state(out): kept 0 lost 0
> ICMP replies: 0 TCP RSTs sent: 0
> Invalid source(in): 0
> Result cache hits(in): 782506 (out): 732490
> IN Pullups succeeded: 0 failed: 0
> OUT Pullups succeeded: 22 failed: 0
> Fastroute successes: 0 failures: 0
> TCP cksum fails(in): 0 (out): 0
> IPF Ticks: 298714
> Packet log flags set: (0)
> none
>
