Hi, All. After adding "keep frags" to the end of current rule, actually all my rules, the problem is solved.
The weird part is with 3.4.32, it works without "keep frags". Never mind. Problem solved. And if anyone else ever encounter connection hangs while the exact rule should have pass it. Add "keep frags" to your rules, it may work for you too. On Wed, Jun 3, 2009 at 9:43 PM, salamond <[email protected]> wrote: > Hi, all. > > I encountered such a problem. > Platform: SunOS 5.8 sparc SUNW,Sun-Fire-V210 > > While I replaced IPFilter 3.4.32 with a new 3.4.35, NIS doesn't work. > $id # or > $id <some_uid> hangs. > > which cause ssh or some other app using NIS/NIS+ all hangs. > > I tried with nisping to show all NIS servers and just proved that > they're all in allowed list. > both directions: in and out. > > Then I started manipulating all rules, changing sequences, cut numbers. > But each time I update rules in file, remove all rules with > $ ipf -F a > and start with new rules in file > $ ipf -f myrules > For the first half an hour, everything works fine even including NIS. > > Half an hour later, everything works except for NIS. > $ id # starts to hang again. > > I even tried # pass out from any to any > # pass in from any to any > > It just doesn't last longer than half an hour. > > I tried google, but no output really helps. > some archives seems to have some description about the similar > problem, but I couldn't find an answer. > > Any one familiar with this? >
