On 2010-04-13 01:12, Paul B. Henson wrote:
We're running Solaris 10U8, with the latest ipfilter patch. We're having a
problem where inbound connections that should be allowed by a stateful rule
are being dropped.
For example:
Apr 12 16:31:53 kyle ipmon[117]: [ID 702911 local0.warning] 16:31:53.771244
e1000g0 @20:10 b 134.71.247.49,712 -> 134.71.247.14,2049 PR tcp len 20 60
-S IN
This blocked SYN packet shows it was blocked by rule 20:10:
@10 pass in quick proto tcp from 134.71.0.0/16 to any port = nfsd flags
S/SA keep state group 20
What does the head rule for group 20 look like? Is it quick also? If
not, try setting quick on the head rule as well. I seem to recall seeing
odd behavior if the head and the group don't agree on quickness.
--
Jefferson Ogata <[email protected]>
NOAA Computer Incident Response Team (N-CIRT) <[email protected]>
"Never try to retrieve anything from a bear."--National Park Service
