On Tue, Jan 25, 2000 at 09:23:23PM -0800, Kris Kennaway wrote:
> On Tue, 25 Jan 2000, the Webslave wrote:
>
> > > Okay, so I finally decided to take the plunge and check out ipfilter. ipf
> > > seemed to load my ruleset with no problems, but ipfstat dies with:
> > >
> > > ioctl(SIOCGETFS): Invalid argument
> >
> > And what would that ruleset be?
> >
>
> # Default to deny
> block in log on tun0 from any to any
[snip]
I have tested your ruleset in my ipf/ipfstat version. The one I have
comes from the 4.0-20000124-CURRENT snapshot, since I haven't had the
time to cvsup/make-world since. The results of the tests are shown
below, and as you can see ipfstat reports the rules correctly.
hades# ipf -FA
hades# cd /tmp
hades# ipf -f ipf.conf
hades# ipfstat -nio
@1 pass out quick on tun0 proto tcp/udp from any to any keep state
@2 pass out quick on tun0 proto icmp from any to any keep state
@3 pass out quick on lo0 from any to any
@1 block in log on tun0 from any to any
@2 block in quick on tun0 from 192.168.0.0/16 to any
@3 block in quick on tun0 from 172.16.0.0/12 to any
@4 block in quick on tun0 from 10.0.0.0/8 to any
@5 block in quick on tun0 from 127.0.0.0/8 to any
@6 pass in quick on tun0 proto tcp from any to any port = 12345 flags S/FSRPAU
keep state keep frags
@7 pass in quick on tun0 proto udp from any to any port = 31337 keep state
@8 pass in quick on lo0 from any to any
hades# ipf -FA
hades# ipf -f /etc/ipf.conf
What version of ipfilter/ipfstat are you using? I don't now if
cvsup'ing your sources to a more recent version might help at all, but
I don't see a problem with these rules and ipfstat... I'm sorry if
that is not of any help to you, but I can't seem to find anything wrong
here :/
--
Giorgos Keramidas, < keramida @ ceid . upatras . gr >
"Don't let your schooling interfere with your education." [Mark Twain]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
