Roman Serbski wrote:
My ruleset consists of only 6 rules:
pass out quick on lo0 from any to any
pass out quick on xl0 proto tcp from any to any port = domain flags
S/FSRPAU keep state
pass out quick on xl0 proto udp from any to any port = domain keep state
block out log quick on xl0 all
pass in quick on lo0 from any to any
block in quick on xl0 all
Your rules look ok, this is a strange problem.
The rule # 2 which was blocking reply from DNS server is 'block in
quick on xl0 all'.
Adding 'log' keyword to the rule allowing outgoing 53/udp gives the following:
xl0 @0:3 p YYY.YYY.YYY.YYY,50359 -> XXX.XXX.XXX.XXX,53 PR udp len 20 57 K-S OUT
So outgoing 53/udp was successfully passed through, but incoming reply
was blocked again:
xl0 @0:2 b XXX.XXX.XXX.XXX,53 -> YYY.YYY.YYY.YYY,50359 PR udp len 20 298 IN bad
Yes, I also tried another DNS server - same results.
ok
I think this is more ipf issue, so I'll try to ask for assistance in
ipf maling list, I was just thinking if someone else has faced with
the similar problem during upgrade from ipf v3.4.35 to v4.1.8.
Ok, here are some things to try:
1) Other udp services, are responces also blocked? you can for example
try ntp. If so, then it is likely a bug in ip-filter.
else,
2) Try using snort or tcpdump to capture the blocked packet and analyse
if it is malformed. Possibly include such a packet with your next post.
else
3) try to see if you can upgrade to a newer ipfilter, latest is v4.1.10
Cheers, Erik
--
Ph: +34.666334818 web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
