On Mon, Aug 09, 2010 at 03:21:51PM +0300, Eugenijus Urbonas wrote: > Hello! > Some time ago I already had business with ipf and everything was ok (I > used manual to create rules), server worked perfetcly. > Now I'am trying to setup the same server, but with newer version of > FreeBSD (8.1-RELEASE), the same manuals, the same settings, everything > works except firewall, and there is something strange: > for example, I have rules in my /etc/ipf.rules: > > Code: > > pass out quick on fxp0 all > pass in log quick on fxp0 proto tcp from any to any port = 80 > block in log first quick on fxp0 all > > in this case ipmon shows: > Code: > > ... fxp0 *...@0:1 p *xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... > > that is OK > > now I change second rule to: > Code: > > pass in log quick on fxp0 proto tcp from any to any port = 80 flags S keep > state > > # because I want to use statefull firewall ofcourse > > in this case ipmon shows: > Code: > > ... fxp0 *...@0:2 b* xx.xx.xx.xx -> xx.xx.xx.xx,80 PR tcp len ... > > and that is NOT OK > > I don't understand why, but now my connection does not match my rule... > why? can someone explain in to me?
what is the output of `ipfstat -in`? -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
