Ok, may be this is fine to get "No route to host" when ping 127.0.0.1/ localhost if IPFILTER_DEFAULT_BLOCK option is set.
However, I use the following rules for the internal network interface (xl1) # Group 9000 (internal network interface) block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 23 group 9000 block return-rst in log quick on xl1 proto tcp from any to 192.168.x.x/32 port = 21 group 9000 pass in quick on xl1 all group 9000 With these rules, I believe I should able to ping and SSH the freebsd box from my internal network no matter the option IPFILTER_DEFAULT_BLOCK is set or not. However, this is true only if the IPFILTER_DEFAULT_BLOCK option is removed. The same rules were used with IPFilter 3.4.18 on FreeBSD 4.2 and no such problem was encountered. Thanks. e_chelon --- Darren Reed <[EMAIL PROTECTED]> wrote: > > That's how it is meant to work. > > Good to know it's working as intended. > > Cheers, > Darren > __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
