Re: IPFILTER_DEFAULT_BLOCK & No route to host

From: Jason (talon_at_unix.org.au)
Date: 09/30/03

Next message: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"

Previous message: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
In reply to: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
Next in thread: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Sep 2003 14:14:12 +1000
To: freebsd-security@freebsd.org

On Mon, 29 Sep 2003 20:27:35 -0700 (PDT)
echelon <e_chelon@yahoo.com> wrote:

> Hi,
>
> After the option IPFILTER_DEFAULT_BLOCK is specified at kernel conf on FreeBSD 4.8 stable (cvsup'd
> with tag RELENG_4_8), the machine cannot be ping'd by others on the same network.
>

> Thank you.
> e_chelon
>

This is IPF's proper behavior

You will need to add some rules to your ipf.rules file.

try adding the rules,

pass in quick on lo0 all
pass out quick on lo0 all

pass in log quick on (some nic) all
pass out log quick on (some nic) all

run /sbin/ipf -Fa -f /etc/ipf.rules
when your done :)

-- 
Talon

application/pgp-signature attachment: stored

Next message: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"

Previous message: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
In reply to: echelon: "IPFILTER_DEFAULT_BLOCK & No route to host"
Next in thread: Nikolay Kanchev: "Re: IPFILTER_DEFAULT_BLOCK & No route to host"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]