Re: Solaris Express b72 and IPFilter

From: Oscar del Rio (delrio_at_mie.utoronto.ca)
Date: 12/31/04 

Date: Fri, 31 Dec 2004 14:52:55 -0500

hume.spamfilter@bofh.halifax.ns.ca wrote:
> However, one thing seems to be given me problems: IPFilter, both filtering
> and NAT'ing.
>
> Rules will load, but IPF seems disconnected from the IP traffic. I can set
> up a "block all" rule and traffic gets through fine. I even made sure to
> "ipf -E".

did you enable your nic in /etc/ipf/pfil.ap
reboot after editing

Relevant Pages

  • Re: [fw-wiz] Variations of firewall ruleset bypass via FTP
    ... I think you're saying this was fixed in the ... "IPFilter version $current is not vulnerable, ... >> current version of IPF, older versions are probably vulnerable, but I'm ... an explicit statement about older versions if the code behaviour affecting ...
    (Firewall-Wizards)
  • SUMMARY: pfil/ipfilter problem
    ... I've recently asked a question about IPFilter. ... So my statement is one should not use IPF v4.1 with Solaris 9 ... Then comfigured pfil for ce0 according to instructions ... Because it looks like pfil lost configuration info due to boot. ...
    (SunManagers)
  • sysctl kern.openfiles
    ... I have a recent -CURRENT on a box which I do some load and ... lupin# sysctl kern.openfiles ... This is during a buildworld and with no mails coming in, ... machine had been filtering for a few minutes. ...
    (freebsd-current)
  • Re: /etc/rc.firewall fixes
    ... > I would like to see configuration code for ipfw AND ipfilter ... ipf got its hooks before 4.2-RELEASE. ... never make it into ipfilter itself. ... This enables you to do some rc.firewall like things ...
    (FreeBSD-Security)
  • Strange problem with ipfilter
    ... We are having a strange problem with RELENG_6_1 and ipfilter 4.1.8. ... We are running gre tunnels over fast_ipsec tunnels. ... When we ping the local gre endpoint from the remote end ipf blocks the icmp-reply. ...
    (freebsd-stable)