hi, i just updated from 4.8 to 4.10-stable(from today). i noticed that i can't ping the machine. ping 127.0.0.1 doesnt work either. when i flush my ipfilter rules (that are unchanged since the update) ping works. now i added the "log" option to *all* block rules in my ipfilter config. there are no blocked packets being logged when i try to ping. i also added "pass in quick on lo0" right on top of my config, but ping still doesnt work. TCP and UDP connection appear to work fine. i suppose this is some kind of bug with IP Filter. anyone having similar issues? regards, bernhard
On Fri, Aug 13, 2004 at 08:09:48PM +0200, Bernhard Valenti wrote:> i just updated from 4.8 to 4.10-stable(from today). i noticed that i > can't ping the machine. ping 127.0.0.1 doesnt work either. when i flush > my ipfilter rules (that are unchanged since the update) ping works. now > i added the "log" option to *all* block rules in my ipfilter config. > there are no blocked packets being logged when i try to ping. i also > added "pass in quick on lo0" right on top of my config, but ping still > doesnt work. TCP and UDP connection appear to work fine. > > i suppose this is some kind of bug with IP Filter. > > anyone having similar issues?No (4.10-STABLE, default to accept). But I have other issues, ;) described earlier on freebsd-net@. -- Pawe? Ma?achowski
On 2004-08-13, Bernhard Valenti <bernhard.valenti@gmx.net> wrote:> i just updated from 4.8 to 4.10-stable(from today). i noticed that i > can't ping the machine. [...]I just did the same upgrade last night, and am experiencing similar troubles. ("block in quick log on dc0" isn't actually blocking anything.) Someone on freebsd-net just noticed this as well: http://lists.freebsd.org/pipermail/freebsd-net/2004-August/004675.html Darren Reed MFCed IPFilter 3.4.35 in early July, and I don't think that ipfilter was updated completely in both of the relevant places (src/contrib/ipfilter and src/sys/contrib/ipfilter). If you diff the files that exist in both locations, there are some troubling differences, especially the missing member of the qif structure in ip_compat.h, etc. I'm seeing the same problem that the freebsd-net poster did: root@lair:~# ipf -V ipf: IP Filter: v3.4.31 (336) Kernel: IP Filter: v3.4.35 That's with a fresh checkout of RELENG_4, and an empty /usr/obj. I've sent an error report to Darren Reed. -- michael handler washington, dc
hi, is this issue fixed yet? i didnt see any commits to the ipfilter code. On 8/13/2004 8:09 PM, Bernhard Valenti wrote:> hi, > > i just updated from 4.8 to 4.10-stable(from today). i noticed that i > can't ping the machine. ping 127.0.0.1 doesnt work either. when i flush > my ipfilter rules (that are unchanged since the update) ping works. now > i added the "log" option to *all* block rules in my ipfilter config. > there are no blocked packets being logged when i try to ping. i also > added "pass in quick on lo0" right on top of my config, but ping still > doesnt work. TCP and UDP connection appear to work fine. > > i suppose this is some kind of bug with IP Filter. > > anyone having similar issues? > > regards, > bernhard >-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3195 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040927/98a3c7a7/smime.bin