I've installed Freebsd 6.0-RELEASE and had some ipfilter bugs on a machine. It appears that after 3-4 hours ipfilter ignores all group rules. When I run ipfstat -ih I can see the packets coming in and hitting the specific rules but it seems to block them anyway. By group rules I mean I'm doing something like this block in on dc0 all head 100 block out on dc0 all head 150 block in on xl0 all head 200 block out on xl0 all head 250 and have respective group rules under each group. I switched out the nic on the public interface as I thought it was that originally. I currently have this cron job in place to alleviate the problem temporarily 0 * * * * /sbin/ipf -D;/sbin/ipf -E;/sbin/ipf -FS -Fa -f /etc/ipf.rules;/sbin/ipnat -FCf /etc/ipnat.rules I cvsuped to the latest version FreeBSD fbsd.abghouston.com 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #7: Tue Feb 7 17:34:35 UTC 2006 whatever@whatever.com:/usr/obj/usr/src/sys/FIREWALL i386 the problem still seems to persist. tcpdump appears to lock up if there are packets on the dc0 interface(which is the public interface). The problem completely goes away when I disable ipfilter. Does anyone have any hints/clues/ideas? ########################################### This message has been scanned by HyBlue Secure. For more information, connect to http://www.HyBlue.com/