Re: ipfilter vs. icmp on NetBSD

Here's my problem: I can't ping my interface from the outside, even
though I was able to before. I think I fixed things.

OK, so here's what I found out:

On NetBSD, ipfilter 4.0, I could use:

pass out log level local1.info on le0 proto icmp from any to any keep state
pass in log level local1.info quick on le0 proto icmp from any to 192.168.1.18/32

But after ipfilter 4.1 and probably other changes, this won't work.

I see this:

Sep 29 21:02:25 anna ipmon[150]: 21:02:24.753722 le0 @0:65 p lesleyanne.i8u.org[192.168.1.17] -> anna.i8u.org[192.168.1.18] PR icmp len 20 84 icmp echo/0 IN
Sep 29 21:02:25 anna ipmon[150]: 21:02:24.754005 le0 @0:45 b anna.i8u.org[192.168.1.18] -> lesleyanne.i8u.org[192.168.1.17] PR icmp len 20 84 icmp echoreply/0 K-S OUT

I experimented and commented out the "keep state" and now it seems to
work.

Now I see:

Sep 29 21:07:58 anna ipmon[730]: 21:07:58.280328 le0 @0:65 p lesleyanne.i8u.org[192.168.1.17] -> anna.i8u.org[192.168.1.18] PR icmp len 20 84 icmp echo/0 IN
Sep 29 21:07:58 anna ipmon[730]: 21:07:58.280506 le0 @0:45 p anna.i8u.org[192.168.1.18] -> lesleyanne.i8u.org[192.168.1.17] PR icmp len 20 84 icmp echoreply/0 OUT

THE QUESTION:

Is this correct behavior?

--
Hisashi T Fujinaka - htodd@twofifty.com
BSEE(6/86) + BSChem(3/95) + BAEnglish(8/95) + MSCS(8/03) + $2.50 = latte