Re: "pass in" blocks traffic
This is a discussion on Re: "pass in" blocks traffic within the IPFilter forums, part of the System Security and Security Related category; Darren Reed wrote: >The way ipfstat outputs line numbers does not match that for counting >rules when stepping ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-08-2004
|
|||
|
|||
Re: "pass in" blocks traffic
Darren Reed wrote:
>The way ipfstat outputs line numbers does not match that for counting >rules when stepping through to the one reported in the log output. > > I assume this is on the list of things to fix even if it isn't high on that list. The manual page for ipmon says that the numbers should match. "These [rule numbers] can be viewed with ipfstat -n." >It's off by one - the rule @0:12 relates to is @13. Does that make >more sense for you ? > > Um.. No. Not really. I have the following rules and output from ipmon. bash-2.05b# ipfstat -in @1 block in log on ep0 all @2 block in log quick on ep0 from 193.226.8.108/32 to 203.79.72.166/32 @3 block in log quick on ep0 from 81.84.0.0/16 to 203.79.72.166/32 @4 block in log quick on ep0 from 24.93.161.154/32 to 203.79.72.166/32 @5 block in log quick on ep0 from 222.152.214.222/32 to 203.79.72.166/32 @6 pass in quick on ep0 proto tcp from any to 203.79.72.166/32 port = ssh flags S/FSRPAU keep state @7 pass in quick on ep0 proto tcp from any to 203.79.72.166/32 port = smtp flags S/FSRPAU keep state @8 pass in quick on ep0 proto tcp from any to 203.79.72.166/32 port = www flags S/FSRPAU keep state @9 pass in quick on ep0 proto tcp from any to 203.79.72.166/32 port = https flags S/FSRPAU keep state @10 pass in quick on ep0 proto tcp from any to 203.79.72.166/32 port = imaps flags S/FSRPAU keep state @11 pass in quick on ep0 proto tcp/udp from any to 203.79.72.166/32 port = domain keep frags @12 pass in quick on ep0 from 203.109.146.40/32 to any keep frags @13 pass in quick proto icmp from any to any keep state @14 pass in on tlp0 all @15 pass in on lo0 all @16 pass in quick on ep0 proto tcp from any to 10.0.1.25/32 port = 13951 flags S/FSRPAU keep state bash-2.05b# ipmon 09/12/2004 08:42:35.318297 lo0 @0:13 b 127.0.0.1 -> 127.0.0.1 PR icmp len 20 84 icmp echoreply/0 K-S IN 09/12/2004 08:42:36.323418 lo0 @0:13 b 127.0.0.1 -> 127.0.0.1 PR icmp len 20 28 icmp echoreply/0 K-S IN low-ttl 09/12/2004 08:42:36.323471 lo0 @0:13 b 127.0.0.1 -> 127.0.0.1 PR icmp len 20 84 icmp echoreply/0 K-S IN -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.7 - Release Date: 7/12/2004 
|
Linear Mode
