[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re: Yet another log message
From: Darren Reed <darrenr () reed ! wattle ! id ! au>
Date: 2001-01-30 9:15:29
[Download RAW message or body]
In some email I received from ld kelley, sie wrote:
> I hate being a pest today but...
>
> I have the following rule(s) in ipf_conf (output from ipfstat -ni).
>
> .....
> @30 pass in quick on le0 proto tcp from any to 65.193.242.2/32 port = 80
> @31 block in log on le0 from any to any
>
> And the following is being logged:
>
> Jan 28 11:56:36 sturm ipmon[138]: [ID 702911 local0.warning] 11:56:35.901556
> le0 @0:31 b 216.200.14.116,80 -> 65.193.242.2,10009 PR tcp len 20 40 -AF IN
>
> >From the man pages I figured that this is being blocked by rule 31.
> Why isn't rule 30 allowing the request to pass?
Is rule 30 meant to have a "keep state" on the end of it ?
As it is, the rule (30) and the packet logged do not match.
Look where port 80 is.
Darren
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic