[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Yet another log message
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2001-01-30 9:15:29
[Download RAW message or body]

In some email I received from ld kelley, sie wrote:
> I hate being a pest today but...
> 
> I have the following rule(s) in ipf_conf (output from ipfstat -ni).
> 
> .....
> @30 pass in quick on le0 proto tcp from any to 65.193.242.2/32 port = 80
> @31 block in log on le0 from any to any
> 
> And the following is being logged:
> 
> Jan 28 11:56:36 sturm ipmon[138]: [ID 702911 local0.warning] 11:56:35.901556  
> le0 @0:31 b 216.200.14.116,80 -> 65.193.242.2,10009 PR tcp len 20 40 -AF IN
> 
> >From the man pages I figured that this is being blocked by rule 31.
> Why isn't rule 30 allowing the request to pass?

Is rule 30 meant to have a "keep state" on the end of it ?

As it is, the rule (30) and the packet logged do not match.

Look where port 80 is.

Darren

[prev in list] [next in list] [prev in thread] [next in thread]