[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: IPfilter changes?
- From: dl at leo.org (Daniel Lang)
- Date: Thu Apr 17 00:21:41 2003
I've noticed some change of behaviour with IPFilter
in my 4.8-RC2 system after the upgrade. It seems that
a more recent version of ipfilter was imported then,
so maybe something may have changed indeed.
I have a pretty tight filter setup, but I make use of keep state
rules for outgoing packets. Thus, I have the following
rule in my set:
@2200 pass out quick proto tcp/udp from any to any keep frags keep state
This worked in the past for tcp and also for udp connections, like
DNS requests. It still works for TCP, but no longer for DNS.
The packets are no longer allowed through.
Maybe it was never intended to work for UDP? Or maybe the state
timings have changed?
Of course I can just open UDP to our name server machine.
But I was wondering, if the new behaviour is intended or maybe a bug,
or my setup ever just worked by chance. ;)
IRCnet: Mr-Spock - All your .sigs are belong to us -
Daniel Lang * dl_(_at_)_leo_(_dot_)_org * +49 89 289 18532 * http://www.leo.org/~dl/
Visit your host, monkey.org