[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipfstat shadow packets

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipfstat shadow packets
From: Mike Ayers <mike_(_dot_)_ayers_(_at_)_earthling_(_dot_)_net>
Date: Sun, 26 Aug 2001 13:45:06 -0700
Reply-to: mike_(_dot_)_ayers_(_at_)_earthling_(_dot_)_net

	Here is the top of my ipf.rules:

<SNIP>

# set our default policies
block in log all
pass out all

# accept packets coming from the internal interface
pass in on dc0 all
pass in on lo0 all

</SNIP>

	Interface dc0 is my internal network.  Note that I normally don't log
default blocked packets - I have that on to test this problem.  Here is
the top of my `ipfstat -hi`:

<SNIP>

768 block in log from any to any
930 pass in on dc0 from any to any
4 pass in on lo0 from any to any

</SNIP>

	Okay, now here's what happen when I run `ipfstat -hi` three times in
quick succession:

<ONE>
872 block in log from any to any
1083 pass in on dc0 from any to any
4 pass in on lo0 from any to any
</ONE>

<TWO>
878 block in log from any to any
1091 pass in on dc0 from any to any
4 pass in on lo0 from any to any
</TWO>

<THREE>
884 block in log from any to any
1099 pass in on dc0 from any to any
4 pass in on lo0 from any to any
</THREE>

	As I ran these commands, which show 12 packets getting blocked, I had a
console open running ipmon - that console showed no packets.  Any ideas
where these mystery packets came from or went to?


	Thanks,

/|/|ike

Follow-Ups:
- Re: ipfstat shadow packets
  - From: Matt Sauve-Frankel

Prev by Date: Re: IP protocol passage
Next by Date: Notebook Panic with Linksys Wireless PCMCIA card
Previous by thread: Re: Ultrasparc hardware.
Next by thread: Re: ipfstat shadow packets
Index(es):
- Date
- Thread

Visit your host, monkey.org