Subject: Re: ipf blocking traffic
To: Martti Kuparinen <>
From: Roberto <>
List: current-users
Date: 02/03/2005 17:44:30
> Roberto wrote:
>> 1) is your firewall working and you see sometimes this messages;
> Only sometimes, most of the time it's working just fine.
> Martti
OK I've asked it because of the following: some months ago, (actually on
netbsd 162 and bundled ipf ???) I've setup a ipf firewall and I was using
stateful rules. The firewall block incoming connection to the LAN, but not
the incoming connection to the Web server in the DMZ.
All went OK during the tests I made, and I passed it in production.
Then after a couple of day I started to see blocked packet that according
to the rules ( _stateful_ rules ) should pass through it! (specifically I
see blocked packet coming from internet to the local web server)
At first I think at a bug in my configuration or the software, but after a
small search in internet / test I discovered that the state machine of ipf
may in some circustance block packet that it doesn't recognize as valid
(for example a bad sequence number that does not fit in the current
If you want I can give you more details on it, but now I'm leaving ...
maybe later ...
Kind regards
e-mail roberto.trovo [at]