On 20.12-11:15, Richard Ibbotson wrote:
> Hi
> 
> > "       When used without either of -S, -T or -E, ipftest uses its
> >        own  text input format to generate "fake" IP packets.  The
> >        format used is as follows:
> >                  "in"|"out" "on" if ["tcp"|"udp"|"icmp"]
> >                       srchost[,srcport] dsthost[,destport] [FSRPAU]
> 
> 
> Found some more time to do some more with this.  If I do 'netstat -rn' 
> then I find that the IPF rules are loaded.  Long list of them fall 
> down the screen.   I can see "ipfilter=YES" in /etc/rc.conf.  When I 
> type 'ipftest -S' into the console I get a reply which is "no rules 
> loaded".
> 

To get something meaningful from ipftest,
you should type something like this:

# echo "in on ex0 tcp 161.126.255.6,22900 62.22.192.103,80 S" |ipftest -r /etc/ipf.conf

Chris

-- 
----------------------------------------------------------------------
Christoph Kaegi                                           kgc@zhwin.ch
----------------------------------------------------------------------