Subject: ipfilter on NetBSD/pmax
To: NetBSD/pmax Discussion List <port-pmax@NetBSD.ORG>
From: Paul Mather <>
List: port-pmax
Date: 05/14/1998 15:29:53
I've been trying, without success, to get ipfilter working under either
NetBSD-current (SUPped yesterday) or NetBSD 1.3.1 on pmax (both on a
DECstation 5000/240 and a DECstation 3100). In both cases, I've rebuilt
the kernel using "option IPFILTER_LOG" and "pseudo-device ipfilter" in
the config file. However, I always get a "ioctl(SIOCADDFR): Invalid
argument" on boot up (when ipf is being initialised), and whenever I try
to add new rules using ipf. The machine behaves as though ipf is not
installed; networking still works properly (due maybe to the default
"pass" behaviour), but without the desired filtering action.
I would like to get this working, and figure maybe I am just doing
something simple that's wrong. Has anyone got ipfilter to work under
This is the scenario: my DECstation 3100 at home dials in and connects
to a PPP server in our lab. I have my PPP set up to demand-dial out,
and to disconnect after 5 minutes of idle time. Alas, recently, a
Windows NT box has started to send out incessant net chatter (SNMP
status requests), at one minute (and sometimes less) intervals, which
prevents my PPP link ever idling out.
Because I have no need ever to receive traffic from this NT machine, and
because it is the *only* source of unwelcome packets, I thought I would
simply block out that machine using ipfilter on my PPP server. I figure
a rule along the lines:
block out quick from 198.82.180.XXX/32 to 198.82.180.YYY/32
on the PPP server would do the trick (where XXX is the NT machine, and
YYY is my 3100).
Alas, I cannot get ipfilter working to do this blocking. :-(
Can anyone help?
Incidentally, could I do the blocking on my DS3100 (e.g. "block in
...")? Or has the blocked packet already reset the idle timeout before
passing through the filter?
"I didn't mean to take up all your sweet time"
--- James Marshall Hendrix