[ previous ] [ next ] [ threads ]
 From:  "Chad R. Larson" <clarson at eldocomp dot com>
 To:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>, "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Firewall question
 Date:  Fri, 14 Nov 2003 13:06:44 -0700
At 10:05 AM 11/14/2003, Christopher M. Iarocci wrote:
>I see it from time to time, and don't really understand it because I guess I
>don't understand all the codes at the end of the line.

"man 8 ipmon"  "man 5 ipf"

The "codes" appear if the packet is TCP, and represent the contents of the 
IP flags byte and the filter's state keeping.

>I'm hoping the rules for the VPN allows all traffic through the tunnel, 
>but the below log entry clearly shows a packet being blocked.
>12:00:19.723053 rl0 @100:2 p,1268 ->,524 PR tcp len
>20 40 -A K-S K-F IN

Nope.  This part [@100:2 p] says that rule two in group 100 passed the packet.

It is a TCP packet that has the ACK flag set, and the firewall is keeping 
state and tracking fragments.

>Thanks for any insite.


This message is intended for the sole use of the individual and entity to whom it is addressed, and
may contain information that is privileged, confidential and exempt from disclosure under applicable
law. If you are not the intended addressee, nor authorized to receive for the intended addressee,
you are hereby notified that you may not use, copy, disclose or distribute to anyone the message or
any information contained in the message. If you have received this message in error, please
immediately advise the sender by reply email, and delete the message. Thank you.