The default ipfboot script flushes all rules. Is this necessary every time you change some rule?
This is done because depending on your ruleset, a new rule added may not be affective based on old rules, and also because the script reads in the entire ruleset anyway, so it will prevent duplicates. The script uses ipf -Fa which flushes rules but not state table entries. To flush state table entires use ipf -FS. • Sending mail is horribly slow! You’re probable blocking stuff to your ident port, 113. Change that rule so that you send a TCP reset: block return-rst in quick on ppp0 proto tcp from any to any port = 113 Solaris users, see VII-1 • I can’t connect to IRC. See above. • When I try to load the LKM (if_ipl.o), I get “fr_checkp” (or other) unresolved symbols. (FreBSD, OpenBSD, SunOS) Make sure you have a kernel that has been correctly patched using the patches supplied with IP Filter, has “IPFILTER” in the config file and is the current kernel you are using. For FreeBSD/NetBSD, you will need to load if_ipl.o in an rc script (when securelevel is 0) or make sure that securelevel i
