Hi,
I want to use ipfilter on tunnel interface and run into one strange
issue below.
--------------------------------
System configuration: ipf4.1.10, pfil2.1.7 on SPARC Solaris 9.
Tunnel interface is as below:
ip.tun5: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> mtu
1480 index 8
inet tunnel src 172.16.47.254 tunnel dst 172.16.32.5
tunnel security settings esp (aes-cbc/<any-none>)
tunnel hop limit 60
inet 1.1.1.1 --> 2.2.2.1 netmask fffffffc
Rules:
pass in quick on ip.tun5 proto icmp from 2.2.2.1/32 to 1.1.1.1/32
icmp-type echo keep state
block in log all
----------------------------------
After pushing pfil module into ip.tun5, the first rule works well. Ping
traffic is allowed from 2.2.2.1 to 1.1.1.1.
But after I executed "ifconfig ip.tun5 modlist" or "ifconfig -a"
command, Ping traffic will get down about 20 seconds, then recovers.
And I checked the syslog (syslog was configured before), it's not
blocked by the second rule.
Does anyone have the similar problem or know the reason?
Any suggestions are welcome.
Thanks,
|