Re: Unable to upload to S3 when pf is activated
"murdoch" == murdoch john writes: murdoch> Thanks you so much. I spent hours tracking this down. Welcome to the club :-) -- All the best, Berend de Boer pgpxPe8nnIfBD.pgp Description: OpenPGP Digital Signature
Re: Future of pf in FreeBSD ? - does it have one ?
>>>>> "Kristian" == Kristian K Nielsen writes: Kristian> Hi all, I am a happy user of the pf-firewall module and Kristian> have been for years and think it is really great but Kristian> lately its getting a bit dusty. Fully agree. Worked great in FreeBSD 8, since then I've had a hard time. Although I got a kernel crash fixed, so there are people doing some work. I also would like to know if I should switch back to ipfw. -- All the best, Berend de Boer pgpsDUEfSy8KW.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
>>>>> "Gleb" == Gleb Smirnoff writes: B> Have been running this without the rule change, to see if it B> doesn't introduce any adverse effects. So far so good. When I'm B> back from holiday (this Saturday), I'll enable the bad keyword. Gleb> Good! Waiting for your feedback. Thanks! Hi Glebius, No problems so far, have been running this for a few days. Please commit! -- All the best, Berend de Boer pgp04_gHjzOV8.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
>>>>> "Gleb" == Gleb Smirnoff writes: Gleb> Can you please try attached patch? I hope it'll fix the Gleb> panic. Have been running this without the rule change, to see if it doesn't introduce any adverse effects. So far so good. When I'm back from holiday (this Saturday), I'll enable the bad keyword. Gleb> No idea on how good will your rule work, however. I have no idea either! A bit harder to test, the goal was to make games/voip udp work a bit better without having to allocate ports. I think I could just write: nat on egress from any to any -> (egress) round-robin sticky-address instead of what I have now: nat pass on egress proto udp from any port $voip_ports to any -> (egress) static-port nat pass on egress from any to any -> (egress) sticky-address -- All the best, Berend de Boer pgpKtvmdA5uZp.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
>>>>> "Gleb" == Gleb Smirnoff writes: Gleb> Can you share a vmcore from paniced FreeBSD 10 system and Gleb> kernel binary? My kernel config attached, freshly compiled from 10-STABLE, svn revision 260055. BMACH Description: Binary data The kernel + vmcore are at http://www.berenddeboer.net/tmp/ -- All the best, Berend de Boer ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: Network severely unstable 10.0-PRERELEASE
>>>>> "Gleb" == Gleb Smirnoff writes: Gleb> Can you share a vmcore from paniced FreeBSD 10 system and Gleb> kernel binary? Yes, what kernel options do I need to compile in to get you this? -- All the best, Berend de Boer pgpSf32MU4UVc.pgp Description: OpenPGP Digital Signature
Re: Network severely unstable 10.0-PRERELEASE
>>>>> "Gleb" == Gleb Smirnoff writes: Gleb> Does the system panic the same way as described in Gleb> misc/182141) on 10.0? Indeed, no change. Purely a kernel issue. Repeatable since FreeBSD 9.x, across 10.x, across 32-bit and 64-bit. There's a related issue: http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/182557 Let me know if you need anything else from me. I've just grabbed the latest FreeBSD 10 sources, and recompiling now. Next Monday I'm able to enable the bug triggering keyword again (not now, all the family is here and wants a stable network :-) ). -- All the best, Berend de Boer pgpTT6u1uWLXZ.pgp Description: OpenPGP Digital Signature
Network severely unstable 10.0-PRERELEASE
Hi All, pf has not worked well for me after version 8. Certain rules crash the kernel (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding these rules gave me something that at least kept the system alive on a 10-CURRENT. But since the RC versions my system stays up for only a few days, before I need a reboot as network connectivity gets reset. It's the modem (pppoe), every few minutes all tcp (?) connections get dropped somehow. A reboot fixes it for a week or so. I have no clue how to debug this. But I'm getting pretty scared of pf, and going back to ipfw might seem best. What are people's thoughts on pf in FreeBSD, does it have a future? Are there people working on pf? Should I simply forget about it, and go back to ipfw? -- All the best, Berend de Boer pgpvyg0FPu0g2.pgp Description: OpenPGP Digital Signature
