Re: Future of pf / firewall in FreeBSD ? - does it have one ?

2014-07-28 Thread Darren Reed
On 27/07/2014 4:43 AM, Cy Schubert wrote: In message 53d395e4.1070...@fastmail.net, Darren Reed writes: On 24/07/2014 1:42 AM, Cy Schubert wrote: But, lack of ipv6 fragment processing still causes ongoing pain. That'= s our=20 #1 wish list item for the cluster. Taking this discussion

local_unbound: since update sporadic hangs in connections

2014-07-28 Thread O. Hartmann
Since local_unbound update and the suggested update procedure as requested with TAG 20140719 the connection to the net hangs (DNS resolving). This is very often with the freebsd.org domain the case, while domestic domains rarely show this strange behaviour. The problem occurs on ALL CURRENT

net/openldap24-server: lstat(/usr/ports/net/openldap24-server/work/stage/usr/local/libexec/openldap/smbk5pwd.so.0.0.0):

2014-07-28 Thread O. Hartmann
Updating of port net/openldap24-server fails grandios with the following error: === Installing for openldap-sasl-server-2.4.39_2 === Registering installation for openldap-sasl-server-2.4.39_2 pkg-static:

Re: local_unbound: since update sporadic hangs in connections

2014-07-28 Thread Peter Wemm
Are you using pf and IPv6 by any chance? Since you mentioned the FreeBSD.org domain, DNSSEC and IPv6 triggers fragments. Just a thought. -- Peter Wemm. pe...@wemm.org On 28 Jul 2014, at 6:50 am, O. Hartmann ohart...@zedat.fu-berlin.de wrote: Since local_unbound update and the

Re: local_unbound: since update sporadic hangs in connections

2014-07-28 Thread O. Hartmann
Am Mon, 28 Jul 2014 10:19:50 -0700 Peter Wemm pe...@wemm.org schrieb: Are you using pf and IPv6 by any chance? Since you mentioned the FreeBSD.org domain, DNSSEC and IPv6 triggers fragments. Just a thought. -- Peter Wemm. pe...@wemm.org On 28 Jul 2014, at 6:50 am, O. Hartmann

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

2014-07-28 Thread Kevin Oberman
On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed darr...@freebsd.org wrote: On 27/07/2014 4:43 AM, Cy Schubert wrote: In message 53d395e4.1070...@fastmail.net, Darren Reed writes: On 24/07/2014 1:42 AM, Cy Schubert wrote: But, lack of ipv6 fragment processing still causes ongoing pain.

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

2014-07-28 Thread Mark Martinec
On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed darr...@freebsd.org wrote: [...] IPFilter 5 does IPv6 NAT. With the import of 5.1.2, map, rdr and rewrite rules will all work with IPv6 addresses. NAT66 is a specific implementation of IPv6 NAT behaviour. 2014-07-29 00:07 Kevin Oberman wrote:

Re: Future of pf / firewall in FreeBSD ? - does it have one ?

2014-07-28 Thread Kevin Oberman
On Mon, Jul 28, 2014 at 4:21 PM, Mark Martinec mark.martinec+free...@ijs.si wrote: On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed darr...@freebsd.org wrote: [...] IPFilter 5 does IPv6 NAT. With the import of 5.1.2, map, rdr and rewrite rules will all work with IPv6 addresses. NAT66 is a