ci0 uhci1]
>
>
> It there a known workaround?
>
> Details:
> Machine : i386
> OS : FreeBSD 11.2-RELEASE-p10
> Command : ipfw set disable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 enable 16
> 17 18 19 20 21 22 23 24 25 26 27 28 29
>
Can't speak to this spec
.)
ipfw -f set 1 flush
ipfw set 1 disable
... all your normal rules, prepended by "set 1"
ipfw set enable 1
ipfw set swap 1 0
ipfw set disable 1
ipfw -f set 1 flush
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
rule (what goes after the interface). You can do just about
anything within that section, including a lot of what could be done in the
"protocol" and "source address" and "destination address" sections.
--
Freddie Cash
fjwc...@gmail.com
d allow tcp from any to $PRV_NET out xmit $IIF
# Block the rest
ipfw add deny log ip from any to any in recv $EIF
ipfw add deny log ip from any to any in recv $IIF
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
htt
On Thu, May 4, 2017 at 9:22 AM, Karl Denninger wrote:
> Consider the following network configuration.
>
>
> Internet --- Gateway/Firewall -- Inside network (including a
> web host)
> 70.16.10.1/28 192.168.0.0/24
>
> The address of the outside is
any /boot/loader.conf or /etc/sysctl.conf entries to see if
my optimisations are actually pessimisations.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe
public IPs only). Optimisation work is just now beginning.
:)
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr
allows you to load updated rules
without disconnecting anyone or dropping any packets:
disable set 1
load rules into set 1
enable set 1
swap set 1 0
disable set 1
I understand how everything works a little bit better now. Thanks for all
the help and pointers and discussion.
--
Freddie
On Sep 14, 2014 3:37 AM, Willem Jan Withagen w...@digiware.nl wrote:
On 13-9-2014 21:51, Freddie Cash wrote:
You can replicate it using 3 rules, loaded into two sets:
ipfw set disable 1
ipfw add allow ip from any to any
ipfw add 65524 allow ip from any to any
ipfw add allow ip from
You can replicate it using 3 rules, loaded into two sets:
ipfw set disable 1
ipfw add allow ip from any to any
ipfw add 65524 allow ip from any to any
ipfw add allow ip from any to any
ipfw set swap 1 0
Run that two or 3 times. Every rule will be numbered 65534 after the 2nd or
3rd run.
I
in recv igb0
Then swap the rules at the end using:
ipfw set swap 1 0
Is there anything I could be doing differently to get the numbering to work
the way I expect it to? Or am I going to have to manually number every
rule in my scripts?
--
Freddie Cash
fjwc...@gmail.com
Forgot to mention, this is 64-bit FreeBSD 10.0-RELEASE-p7, using Intel
i350-T4 (igb) NICs.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail
want to use dummynet(4).
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
the difference between:
ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
src-ip $table_number
ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in
recv $if_wan
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw
the packet to it.
Interesting. This would cleanup the syntax of my rules-creation scripts
and make it easier to manually type rules at the CLI.
Anyone feel like updating the man page to make the syntax easier to
understand, and to provide some usage examples? ;)
--
Freddie Cash
fjwc...@gmail.com
like FTP connections.
It's a much smaller range.
There's also FTP NAT tracking modules for IPFW, but I've never
personally used any of them.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman
set hard limits on the bandwidth.
And queues provide minimum guarantees for bandwidth inside of that pipe.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe
the
problem, or will the problem still be there?
Also, I know this a volunteer effort so I have no right to be pushy, but is
there any ETR on this so that I can start tracking RELENG_8 again?
Use RELENG_8_0. That's the security branch for 8.0-RELEASE.
--
Freddie Cash
fjwc...@gmail.com
.
IOW, nothing to worry about unless you have plans to upgrade to 8-STABLE.
:)
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw
version.
me4 should be any IPv4 address configured on any interface.
me6 should be any IPv6 address configured on any interface.
Having just me and me6 is inconsistent and illogical, Jim. ;)
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org
will forward the requests to, and receive the responses
from.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr
?
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Okay, so my understanding was (mostly) correct. Thanks for the extra info.
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw
this. :)
Thanks again, Luigi!!
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
different is the
incoming interface has been a pain ...
Thanks for the info!!
--
Freddie Cash
fjwc...@gmail.com
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to freebsd
On Thu, May 21, 2009 at 9:41 AM, Steve Bertrand st...@ibctech.ca wrote:
Freddie Cash wrote:
On Thu, May 21, 2009 at 8:01 AM, Luigi Rizzo ri...@iet.unipi.it wrote:
On Thu, May 21, 2009 at 04:20:48PM +0200, Ermal Lu?i wrote:
can ipfw use somehow interface groups as pf(4) can?
From a quick
On March 4, 2009 1:14 pm Luigi Rizzo wrote:
On Wed, Mar 04, 2009 at 10:05:53PM +0100, Sebastian Mellmann wrote:
On Wed, Mar 04, 2009 at 08:17:05PM +0100, Sebastian Mellmann wrote:
the delay that a packet experiences corresponds to len/bandwidth,
often rounded up to the next clock tick
restricting your rules to only the vr1 interfaces, with
public IP configured directly on vr1:
divert natd ip from 192.168.1.0/24 to any out xmit vr1
divert natd ip from any to public IP in recv vr1
--
Freddie Cash
[EMAIL PROTECTED]
___
freebsd-ipfw
troubleshooting connection issues, the rules could be reloaded several
times over 10 minutes. We've moved away from adding rules dynamically,
preferring to add rules to the script and reload them all. Keeps the
rules in memory in sync with the rules on disk.
Otherwise, no. :)
--
Freddie Cash
29 matches
Mail list logo