hpath of
your build. Doing the safe: "buildworld, buildkernel"-thing should ensure
that.
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpDcGTh1x26C.pgp
Description: PGP signature
. Be sure to have kernel and userland in
sync!
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and
On Thursday 26 May 2005 13:21, Richard Tector wrote:
> Max Laier wrote:
> >With the patch attached you can now do:
> >
> > ipfw add 100 deny ipv4 from any to any
> >or
> > ipfw add 100 deny ipv6 from any to any
> >
> >to block IPv4 or IPv6.
>
&g
Updated patch attached, please see below for details.
I plan to commit this very soon now, so please test and scream *now* if
anything breaks!
On Wednesday 25 May 2005 16:34, Max Laier wrote:
> All,
>
> with the recent merge of IPv6 functionality into ipfw2, ip6fw is obsolete.
> A
All,
if you are relying on IPFW2's new IPv6 capabilities as your IPv6 packet
filter, it's time to update. The commit below fixes a problem with in the
code that would match random IPv6 packets to IPv4 rules.
--
/"\ Best regards, | [EMAIL PROTECTED]
ebspace:
> http://butcher.heavennet.ru/
> 4. Patch doesn't breaks ipfw ABI (today) , because adds new options at the
> end of list. If you apply this patch in a month or so, I cannot guarantee
> success.
> 5. Please test, and send me your feedbacks.
>
>
> I 'll be ha
SMP/PREEMPTION and no solution seems
to be worked on.
2) It's undermaintained (IMO)
3) It doesn't provide any benefit over PF
http://www.openbsd.org/faq/pf/index.html is a really good guide to get started
with PF, btw.
IMHO PF is the best firewall system available f
ia divert or bpf) or you could just do
an idependent pfil(9) consumer module, finally there is netgraph.
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \
st regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
___
freebsd-ipfw@f
Synopsis: [ipfw] ipfw stateful firewalling broken with IPv6
Responsible-Changed-From-To: freebsd-ipfw->mlaier
Responsible-Changed-By: mlaier
Responsible-Changed-When: Sat May 13 15:48:14 UTC 2006
Responsible-Changed-Why:
I'll look at this.
http://www.freebsd.org/cgi/query-pr.cgi?pr=88664
___
Synopsis: [patch] ipfw(8) sometimes treat ipv6 input as ipv4
Responsible-Changed-From-To: freebsd-ipfw->mlaier
Responsible-Changed-By: mlaier
Responsible-Changed-When: Sat May 13 15:50:52 UTC 2006
Responsible-Changed-Why:
I'll take care of this.
http://www.freebsd.org/cgi/query-pr.cgi?pr=91245
_
Everybody with IPv6 please take a look at the patches in the PR and report
back whether or not they fix things.
> http://www.freebsd.org/cgi/query-pr.cgi?pr=88664
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
Synopsis: [ipfw] [patch] ipfw does not display dynamic IPv6 rules
Responsible-Changed-From-To: freebsd-ipfw->mlaier
Responsible-Changed-By: mlaier
Responsible-Changed-When: Fri Jun 2 03:58:35 UTC 2006
Responsible-Changed-Why:
I'll take care of this as part of the ip6fw removal crusade.
http://ww
On Tuesday 30 May 2006 20:53, regisr wrote:
> ... could you apply it on the 6 branch?
done.
> Thanks
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
On Friday 02 June 2006 07:17, Max Laier wrote:
> mlaier 2006-06-02 05:17:17 UTC
>
> FreeBSD src repository
>
> Modified files:
> sbin/ipfwipfw2.c
> Log:
> Print dynamic rules for IPv6 as well.
>
> PR: bin/98349
> Sub
On Friday 02 June 2006 11:29, Luigi Rizzo wrote:
> On Fri, Jun 02, 2006 at 07:25:47AM +0200, Max Laier wrote:
> > On Friday 02 June 2006 07:17, Max Laier wrote:
> > > mlaier 2006-06-02 05:17:17 UTC
> > >
> > > FreeBSD src repository
> > >
coming DHCP for external network address assignment.
> > $cmd 450 allow udp from any to any 68 in via $oif keep-state
> >
> > # Allow incoming SSH to this machine
> > $cmd 455 allow tcp from any to me 22 in via $oif setup keep-state
> >
> > # Allow incoming ICMP
> > $cmd 460 allow icmp from any to any icmptypes 0,3,11,12 in via $oif
> >
> > $cmd 999 deny log ip from any to any
> >
> > # NAT rule for outgoing traffic.
> > $cmd 1000 divert natd ip from any to any out via $oif
> > $cmd 1005 allow ip from any to any
> >
> > Thanks for any insight,
> >
> > -James
>
> ___
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpVjf5qIsDAF.pgp
Description: PGP signature
EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
Index: ip_fw2.c
===
RCS file: /usr/store/
On Wednesday 06 December 2006 01:17, Luigi Rizzo wrote:
> On Tue, Dec 05, 2006 at 08:10:30PM +0100, Max Laier wrote:
> > Hi,
> >
> > with a lot of help from David Malone and JINMEI Tatuya we came up
> > with the following hash function for IPv6 connections using u
Synopsis: [ipfw] [patch] input string parsing mistake
Responsible-Changed-From-To: freebsd-ipfw->mlaier
Responsible-Changed-By: mlaier
Responsible-Changed-When: Sat Jan 6 18:53:01 UTC 2007
Responsible-Changed-Why:
I'll take it.
http://www.freebsd.org/cgi/query-pr.cgi?pr=107565
__
ote that pf - due to it's stateful design - does
a "check state" first for every packet. This gives a big mallus in this
test special test.
> I know that the setup time is expensive, but i am not sure that
> one can save much - in both cases, you need to fetching a lot
ossibly I would not need a rule list number if the ipfw program
> would automatically write to the existing set if there is no new
> (or duplicate) rule list, but would manipulate the 'growing' list
> if it exists. (that way keeping the new behaviour as a superset
Look in the ipfw man pages for the 'fwd' command for ipfw.
> For pf there is another command, the name of which I forget right now.
"route-to" see the "ROUTING" section of the pf.conf(5) man page.
--
/"\ Best regards, | [EMAIL
ful filtering). I remember seeing a
mail with similar topic just recently, but can't recall on which list or
from whom.
I don't see a PR for this - could you please create one so it's not
forgotten about?
--
/"\ Best regards, | [EMAIL P
34. I'll add this patch to the trail as soon as I
had a chance to give it a try.
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
/ \ ASCII Ribbon Camp
The following reply was made to PR kern/117234; it has been noted by GNATS.
From: Max Laier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED],
[EMAIL PROTECTED]
Cc:
Subject: Re: kern/117234: ipfw send_pkt() and ipfw_tick() don't seem to support
IPV6
Date: Thu, 25 Oct 2007 21:19:01 +0200
> neccessary to add it myself ;) )?
In FreeBSD 7 and above all three firewall packages included with FreeBSD
understand both IPv4 and IPv6. Read the ipfw(8) man page for details on how
to setup IPv6 rules.
--
/"\ Best regards, | [EMAIL PROTECTED]
\ / Max Laier
On Tuesday 05 August 2008 16:42:25 Max Laier wrote:
> On Tuesday 05 August 2008 16:33:04 Matt Dawson wrote:
> > Just a quick question: What would it take to have similar functionality
> > to the IPv4 tables in ipfw for v6? Is there a specific reason it isn't
> > there (
e wrong mailing list. The file format might be different. Try
exporting an ascii armored version on i386 and importing it on amd64.
--
/"\ Best regards, | mla...@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.
is aware of the rc.conf variables and adjusts
accordingly (e.g. opening access to sshd iff it is configured). In
addition there might be *one or two* configuration variables for the early
stage to open additional ports or to select a default interface. However,
the fewer the better.
Input gre
On Thursday 17 December 2009 08:20:47 David Horn wrote:
> Hajimu --
>
> Thanks for working on rc.firewall, as the old scenario of dualing
> rc.firewall/rc.firewall6 was not easily used in the default configurations
> when running dual stack. The new rc.firewall has some very decent sane
> default
31 matches
Mail list logo
