you agree that the PR can be closed?
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Hi,
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
If that's the case, then there is a small bug:
# ipfw add 100 allow ip
Luigi Rizzo wrote:
On Mon, Mar 15, 2010 at 07:57:24PM +0100, Oliver Fromme wrote:
Do you think this could be merged to stable/8 and stable/7?
it's a trivial change to the userland program so whoever wants
to do the merge is welcome. I should be able to merge to stable/8
perhaps next
Luigi Rizzo wrote:
On Tue, Mar 09, 2010 at 03:36:15PM +0100, Oliver Fromme wrote:
Just a question: Is the output from ipfw list supposed
to be in the same rule format that is accepted as input?
it is not, partly due to backward compatibility.
I see.
If you try ipfw -c show
the output from ipfw list should be valid rule
format that could be fed back as input to ipfw(8).
In fact that's exactly what I need to do in a script that
I've written recently, and the dst-ip problem bit me.
I had to work around it with sed(1).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH
Dmitriy Demidov wrote:
Oliver Fromme wrote:
I'm just curious ... Is it really worth the effort to add
fragment reassembly to IPFW? What advantage does it have?
It would be much easier to simply pass all fragments with
offset 1, and drop all fragments with offset 0
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
, which runs
at 1000 Hz by default, so the delays are rounded to 1 ms.
For example, transferring a 1 KB data packet (that's about
10 kbits including headers of the various protocols) will
take about 1 ms on a 10 Mbit link, and 0.1 ms on 100 Mbit.
Voila.
Best regards
Oliver
--
Oliver Fromme
have an explicit check-state rule, then there's
an implicit check-state rule at the first keep-state.
If you don't want any check-state at all, you musr remove
all stateful rules (i.e. all keep-state rules).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567
for any insights.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer
(divert, bpf, pfil, netgraph), which are much better
suited for that job.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal
crashes. (Although -- hopefully -- the crash case
should be rather unlikely.)
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal
Ganbold [EMAIL PROTECTED] wrote:
Oliver Fromme wrote:
[...]
For changing (and testing) rules, there's an even more
elegant (and non-[qddisruptive) solution, see:
/usr/share/examples/ipfw/change_rules.sh
If you want to restart ipfw you can try:
/etc/rc.d/ipfw restart
to the IPFW rule sets. If everyting went well and
you didn't get disconnected, use atrm(1) to remove the at
job.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed
Achim Patzner [EMAIL PROTECTED] wrote:
Oliver Fromme wrote:
No. Performing a reboot is a rather bad idea.
Actually _loading kernel modules you haven't been using before_
Lots of people have been using it before. (Personally I
prefer to compile it statically in the kernel, though
'net.inet.ip.fw.enable'
Do you have IPFW code in your kernel? (Either statically
compiled via kernel config, or dynamically loaded as KLD)
If you don't, then it doesn't work, of course.
Try loading the IPFW KLD (kldload ipfw).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG
? That's
not possible when using different ISPs for your uplinks
(even with the same ISP it's difficult).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed
above, so I won't repeat it.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
A language that doesn't have
appreciate your assistance!
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH Co KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
I suggested holding a Python Object Oriented
AT Matik [EMAIL PROTECTED] wrote:
On Wednesday 03 August 2005 06:19, Oliver Fromme wrote:
out and xmit is probably exactly the same
No, it's not. out just says that this rule matches only
outgoing packets. It doesn't specify anything about inter-
faces or addresses
20 matches
Mail list logo
