> On 27 May 2020, at 14:38, Donald Mickunas wrote:
>
> Thanks, Doug.
>
> Here are the results after running pkg update once.
>
> $ sudo tcpdump -n -e -ttt -r /var/log/pflog
> Password:
> reading from file /var/log/pflog, link-type PFLOG (OpenBSD pflog file)
> 00:00:00.00 rule 7/0(match): pa
> On 27 May 2020, at 14:16, Donald Mickunas wrote:
>
> Thank you for you suggestion, Cristian.
>
> I have implemented your suggestion with unexpected results. Note: I did
> reboot the system after I changed rc.conf.
>
> $ cat /etc/pf.conf
> set skip on lo0
> block all
> pass in proto tcp to p
You are missing the filtering commands to tell pf which traffic goes in which
queue. Here is an example using bandwidth queues that I used to use. They are
all commented out now since I don't need them anymore, but kept them around
just in case. This configuration restricted the bandwidth for
> On 6 October 2017, at 22:51, Dave Horsfall wrote:
>
> On Thu, 5 Oct 2017, Dave Horsfall wrote:
>
>>> is anything added to the table (pfctl -t woodpeckers -T show)
>>
>> I have lots of them because I've been adding them by hand, but this time
>> I'll hold back and observe, just to be sure.
>
I believe you need to change the "from any port smtp" in the pass line to "to
any port smtp". Otherwise pf is looking for packets originating on port 25 and
most mailers use a much larger port for sending mail. You want to look for the
destination port 25.
-- Doug
> On Sep 1, 2017, at 23:24,
> On 17 March 2015, at 10:14, Dave Horsfall wrote:
>
> FreeBSD 9.3-RELEASE-p5 (GENERIC) #0: Mon Nov 3 22:02:57 UTC 2014
>
> fxp0: (on board)
>
> I'm having trouble with getting rate limiting to work i.e. so many
> connections from the same source in so many seconds (what we in the
> anti-s
Oops. Sent to wrong list by mistake.
> On 27 November 2014, at 09:27, Dave Horsfall wrote:
>
> I'm having difficulty in understanding just what this has to do with PF...
> Or is every FreeBSD list getting spammed?
>
> --
> Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD serv
I have a most interesting situation that just manifested itself this morning in
a way I could begin to diagnose. The system runs 8.2-P3 and has no users, just
one process that runs 24x7. Its been running since 8.2 was first released.
Every now and then the process becomes non-responsive. Tod
Do the rules show after that? I’ve never seen that last line before. I
suspect it indicates an error of some sort.
> On 3 November 2014, at 14:30, Dave Horsfall wrote:
>
> On Mon, 3 Nov 2014, Doug Hardie wrote:
>
>> What happens when you run: pfctl -f /etc/pf.conf
>
> On 3 November 2014, at 02:40, Dave Horsfall wrote:
>
> On Mon, 3 Nov 2014, Ermal Luçi wrote:
>
>> - Full ruleset if you can disclose
>
> As attached - no secrets in it. It's somewhat loose because it's behind
> another firewall (the ADSL modem) that just lets SMTP/HTTP/SSH-secret-port
> t
On 10 May 2014, at 20:33, Adam McDougall wrote:
> On Sat, May 10, 2014 at 02:34:18PM -0700, Doug Hardie wrote:
>
> 10 succeeding connections that were passed through to the port.
> These were logged by the process listening on that port.
>
> Are you certain those log eve
e rule that caused this problem?
>
> Brandon Vincent
>
>
> On Sat, May 10, 2014 at 2:34 PM, Doug Hardie wrote:
> I have a pf rule (FreeBSD 9.2) that uses a table to block access from
> specific networks. This morning I found the following situation:
>
> 12 attempts f
I have a pf rule (FreeBSD 9.2) that uses a table to block access from specific
networks. This morning I found the following situation:
12 attempts from an address in one of the blocked network to access the server.
All were blocked and marked as such with the proper rule number in pflog.
10 s
That is a very helpful diagram. There are two aspects that I don't see
directly addressed.
1. For packets ultimately delivered to processes on the system pf is running
on, I suspect they get to the Kernel Processing box and then are directly
delivered to the receiving process. The out phase
On 12 March 2012, at 16:43, Doug Sampson wrote:
>>> I'm now getting back to this issue after being diverted to other
>> projects. Spam has been noticed by our staff and they're not happy. :)
>>>
>>> Here's what the tcp dump show:
>>>
>>> mailfilter-root@~# tcpdump -nei pflog0 port 8025
>>> tcpd
On 10 March 2012, at 13:34, Doug Sampson wrote:
>> On 2/15/12 2:22 AM, Doug Sampson wrote:
>>> I got bitten by PF when upgrading from 8.2 to 9.0. It refused to allow
>>> any incoming mail. I'm using spamd in conjunction with pf. I use a
>>> combination of natting along with redirections in conjun
On 26 November 2011, at 18:05, Gholam Mostafa Faridi wrote:
> we had Leased line before and we had 27 static IPs before , but our ISP do
> not support is very well , and we change our ISP and we buy ADSL connection
> with 10 static IPs , my NAT Server is OpenBSD 5 , and I will change it
> Free
I have a situation where one of the web servers needs to have its output
throttled. I have pf with ALTQ CBQ running. The pf.conf file contains:
altq on $ext_if cbq bandwidth 100% queue {normal, web}
queue normal bandwidth 99% cbq(default)
queue web bandwidth 10Kb cbq
pass out l
On 11 July 2010, at 23:52, Daniel Hartmeier wrote:
> On Sun, Jul 11, 2010 at 11:20:42PM -0700, Doug Hardie wrote:
>
>> I am trying to understand what pf is trying to tell me. Its generating
>> those messages for a reason. The volume of them depends on how many rules
>&
I am trying to understand what pf is trying to tell me. Its generating those
messages for a reason. The volume of them depends on how many rules have log
in them and how often they are invoked.
On 11 July 2010, at 23:12, Remko Lodder wrote:
>
>
>>> I believe I used pfctl -x m although it
On 11 July 2010, at 02:17, Remko Lodder wrote:
>
> On Jul 11, 2010, at 7:34 AM, Doug Hardie wrote:
>
>> I have not been able to find any real information on the contents of the
>> logs. My logs show a number of interesting entries that I just can't find
>>
I have not been able to find any real information on the contents of the logs.
My logs show a number of interesting entries that I just can't find any
information to explain. For example:
loose state match
BAD ICMP 11:0
state reuse
State failure on: 2 3 | 6
State failure on: 1
22 matches
Mail list logo
