On Mon, Apr 1, 2019 at 2:06 PM Rodney W. Grimes <
freebsd-...@gndrsh.dnsmgr.net> wrote:
> > On 1 Apr 2019, at 18:47, Rodney W. Grimes wrote:
> > > I know for a fact that there is desire, with financials avaliable,
> > > to get our code updated. I do not think there is any specific
> > > criteria
On Mon, Apr 1, 2019 at 9:47 AM Rodney W. Grimes <
freebsd-...@gndrsh.dnsmgr.net> wrote:
> > On 1 Apr 2019, at 15:48, Rodney W. Grimes wrote:
> > > [ Charset UTF-8 unsupported, converting... ]
> > >> On 01.04.2019 16:30, Rodney W. Grimes wrote:
> > >> It seems it is too late:
> > >>https://marc
(sorry for the top post)
If you really want to spend time on it, the best option is to pull out the
pool concept used by the rules/nat... and manage it outside of the
rules/states but in its own module referenced by the former ones.
This would allow extensibility and propper reasoning about it.
On Thu, Mar 1, 2018 at 9:43 AM, Joe Jones
wrote:
> Hi Kristo,
>
> It's just the master that crashed, the backup can take over.
>
> We think the panic we got by compiling with witness and invariant may be a
> red herring.
>
> We are now looking rules like
>
> nat on $isp_if from to any -> sticky
On Fri, Mar 18, 2016 at 5:38 PM, David S. wrote:
> Dear All,
>
> This is my first post, my name is David and I'm currently developing
> FreeBSD as a BGP router and traffic shaper for my network.
>
> I already setup PF + ALTQ and working great, the bandwidth speed is match
> with my queue rule but
On Wed, Aug 26, 2015 at 4:09 PM, Kolontai Andrej <
andrej.kolon...@verwaltung.uni-muenchen.de> wrote:
> >1.5k rules seems like a lot for PF to handle.
> >
> >Is that 1.5k rules you've written in the conf, or 1.5k rules from `pfctl
> -sr | wc -l' ?
>
> Yes, that's what is in the conf files. The lat
On Wed, Aug 26, 2015 at 1:43 PM, Kristof Provost wrote:
> On 2015-08-25 19:56:59 (+0200), Ermal Luçi wrote:
> > On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
> >
> > >I'm inclined to say that ifgroups and interfaces should share a
> > >n
On Sun, Aug 23, 2015 at 5:09 PM, Kristof Provost wrote:
> Hi,
>
> Some of you may have noticed that I fixed a couple of pf issues (or in
> some cases broke things. Sorry Allan.) recently.
>
> Here's a quick list of my current priorities:
>
> - PR 127042, 202178:
>This is a panic when an inte
eri added a reviewer: eri.
REVISION DETAIL
https://reviews.freebsd.org/D1944
EMAIL PREFERENCES
https://reviews.freebsd.org/settings/panel/emailpreferences/
To: nvass-gmx.com, bz, trociny, kristof, gnn, zec, rodrigc, glebius, eri
Cc: farrokhi, julian, robak, freebsd-virtualization-list, freeb
On Tue, Jun 23, 2015 at 10:12 AM, Milan Obuch wrote:
> On Tue, 23 Jun 2015 09:49:57 +0200
> Ian FREISLICH wrote:
>
> > Milan Obuch wrote:
> > > As a first step, I did small upgrade, so now I run FreeBSD
> > > 9.3-STABLE #0 r284695: Mon Jun 22 08:55:29 CEST 2015.
> > >
> > > I still see the issue
On Fri, Jun 12, 2015 at 11:43 AM, Kristof Provost wrote:
> Hi all,
>
> I've recently been looking at bug 200330. I broke things while adding
> the reassembly support for ipv6 to pf.
>
> Those issues should be fixed now, but having looked at the fragment
> crop/drop-ovl code, I'm starting to think
Hello Ilya,
just approval from some people.
I will follow-up.
On Fri, Nov 14, 2014 at 1:34 PM, Ilya Bakulin wrote:
> Hi Ermal,
> yes, this patch works for both #179392 and #172648.
>
> What do you need to merge this into -CURRENT and MFC to stable/9?
>
>
> On 2014-11-14 12
ting for Ermal to send an updated version of his patch that may
> really solve the problem!
>
>
> On 2014-11-14 09:17, Ermal Luçi wrote:
>
>> Yes confirmed it will solve that issue as well.
>>
>> On Thu, Nov 13, 2014 at 9:30 PM, J David wrote:
>>
>>
Yes confirmed it will solve that issue as well.
On Thu, Nov 13, 2014 at 9:30 PM, J David wrote:
> On Wed, Nov 5, 2014 at 9:28 AM, Ilya Bakulin wrote:
> > Of course it was interesting what does the upstream PF do (@ OpenBSD).
> Seems
> > they have made the decision to
> > leave the task of recal
Give this patch inline a try:
--- a/patches/releng/10.1/pf_reply-to.enahnce.diff
+++ b/patches/releng/10.1/pf_reply-to.enahnce.diff
@@ -1,8 +1,33 @@
+diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c
+index 837b617..b6c37a9 100644
+--- a/sys/netinet6/ip6_output.c
b/sys/netine
On Mon, Nov 3, 2014 at 10:13 AM, Dave Horsfall wrote:
> On Mon, 3 Nov 2014, Ermal Luçi wrote:
>
> > Probably you forgot to clear the states!
>
> I was under the impression that "state" applied to "keep state" i.e.
> outgoing connections.
>
> Noneth
Probably you forgot to clear the states!
On Mon, Nov 3, 2014 at 4:54 AM, Dave Horsfall wrote:
> FreeBSD 8.2-RELEASE-p3 binary (yeah, I need to update, but my DVD reader
> is busted).
>
> After seeing an obnoxious spammer on 216.66.15.120 (it doesn't take "550
> 5.7.1" as a hint), I thought this
Probably is better you ask this on freebsd-pf@.
Though this sounds like state limit reached.
On Mon, Sep 29, 2014 at 7:32 PM, Andrea Venturoli wrote:
> Hello.
>
> Today a box of mine (8.4p16/amd64) stopped working as a router; I don't
> have a clear picture, but the internal nets were working p
Hello Curtis,
On Fri, Sep 19, 2014 at 2:26 AM, Curtis Villamizar
wrote:
> Hi,
>
> NAT46 and NAT64 require af-to or equivalent.
>
> This may be naive on my part but it doesn't seem like it would be a
> lot of trouble to add af-to to the existing pf.
>
> That said, I am aware of the discussion of
On Wed, Jul 9, 2014 at 2:42 PM, Mark Martinec
wrote:
> On 2014-07-09 0:32, Kristian K. Nielsen wrote:
>
>> f) IPv6 support?- it seem to be more and more challenged in the current
>> version of pf in FreeBSD and I am (as well as others) introducing more
>> and more IPv6 in networks.
>> E.x. Bugs #
On Sat, Dec 28, 2013 at 9:39 AM, Rui Paulo wrote:
> Hi,
>
> I found two problems with pf where fragmented packets behind a NAT don't
> get properly transmitted/translated. This affects things like the PS3, PS
> Vita and probably other consoles.
>
> The first problem is when I send a fragmented I
Hello,
just use the ipsec-tools port from here
https://github.com/pfsense/pfsense-tools/tree/master/pfPorts/ipsec-tools-0.8.1
.
You need to specify the sainfo with original subnet in braces the natted
subnet and the remote subnet.
Than enter spd policies related to local network and remote for o
Hello,
can you specify what does not fit on the current interface from pfctl?
-k and -K have different scopes.
You already can specify src/dst today through them.
The only not possible thing is specifying ports/id for protocols that
support them tcp/udp/icmp,
mostly because the switch/parsing of
On Fri, Nov 29, 2013 at 2:53 PM, Ian FREISLICH wrote:
> =?ISO-8859-1?Q?Ermal_Lu=E7i?= wrote:
> > On Fri, Nov 29, 2013 at 1:28 PM, Ian FREISLICH wrote:
> > > At some point this stopped working. I was able to use traceroute -I
> > > This rule let the echo request out and the resulting TTL exceede
On Fri, Nov 29, 2013 at 1:28 PM, Ian FREISLICH wrote:
> Hi
>
> At some point this stopped working. I was able to use traceroute -I
> This rule let the echo request out and the resulting TTL exceeded
> was matched and allowed back in.
>
>
Which freeBSD version you are testing this?
Normally it s
Hello,
i made the corrections to the patch to make it more readble.
Can some other eyes give a look and say if that have anything against it.
Patch is at same location.
On Mon, Jun 10, 2013 at 4:01 PM, Luigi Rizzo wrote:
> On Mon, Jun 10, 2013 at 03:45:01PM +0200, Ermal Lu?i wrote:
> > Hello,
Hello,
the patch at location [1] implements support for dummynet into pf(4).
The patch has been tested and confirmed working without issues into pfSense.
Any objections to integrating this into FreeBSD?
[1]
https://github.com/pfsense/pfsense-tools/blob/master/patches/RELENG_10_0/dummynet.RELENG
On Wed, May 15, 2013 at 1:28 PM, Manoj Ganesan wrote:
> On Wed, May 15, 2013 at 12:06 PM, Ermal Luçi wrote:
>
>>
>>
>>
>> On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan
>> wrote:
>>
>>> Hey everyone,
>>>
>>> I'm just be
On Wed, May 15, 2013 at 11:31 AM, Manoj Ganesan wrote:
> Hey everyone,
>
> I'm just beginning to use FreeBSD + PF, for a use-case of multiple (1000s
> of) UDP streams, each attached via an anchor. When I unload/flush one of
> these anchors (say I tear down a stream), does it affect the other strea
On Thu, Apr 18, 2013 at 9:11 AM, Radek Krejča wrote:
> Hello,
>
> I need to get in some cases ip address of our customer over nat to my www
> page (eg. for stopping spam and give our customer info). I wrote daemon
> which listen on port where is traffic of our customers redirected (this is
> my te
On Thu, Mar 28, 2013 at 3:03 PM, Andreas Longwitz wrote:
> Ermal Luçi wrote:
> >
> > I say intended because so it behaves on the upstream.
> > By introducing another not needed option you introduce another hack on
> > top of the already hackish 'set skip' one
That is intended behavior.
There is an option -m to merge the configs which should not break it.
On Wed, Mar 20, 2013 at 2:49 PM, Andreas Longwitz wrote:
> Am 04.03.2013 16:47, schrieb Andreas Longwitz:
>
> I run FreeBSD 8 Stable with pf enabled and have the line
>> set skip on lo0
>> in m
On Mon, Mar 11, 2013 at 4:05 PM, Kajetan Staszkiewicz wrote:
> There are some things I find flawed in your patch:
>
> 1.
>
> +#if 0
> if (killed > 0)
> pf_purge_expired_src_nodes(1);
> +#endif
>
> This means that after using `pfctl -K` the src nodes are sti
On Sat, Mar 9, 2013 at 2:37 PM, Kajetan Staszkiewicz
wrote:
> Dnia sobota, 9 marca 2013 o 13:14:16 Ermal Luçi napisał(a):
> > On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz
> >
> > wrote:
> > > Dnia piątek, 8 marca 2013 o 21:11:43 Ermal Luçi napisał(a):
>
Also do not forget to rebuild pfctl so that statistics are shown correctly.
On Sat, Mar 9, 2013 at 1:14 PM, Ermal Luçi wrote:
>
>
>
> On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz <
> veg...@tuxpowered.net> wrote:
>
>> Dnia piątek, 8 marca 2013 o 21:11:43
On Fri, Mar 8, 2013 at 9:51 PM, Kajetan Staszkiewicz
wrote:
> Dnia piątek, 8 marca 2013 o 21:11:43 Ermal Luçi napisał(a):
> > Is this FreeBSD 9.x or HEAD?
>
> I found the problem and developed the patch on 9.1.
>
> Can you please test this more 'beautiful' patch
Is this FreeBSD 9.x or HEAD?
On Fri, Mar 8, 2013 at 2:19 PM, Kajetan Staszkiewicz
wrote:
> Hello there!
>
> In my enviroment, where I use FreeBSD machines as loadbalancers, after a
> server
> is detected as dead, loadbalancer removes the the broken server from a
> table
> used in route-to pf ru
On Wed, Dec 5, 2012 at 3:51 PM, Peter McAlpine wrote:
> First off, thanks for all the suggestions from both of you. My email
> filters were messed up causing me to miss your replies.
>
> On 19 November 2012 18:56, David DeSimone wrote:
> > If I understand the poster's problem, it is that there c
On Fri, Nov 23, 2012 at 8:50 AM, Ian FREISLICH wrote:
> > > Today its a null op. So it voids the keyword which should be
> deprecated in
> > > FreeBSD or should be reintroduced!
> > > Also it may break people assumptions on it.
> >
> > So I take it that "set state-policy if-bound" will no longer
On Thu, Nov 22, 2012 at 3:13 PM, Ian FREISLICH wrote:
> =?ISO-8859-1?Q?Ermal_Lu=E7i?= wrote:
> > On Tue, Nov 20, 2012 at 9:07 AM, Sami Halabi wrote:
> > > This was actually discussed much before, as I read it would make some
> > > issues with the new pf-smp work done by gleb.
> > >
> > Not reall
On Thu, Nov 22, 2012 at 3:13 PM, Ian FREISLICH wrote:
> =?ISO-8859-1?Q?Ermal_Lu=E7i?= wrote:
> > On Tue, Nov 20, 2012 at 9:07 AM, Sami Halabi wrote:
> > > This was actually discussed much before, as I read it would make some
> > > issues with the new pf-smp work done by gleb.
> > >
> > Not reall
On Wed, Nov 21, 2012 at 3:52 PM, Gleb Smirnoff wrote:
> On Wed, Nov 21, 2012 at 03:44:13PM +0100, Ermal Lu?i wrote:
> E> Cherry-picking would be when tehre is reasonable similarities.
> E> Also another argument to do this would be simplicity on locking as well
> as
> E> i told you when you starte
On Wed, Nov 21, 2012 at 8:56 AM, Gleb Smirnoff wrote:
> Mark,
>
> On Tue, Nov 20, 2012 at 03:43:17PM +0100, Mark Martinec wrote:
> M> For one thing, I'm desperately awaiting NAT64 support (the 'af-to'
> M> translation rule in newer pf (5.1?), committed on 2011-10).
>
> Backport this exact featu
d.
He actually broke if-bound state but that's another story.
> Sami
>
>
> On Tue, Nov 20, 2012 at 9:55 AM, Ermal Luçi wrote:
>
>> On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington > >wrote:
>>
>> > On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <
On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington wrote:
> On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <
> paul.g.webs...@googlemail.com
> > wrote:
>
> > Good day all,
> >
> > I am aware this is a much discussed subject since the upgrade of PF, I
> > believe the final decision was that to man
On Tue, Sep 18, 2012 at 6:15 PM, Gleb Smirnoff wrote:
> Ermal,
>
> On Tue, Sep 18, 2012 at 06:02:06PM +0200, Ermal Lu?i wrote:
> E> The issue is that this hides the problem per se.
>
> What had hidden problem per se, was the following code:
>
> PF_UNLOCK();
>
The issue is that this hides the problem per se.
The ioctl and pfctl loading of ruleset is not ready for handling failures here!
/me Does not understand why people do not ask for review first?
On Tue, Sep 18, 2012 at 2:53 PM, Sergey Kandaurov wrote:
> On 18 September 2012 16:34, Gleb Smirnoff w
Just as a note,
this is an issue especially when using bridge+carp+pf.
On Tue, Sep 11, 2012 at 1:00 PM, Gleb Smirnoff wrote:
> The following reply was made to PR kern/124364; it has been noted by GNATS.
>
> From: Gleb Smirnoff
> To: Vladimir Shapkin
> Cc: bug-follo...@freebsd.org
> Subject: ke
On Sun, Sep 9, 2012 at 7:53 PM, wishmaster wrote:
>
>
>> Everyone agrees that altq needs to vanish, we know other code
>> exists/has been pondered; we'll see who might come forward.
>
> May be integrating pf with well-known dummynet?
> ___
This alread
On Fri, Sep 7, 2012 at 2:05 PM, Ian FREISLICH wrote:
> =?ISO-8859-1?Q?Ermal_Lu=E7i?= wrote:
>> > - the "pf: state key linking mismatch" which affects pf as far back
>> > as we've been prepared to test (FreeBSD-8.0). Although it only
>> > became visible in the logs in -CURRENT before 9-RELEASE wit
Hello Ian,
On Fri, Sep 7, 2012 at 11:26 AM, Ian FREISLICH wrote:
>> > I won't keep OpenBSD-pf and FreeBSD-pf in parallel in FreeBSD. The
>> > OpenBSD-pf port have proved to be poorly maintained. After last
>> > import that was made by you, at least the following regressions were
>> > introduced:
On Thu, Sep 6, 2012 at 8:46 AM, Gleb Smirnoff wrote:
> Ermal,
>
> On Wed, Sep 05, 2012 at 10:02:17PM +0200, Ermal Lu?i wrote:
> E> as already shared with you the opinion the new 're-arrangement' of
> E> data structure together with new syntax
> E> is more helpful to SMP in general, so complement
Hi Gleb,
On Wed, Sep 5, 2012 at 1:51 PM, Gleb Smirnoff wrote:
> Hi!
>
> [announce goes both to net@ and pf@, but any discussion should
>go on on p...@freebsd.org only, please]
>
> As you already may now, last half a year I've been working on
> making pf SMP-scalable and faster in genera
Hi Gleb,
On Wed, Sep 5, 2012 at 8:36 PM, Gleb Smirnoff wrote:
> Thomas,
>
> On Wed, Sep 05, 2012 at 04:28:23PM +0200, Thomas Steen Rasmussen wrote:
> T> Your work seems very exciting from a performance standpoint, and it
> T> is certainty something I am looking forward to. Please don't take the
On Tue, Jul 10, 2012 at 3:31 AM, Hao Bryan Cheng wrote:
> Hello all,
>
> I am working on converting a captive portal system from ipfw to pf (in
> order to support port-block allocation in many-to-one NAT) on systems
> currently running FreeBSD 8.2.
>
> Most of the firewall rewrite went without inc
On Fri, Jun 8, 2012 at 8:17 AM, Gleb Smirnoff wrote:
> Hello, networkers!
>
> [net@ in Cc, but further discussion should go on pf@]
>
> As you already probably know, or some may be don't yet know, the pf(4)
> subsystem in FreeBSD is currently working under a single mutex. This mutex
> is acquir
The following reply was made to PR kern/168190; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Ermal_Lu=E7i?=
To: Joerg Pulz
Cc: Daniel Hartmeier , bug-follo...@freebsd.org,
freebsd-pf@freebsd.org
Subject: Re: kern/168190: [pf] panic when using pf and route-to (maybe: bad
fragment handling?)
On Fri, Jun 1, 2012 at 10:25 AM, Joerg Pulz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On Tue, 29 May 2012, Daniel Hartmeier wrote:
>
>> On Sun, May 27, 2012 at 06:30:09PM +, Joerg Pulz wrote:
>>
>>> i've seen 12 more "pf_route: m0->m_len < sizeof(struct ip)" messages
>>>
On Wed, May 23, 2012 at 9:05 AM, Joerg Pulz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> On Tue, 22 May 2012, Ermal Luçi wrote:
>
>> iirc this is from fastforwarding being enabled.
>> Just from memory though, cause i remember seeing this panic as
iirc this is from fastforwarding being enabled.
Just from memory though, cause i remember seeing this panic as well.
Again, from memory this is fastforwarding related, try disabling it.
If it was pf(4) surely in pfSense would have been seen more frequently
and in pfSense fastforwarding is not used
On Wed, May 16, 2012 at 2:15 PM, Adam Strohl
wrote:
> Hello,
>
> I've noticed that when I use "synproxy state" on a rule and a connection
> comes in to an IP on a CARP interface the connection opens but never gets
> passed on to the process as it should.
>
> For example:
>
> pass in on $ext_if pro
2012/4/17 Gleb Smirnoff :
> On Tue, Apr 17, 2012 at 12:46:08PM +0400, Gleb Smirnoff wrote:
> T> We can make the assignment like:
> T>
> T> if (ifp->if_flags & IFF_LOOPBACK)
> T> m->m_flags |= M_SKIP_FIREWALL;
>
> I've tested this plus MTAG_PERSISTENT on pf tags, and it looks like this
> works.
On Tue, Apr 17, 2012 at 6:32 PM, Bjoern A. Zeeb
wrote:
>
> On 17. Apr 2012, at 09:48 , Gleb Smirnoff wrote:
>
>> Replying on only on paragrapg, everything else agreed.
>>
>> On Tue, Apr 17, 2012 at 11:33:27AM +0200, Ermal Lu?i wrote:
>> E> The only problem i might see is when running more than on
2012/4/17 Gleb Smirnoff :
> On Tue, Apr 17, 2012 at 10:38:31AM +0200, Ermal Lu?i wrote:
> E> 2012/4/17 Gleb Smirnoff :
> E> >
> E> > In this case crash or freeze is fixed, but still packet is dropped.
> Example
> E> > of such rule:
> E> >
> E> > pass in on igb0 fastroute proto tcp from any to $
On Tue, Apr 17, 2012 at 10:38 AM, Ermal Luçi wrote:
> 2012/4/17 Gleb Smirnoff :
>> On Tue, Apr 17, 2012 at 10:06:15AM +0200, Ermal Lu?i wrote:
>> E> 2012/4/16 Gleb Smirnoff :
>> E> > On Sun, Apr 15, 2012 at 12:00:21PM +, Gleb Smirnoff wrote:
>> E> &
2012/4/17 Gleb Smirnoff :
> On Tue, Apr 17, 2012 at 10:06:15AM +0200, Ermal Lu?i wrote:
> E> 2012/4/16 Gleb Smirnoff :
> E> > On Sun, Apr 15, 2012 at 12:00:21PM +, Gleb Smirnoff wrote:
> E> > T> On Sun, Apr 15, 2012 at 11:10:03AM +, Gleb Smirnoff wrote:
> E> > T> T> I have a vague susp
2012/4/16 Gleb Smirnoff :
> On Sun, Apr 15, 2012 at 12:00:21PM +, Gleb Smirnoff wrote:
> T> On Sun, Apr 15, 2012 at 11:10:03AM +, Gleb Smirnoff wrote:
> T> T> I have a vague suspicion on what is happening. Your description of
> T> T> the problem looks like if a packet processing in t
On Fri, Apr 13, 2012 at 12:29 AM, Theodor-Iulian Ciobanu
wrote:
> On Thu, 12 Apr 2012 15:01:46 +0200
> Ermal Luçi wrote:
>
>> Hello,
>>
>> On Thu, Apr 12, 2012 at 1:16 PM, Theodor-Iulian Ciobanu
>> wrote:
>> > Hello,
>> >
>> > I came
Hello,
On Thu, Apr 12, 2012 at 1:16 PM, Theodor-Iulian Ciobanu
wrote:
> Hello,
>
> I came across this same issue yesterday on a system I have just set up.
> I'm currently using the default kernel:
>
> FreeBSD changeme 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30
> UTC 2012 r...@farrell
The following reply was made to PR kern/166411; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Ermal_Lu=E7i?=
To: bug-follo...@freebsd.org, baluste...@gmail.com
Cc:
Subject: Re: kern/166411: [pf] simply enabling pf makes udpxy not to work
Date: Wed, 28 Mar 2012 11:41:05 +0200
Normally this
On Thu, Feb 23, 2012 at 8:44 AM, Ali Mdidech wrote:
> Hi List,
>
> I've a box that panics multiple times randomly since a year whatever
> the release is (8 or 9)
> The crash dump shows that the problem is related to pf.
> Is this some sort of identified bug?
> Below some info and my pf.conf file.
On Fri, Jan 27, 2012 at 7:47 AM, David Siebörger wrote:
> On Thursday, 26 January 2012 5:35 PM Ermal Luçi wrote:
>> Are you doing frequent updating of tables or loading larde lists of
>> addresses in them?
>
> The machine crashed again, and this time I ran ps in ddb. It sho
On Fri, Jan 27, 2012 at 3:36 AM, Greg Hennessy wrote:
> Hi Peter,
>
> That doesn't sound unreasonable, bearing in mind how much we all $ENJOY using
> the operating system precisely because the interfaces are defined and stable
> between major releases.
> I would not have expected PF 4.7 and abov
On Thu, Jan 26, 2012 at 3:38 PM, David Siebörger wrote:
> Hi,
>
> I have a pair of FreeBSD 9.0-RELEASE firewalls which are crashing
> repeatedly. I've been able to connect to one of them with remote kgdb
> after it crashed (see kgdb session attached), but I haven't been able to
> get to the botto
The following reply was made to PR kern/163208; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Ermal_Lu=E7i?=
To: =?ISO-8859-1?Q?Tilman_Keskin=F6z?=
Cc: bug-follo...@freebsd.org
Subject: Re: kern/163208: [pf] PF state key linking mismatch
Date: Mon, 23 Jan 2012 17:21:21 +0100
On Mon, Jan 23,
The following reply was made to PR kern/163208; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Ermal_Lu=E7i?=
To: =?ISO-8859-1?Q?Tilman_Keskin=F6z?=
Cc: bug-follo...@freebsd.org, freebsd-pf@freebsd.org
Subject: Re: kern/163208: [pf] PF state key linking mismatch
Date: Mon, 23 Jan 2012 12:16:38
On Sun, Jan 22, 2012 at 11:41 AM, Tilman Keskinöz wrote:
> * Bjoern A. Zeeb [Sat, 21 Jan 2012 21:01:41 +]:
> >
> > On 21. Jan 2012, at 20:52 , Tilman Keskinöz wrote:
> >
> >>
> >> On Jan 21, 2012, at 21:01 , Fabian Keil wrote:
> >>
> >>> Tilman Keskinöz wrote:
> >>>
> Same here.
>
On Sun, Jan 22, 2012 at 12:26 AM, Greg Hennessy wrote:
> > >
> > There is one catch.
> > FreeBSD does not want to break compatibility of old syntax and that is
> why
> > i did not port the latest version of pf(4).
>
> Shades of the versioning/maintenance issues surrounding putting Perl in
> the ba
On Sun, Jan 22, 2012 at 3:50 AM, Bjoern A. Zeeb <
bzeeb-li...@lists.zabbadoz.net> wrote:
>
> On 21. Jan 2012, at 23:26 , Greg Hennessy wrote:
>
> >>>
> >> There is one catch.
> >> FreeBSD does not want to break compatibility of old syntax and that is
> why
> >> i did not port the latest version of
On Fri, Jan 20, 2012 at 11:04 PM, Walt Elam wrote:
> I would like to help with the development of the PF port for FreeBSD but am
> not quite sure how to get involved. More specifically, I would like to help
> get something ported over that accepts the new rule syntax since it becomes
> increasing
2011/11/14 Виталий Владимирович :
>
>
> --- Original message ---
> From: "Ermal Lu i"
> To: "Виталий Владимирович"
> Date: 14 November 2011, 19:15:31
> Subject: Re: PF + dummynet
>
>
>
>> 2011/11/14 Виталий Владимирович :
>> >
>> > Hi.
>> > Some years ago I have read in freebsd-pf@ that ex
2011/11/14 Виталий Владимирович :
>
> Hi.
> Some years ago I have read in freebsd-pf@ that exist patch PF+dummynet from
> eri@. Now I am searching on Internet but nothing except this: pfsense-tools /
> patches / RELENG_9_0 on GitHUB. Is anybody use it with FreeBSD 9? I have
> applied dummynet.
2011/10/26 Виталий Владимирович :
>
> Recently I worked around traffic prioritization of my router
> (FreeBSD9-BETA3). I would like to prioritization traffic coming from external
> interface and coming from internal LAN.
>
> ## ALTQ
>
> altq on $ext_if hfsc bandwidth 800Kb qlimit 500 queue {std
The following reply was made to PR kern/114095; it has been noted by GNATS.
From: =?ISO-8859-1?Q?Ermal_Lu=E7i?=
To: Gleb Smirnoff
Cc: nerijus.ambra...@ktu.lt, freebsd-pf@freebsd.org, bug-follo...@freebsd.org
Subject: Re: kern/114095: [carp] carp+pf delay with high state limit
Date: Mon, 17 Oct 2
2011/10/17 Gleb Smirnoff :
> On Mon, Oct 17, 2011 at 02:18:38PM +0200, Ermal Lu?i wrote:
> E> On Sat, Oct 15, 2011 at 4:20 PM, wrote:
> E> > Synopsis: [carp] carp+pf delay with high state limit
> E> >
> E> > State-Changed-From-To: open->closed
> E> > State-Changed-By: glebius
> E> > State-Changed
On Sat, Oct 15, 2011 at 4:20 PM, wrote:
> Synopsis: [carp] carp+pf delay with high state limit
>
> State-Changed-From-To: open->closed
> State-Changed-By: glebius
> State-Changed-When: Sat Oct 15 14:20:00 UTC 2011
> State-Changed-Why:
> Not a bug. This is a feature. pfsync(4) suppresses carp(4)
>
On Mon, Aug 22, 2011 at 4:23 AM, Peter Jeremy
wrote:
> [This is fairly old but has recently bubbled to the top of my TODO list]
>
> On 2011-Jul-13 23:35:44 +0800, Ermal Luçi wrote:
>>I reverted back from having the pipes configured in pfctl because it
>>will be a catching ga
On Wed, Aug 17, 2011 at 3:05 PM, Florian Smeets wrote:
> On 17.08.2011 14:58, Ermal Luçi wrote:
>>
>> On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets wrote:
>>>
>>> On 17.08.2011 14:30, Bjoern A. Zeeb wrote:
>>>>
>>>> On Aug 17, 2011, at
On Wed, Aug 17, 2011 at 2:37 PM, Florian Smeets wrote:
> On 17.08.2011 14:30, Bjoern A. Zeeb wrote:
>>
>> On Aug 17, 2011, at 12:27 PM, Florian Smeets wrote:
>>
>>> On 08.07.2011 19:02, David O'Brien wrote:
On Fri, Jul 08, 2011 at 02:26:37PM +0200, Ermal Lui wrote:
>
> On Thu, Ju
way as i told you is to be careful when loading the modules
or when joining to pfil.
>
>
> Murat
>
>
> -Original Message-
> From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org] On
> Behalf Of Murat SÜRÜCÜ
> Sent: Tuesday, July 12, 2011 8:55 AM
>
On Wed, Jul 13, 2011 at 3:00 AM, Peter Jeremy
wrote:
> On 2011-Jun-29 16:26:34 +0800, Ermal Luçi wrote:
>>On Wed, Jun 29, 2011 at 6:42 AM, Peter Jeremy
>> wrote:
>>> Has anyone adapted the PF+dummynet patches for 8.x or 9.x?
>>
>>Well the patch is this
>&
2011/7/11 Murat SÜRÜCÜ :
> Hello,
>
> I used PF and dummynet together about two years and worked fine.
> Recently i have upgraded the system 7.2 to 8.2 and dummynet doesn't work
> anymore.
> If any packet belong the client IP puts any pipe, it drops and pflog says it
> blocked by last pf rule. But
On Thu, Jul 7, 2011 at 9:35 PM, David O'Brien wrote:
> On Wed, Jun 29, 2011 at 07:22:24PM +0200, Fabian Keil wrote:
>> "Bjoern A. Zeeb" wrote:
>> > In short; please test!
>>
>> I didn't experience any real problems yet, but running
>
> Hi Bjoern,
> Unfortunately I've had MAJOR network problems si
On Wed, Jul 6, 2011 at 5:25 PM, Calomel Org
wrote:
> ALTQ using hfsc is limited to a maximum parent bandwidth of 4294Mb.
> This value is 2^32 or 4,294,967,296 bits. If you set the bandwidth any
> higher, altq will flip back to zero. This "bug" was found when trying
> to test 10 gigabit and 40 giga
On Tue, Jul 5, 2011 at 3:47 PM, Fabian Keil
wrote:
> Ermal Luçi wrote:
>
>> On Sat, Jul 2, 2011 at 5:33 PM, Pierre Lamy wrote:
>> >
>> >
>> > On 6/29/2011 1:22 PM, Fabian Keil wrote:
>> >>
>> >> "Bjoern A. Zeeb" wrote:
&
On Sat, Jul 2, 2011 at 5:33 PM, Pierre Lamy wrote:
>
>
> On 6/29/2011 1:22 PM, Fabian Keil wrote:
>>
>> "Bjoern A. Zeeb" wrote:
>>
>>> Begin forwarded message:
>>>
From: "Bjoern A. Zeeb"
Date: June 28, 2011 11:57:25 AM GMT+00:00
To: src-committ...@freebsd.org, svn-src-...@freebsd.o
On Wed, Jun 29, 2011 at 6:42 AM, Peter Jeremy
wrote:
> Following up on some very old mail...
>
> On 2008-Nov-04 16:53:52 +0100, Ermal Luçi wrote:
>>actually this is the latest against RELENG_7 which is confirmed to
>>work with full features of pf(4) like route-to/r
On Sun, Feb 20, 2011 at 11:16 PM, Maxim Khitrov wrote:
> On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote:
>>
>> On Sun, 20 Feb 2011 13:27, eirnym@ wrote:
>>>
>>> On 20 February 2011 06:50, jhell wrote:
On Fri, 18 Feb 2011 03:26, eirnym@ wrote:
>
> I heard while ago about packet fi
On Sun, Feb 20, 2011 at 7:46 PM, Eir Nym wrote:
> On 20 February 2011 21:38, Chris Buechler wrote:
>> On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote:
>>>
>>> I've found them, but there no status about.
>>>
>>
>> You aren't looking very hard, it's been discussed at length on this
>> list, check t
On Fri, Nov 5, 2010 at 1:33 AM, Ricky Charlet wrote:
> Has anyone out there run altq with cbq with bandwidth limits set around 40 ~
> 50 Mb and seen it work well (actual through put allowed to come near that
> speed)?
>
> Thanks
> ---
> Ricky Charlet
> Adara Networks
> USA 408-433-4942
>
I can
1 - 100 of 138 matches
Mail list logo
