Wow, I appreciate your insights.
Yudhvir
===
On Tue, May 19, 2009 at 7:23 AM, Jason Dixon wrote:
> On Tue, May 19, 2009 at 02:52:03PM +0200, I?igo Ortiz de Urbina wrote:
> > On Tue, May 19, 2009 at 2:37 PM, Stuart Henderson
> wrote:
> > > On 2009-05-19, Iqigo Ortiz de Urbina wrote:
> > >> Meh
On Tue, May 19, 2009 at 02:52:03PM +0200, I?igo Ortiz de Urbina wrote:
> On Tue, May 19, 2009 at 2:37 PM, Stuart Henderson
> wrote:
> > On 2009-05-19, Iqigo Ortiz de Urbina wrote:
> >> Mehma,
> >>
> >> You can find more info on the performance boost, and how developers
> >> achieved it, in this
On Tue, May 19, 2009 at 2:37 PM, Stuart Henderson wrote:
> On 2009-05-19, Iqigo Ortiz de Urbina wrote:
>> Mehma,
>>
>> You can find more info on the performance boost, and how developers
>> achieved it, in this article. You can go through all of it as its
>> really interesting IMHO:
>>
>> http://
On 2009-05-19, Iqigo Ortiz de Urbina wrote:
> Mehma,
>
> You can find more info on the performance boost, and how developers
> achieved it, in this article. You can go through all of it as its
> really interesting IMHO:
>
> http://www.onlamp.com/pub/a/bsd/2007/11/01/whats-new-in-bsd-42.html
>
> Ho
Mehma,
You can find more info on the performance boost, and how developers
achieved it, in this article. You can go through all of it as its
really interesting IMHO:
http://www.onlamp.com/pub/a/bsd/2007/11/01/whats-new-in-bsd-42.html
Hope it helps you feel the need of trying pf _at home_ :)
On
* mehma sarja [2009-05-19 07:29]:
> Otto, Henning and Stuart to-the-point answers. Thanks guys. I have taken
> the post over to FreeBSD list. However, Henning, I am curious why you call
> pf on anything but OpenBSD a "starter drug?" Is the performance difference
> that huge? pf on FreeBSD 7.2
> Otto, Henning and Stuart to-the-point answers. Thanks guys. I have taken
> the post over to FreeBSD list. However, Henning, I am curious why you call
> pf on anything but OpenBSD a "starter drug?" Is the performance difference
> that huge? pf on FreeBSD 7.2 is version 4.1.
The people you are
Otto, Henning and Stuart to-the-point answers. Thanks guys. I have taken
the post over to FreeBSD list. However, Henning, I am curious why you call
pf on anything but OpenBSD a "starter drug?" Is the performance difference
that huge? pf on FreeBSD 7.2 is version 4.1.
You have piqued my interes
On Mon, May 18, 2009 at 02:51:34PM +0200, Henning Brauer wrote:
> * mehma sarja [2009-05-18 03:28]:
> > Thanks Ingo for your thoughts. Let me ask a simpler question, is there
> > something wrong with the following line on a FreeBSD 7.2 pf?
> >
> > pass in log quick on em0 inet proto tcp from any
* mehma sarja [2009-05-18 03:28]:
> Thanks Ingo for your thoughts. Let me ask a simpler question, is there
> something wrong with the following line on a FreeBSD 7.2 pf?
>
> pass in log quick on em0 inet proto tcp from any to 121.209.23.121 port =
> imaps flags S/SA modulate state
how should we
* mehma sarja [2009-05-17 19:43]:
> I want to test two pf firewalls in-line - an old openBSD (3.7 #50, i386) is
> on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on the 'inside.'
OpenBSD 3.7 and FreeBSD 7 are probably en par for pf.
pf in a recent OpenBSD however is more than twice as fast a
Why come to an OpenBSD list asking about FreeBSD pf? I note that you
didn't come to ask about getting OpenBSD running on your new hardware.
(It might have been quite a simple thing to fix).
You'd be better off asking on a FreeBSD list or the general pf
list. Most of us here don't know FreeBSD pf.
Ingo et all,
I suspect "modulate state" may be the culprit. Here is what the manual says:
modulate state - works only with TCP. PF will generate strong Initial
Sequence Numbers (ISNs) for packets matching this rule.
So we have 2 machines generating ISNs for the same connection. Could this be
the
Ingo and the rest of OpenBSD pf-ers,
Thanks Ingo for your thoughts. Let me ask a simpler question, is there
something wrong with the following line on a FreeBSD 7.2 pf?
pass in log quick on em0 inet proto tcp from any to 121.209.23.121 port =
imaps flags S/SA modulate state
Yudhvir
Hi Yudhvir,
mehma sarja wrote on Sun, May 17, 2009 at 01:27:12PM -0700:
> a. The old firewall is in production and is running as expected - blocking
> and passing as we need.
> b. I am in the process of replacing it with a new one. It happens that
> OpenBSD was inconvenient on the hardware we h
Ingo,
Thanks for a detailed response, really. It is my fault that I did not set
the context and here it is:
a. The old firewall is in production and is running as expected - blocking
and passing as we need.
b. I am in the process of replacing it with a new one. It happens that
OpenBSD was inconv
mehma sarja wrote on Sun, May 17, 2009 at 10:35:27AM -0700:
> I want to test two pf firewalls in-line - an old openBSD (3.7 #50,
That makes absolutely no sense. Don't run real servers with historical
software. Run 4.5.
> i386) is on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on
> the 'i
I want to test two pf firewalls in-line - an old openBSD (3.7 #50, i386) is
on the 'outside' and a new FreeBSD (7.2 #0 amd64) is on the 'inside.' Here
is the setup
INTERNET ===[outside port bridged to inside port OLD pf] === [outside port
bridged to inside port NEW pf] === LAN
I took the old pf.co
18 matches
Mail list logo
