me code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I'm asking for an example of code to add my RDR rule.
Maybe, it looks like a silly game, but it isn't. Alternative ways are
discharge myself, kill second adm
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be implemented soon or is it there and I'm missing
something?
Regards,
--
Charlie Clark
Net
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be implemented soon or is it there and I'm missing
something?
Regards,
--
Charlie Clark
Net
From 'man pfctl':
When the variable pf is set to YES in rc.conf.local(8), the rule file
specified with the variable pf_rules is loaded automatically by the
rc(8)
scripts and the packet filter is enabled.
I think pf is enabled by default now :-)
ield "Received" to
spam.txt file on router and do something like this:
#cat spam.txt | uniq | sort > /etc/mail/spamd.black
or
#sort -u spam.txt > /etc/mail/spamd.black
and
#pfctl -f /etc/pf.conf
but I won't want to reload all rules. In best way I want to add in pf
table
only new
The manpage says
"-P Print ports using their names in /etc/services if available".
This works with "pfctl -P -sr", but not with "pfctl -P -ss"
- is that intended?
Jan
Hi all,
I got two different machine which are doing firewall fail-over.
After had them upgraded to 3.8 I switch to use groups within pf.conf.
Just to note I've seen setting and interface group in the loginterface
option is parsed without error with pfctl -n while ( think correctly) is
hi there,
i would like to compare my rules with the optimized ones.
is there a simple way to make pf show the optimized rules
without applying them? just a dump to compare with the
current rules?
-f
--
everyone has a photographic memory, some don't have film.
Missed "tos"-rule in man page.
Any reason why?
//maxim
I want to add some code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I think it's a very bad idea. The best you can do i think is to write
a pfctl wrapper script in order to load your mandatory rules and
On 13/10/06, fv <[EMAIL PROTECTED]> wrote:
> I want to add some code to pfctl which
> would add all important rules to pf. In such way, if that rules
> wouldn't be in pf.conf they would BE in pf.
>
I think it's a very bad idea. The best you can do i think is to wri
On 10/13/06, Alexander Belikov <[EMAIL PROTECTED]> wrote:
I want to fix a problem on one of my servers. The problem is 2 admins
1 server :( Both of us have a root access to it. It was a will of our
Top Managment..
Social problems will never be wholly resolved by technical solutions.
Speak to m
>> I want to add some code to pfctl which
>> would add all important rules to pf. In such way, if that rules
>> wouldn't be in pf.conf they would BE in pf.
>>
f> I think it's a very bad idea. The best you can do i think is to write
f> a pfctl wrapper scri
or himself. I want to add some code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I'm asking for an example of code to add my RDR rule.
Maybe, it looks like a silly game, but it isn't. Alternative ways a
f rules to get a better
download rate for himself. I want to add some code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I'm asking for an example of code to add my RDR rule.
Maybe, it looks like a silly game, but
Alexander,
On 13/10/2006, at 9:12 PM, Alexander Belikov wrote:
I want to fix a problem on one of my servers. The problem is 2 admins
1 server :( Both of us have a root access to it. It was a will of our
Top Managment..
This is not an OpenBSD issue.
Management needs to appoint one of you to b
rtner' disables a part of pf rules to get a better
>> download rate for himself. I want to add some code to pfctl which
>> would add all important rules to pf. In such way, if that rules
>> wouldn't be in pf.conf they would BE in pf.
>>
>> I'm asking for an exam
On 2006/10/13 14:36, fv wrote:
> > I want to add some code to pfctl which
> >would add all important rules to pf. In such way, if that rules
> >wouldn't be in pf.conf they would BE in pf.
> >
> I think it's a very bad idea. The best you can do i think is to wr
a part of pf rules to get a better
download rate for himself. I want to add some code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I'm asking for an example of code to add my RDR rule.
Maybe, it looks like
On Fri, 13 Oct 2006, Stuart Henderson wrote:
> On 2006/10/13 14:36, fv wrote:
> > > I want to add some code to pfctl which
> > >would add all important rules to pf. In such way, if that rules
> > >wouldn't be in pf.conf they would BE in pf.
> > >
> &
rules to get a better
download rate for himself. I want to add some code to pfctl which
would add all important rules to pf. In such way, if that rules
wouldn't be in pf.conf they would BE in pf.
I'm asking for an example of code to add my RDR rule.
Maybe, it looks like a silly game, bu
Or you could do what I would do...
Threaten to break his damn fingers...
Thanks a log for feedback
I know that my problem is social, but there are some difficulities to solve
it on it's level. I wouldn't write here if my social solutions were
success.
Some weeks ago my 'partner' had done something on his Win2003 server,
which caused overwriting arp info on 'our' OpenB
If I run the command
# pfctl -vsr
I get counters started from the last time I loaded the rule set.
Is there a way to find out the Date and Time I last loaded the rule set
so that
I can know the length of time it took to acquire x number of packets, etc?
I see a line for "Status: En
Hi misc@,
I'm trying to understand how pfctl re-loads rules and tables. On my
soekris board, 64MB RAM, I have a large table with more than 200K
entries. It's used to perform some egress filtering (yes maybe it's
too large but it's really effective). I raised up table-entries
On 2008-07-14, Charlie Clark <[EMAIL PROTECTED]> wrote:
> I have noticed that you are unable to view the currently loaded options
> for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
> skip on tun0.
Some of the "set" options aren'
Stuart Henderson escreveu:
> On 2008-07-14, Charlie Clark <[EMAIL PROTECTED]> wrote:
>
>> I have noticed that you are unable to view the currently loaded options
>> for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
>> skip o
On July 14, 2008 08:16:08 pm Giancarlo Razzolini wrote:
> Stuart Henderson escreveu:
> > On 2008-07-14, Charlie Clark <[EMAIL PROTECTED]> wrote:
> >> I have noticed that you are unable to view the currently loaded options
> >> for pf using pfctl, even 'pfctl
Vijay Sankar escreveu:
> On July 14, 2008 08:16:08 pm Giancarlo Razzolini wrote:
>
>> Stuart Henderson escreveu:
>>
>>> On 2008-07-14, Charlie Clark <[EMAIL PROTECTED]> wrote:
>>>
>>>> I have noticed that you are unable to vie
vious I tend not to answer... But I totally
overlooked "pfctl -sI -v" until I looked it up for this question, and
I've read that manual page plenty of times, so I learned something.
I would guess I'm not the only one.
15 11:49, Giancarlo Razzolini wrote:
> > >
> > Please, don't misinterpret me. I like to help people, like many others
> > here. But, i think that should be a mantra for every a admin: "Read the
> > manual, before you ask.".
>
> If something's totally
On Mon, Jul 14, 2008 at 10:16:08PM -0300, Giancarlo Razzolini wrote:
> Stuart Henderson escreveu:
> > On 2008-07-14, Charlie Clark <[EMAIL PROTECTED]> wrote:
> >
> >> I have noticed that you are unable to view the currently loaded options
> >> for pf usi
oticed that you are unable to view the currently loaded options
>>>> for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
>>>> skip on tun0.
>>>>
>>>>
>>> Some of the "set" optio
On 2008-07-25, Charlie Clark <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have noticed that you are unable to view the currently loaded options
> for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
> skip on tun0.
> Is this going to be implemen
* Charlie Clark <[EMAIL PROTECTED]> [2008-07-25 14:41]:
> Is this going to be implemented soon or is it there and I'm missing
> something?
that is probably never going to be implemented, as some options just
affect further parsing and aren't loaded to the kernel.
--
Henning Brauer, [EMAIL PROTE
Stuart Henderson wrote:
On 2008-07-25, Charlie Clark <[EMAIL PROTECTED]> wrote:
Hi,
I have noticed that you are unable to view the currently loaded options
for pf using pfctl, even 'pfctl -sa' doesn't show the options eg. set
skip on tun0.
Is this going to be impl
Henning Brauer wrote:
* Charlie Clark <[EMAIL PROTECTED]> [2008-07-25 14:41]:
Is this going to be implemented soon or is it there and I'm missing
something?
that is probably never going to be implemented, as some options just
affect further parsing and aren't loaded to the kernel.
* Charlie Clark <[EMAIL PROTECTED]> [2008-07-25 16:27]:
> Henning Brauer wrote:
>> * Charlie Clark <[EMAIL PROTECTED]> [2008-07-25 14:41]:
>>
>>> Is this going to be implemented soon or is it there and I'm missing
>>> something?
>>>
>>
>> that is probably never going to be implemented, as
On 2008/07/25 14:53, Charlie Clark wrote:
> Stuart Henderson wrote:
>> On 2008-07-25, Charlie Clark <[EMAIL PROTECTED]> wrote:
>>
>>> Hi,
>>>
>>> I have noticed that you are unable to view the currently loaded
>>> options for pf using
ftrag von Stuart Henderson
> Gesendet: Freitag, 25. Juli 2008 17:15
> An: Charlie Clark
> Cc: misc@openbsd.org
> Betreff: Re: pfctl
>
> On 2008/07/25 14:53, Charlie Clark wrote:
> > Stuart Henderson wrote:
> >> On 2008-07-25, Charlie Clark <[EMAIL PROTECTED]> wrote
WEiRD' de Weerd
| Regards
| Hagen Volpers
|
|
| > -Urspr|ngliche Nachricht-
| > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
| > Im Auftrag von Stuart Henderson
| > Gesendet: Freitag, 25. Juli 2008 17:15
| > An: Charlie Clark
| > Cc: misc@openbsd.org
| >
Hehe, I knew I'll get this reply. ;-) The question was which configuration is
active, not what will be activated by pfctl -f /etc/pf.conf, that's the
difference.
I think that could help some people in multi-admin environments ;-)
Regards
Hagen Volpers
> -Urspr|ngliche Nachric
On Fri, Jul 25, 2008 at 11:38:40PM +0200, openbsd misc wrote:
| Hehe, I knew I'll get this reply. ;-) The question was which configuration is
| active, not what will be activated by pfctl -f /etc/pf.conf, that's the
| difference.
| I think that could help some people in multi-admin en
On 2008-07-25, openbsd misc <[EMAIL PROTECTED]> wrote:
> Hehe, I knew I'll get this reply. ;-) The question was which configuration is
> active, not what will be activated by pfctl -f /etc/pf.conf, that's the
> difference.
> I think that could help some people
I was only an idea regarding the question. Sorry for sharing thoughts ... I'm
already using such a script because of that, would be great to have that job
done by pfctl because everyone whould have this "feature" and you can not pass
it by pfctl -f ...
As I said this is only an
openbsd misc wrote:
interessting point. How about dumping it to a file or something so you are
able to check what was loaded last time (e.g. a file with 400 under
/var/whatever)?
What I want is, I have a script that when I commit a ruleset with pfctl
it uses pfctl to query the loaded rules
> What I want is, I have a script that when I commit a ruleset with pfctl
> it uses pfctl to query the loaded rules and outputs that to a file, I
> get the rulesets there using fwbuilder, which loads the ruleset directly
> using pfctl, I have another script which checks the currentl
Almir Karic wrote:
diff of a loaded ruleset is not that useful (for humans) IMHO, a
better way would be to diff the ruleset (possibly excluding the
comments and spaces etc). even better way to do that would be to
JustDoIt (no diff checking whatsoever, and let the admins reload the
rule when t
On Mon, Jul 28, 2008 at 10:30:41AM +0100, Charlie Clark wrote:
> Almir Karic wrote:
>
>> diff of a loaded ruleset is not that useful (for humans) IMHO, a better
>> way would be to diff the ruleset (possibly excluding the comments and
>> spaces etc). even better way to do that would be to JustDoIt
Then, if this is still
such a big issue, you can write some scripts that will give you
something along the lines of Junipers 'commit confirmed' .. you first
enable a ruleset which will be automatically reverted in 5 or 10 (or
however many you like) minutes. Then, if you don't lock yourself out,
an
On 2008-07-28, Charlie Clark <[EMAIL PROTECTED]> wrote:
> I have, this is the script I am talking about, I want to know how to
> make the script know about option changes, eg. block policy, state
> policy
block policy and state policy don't get sent to /dev/pf, they onl
don't you have some way to handle the other situations where pfctl -sr
doesn't output exactly what pfctl -f was fed as input? how do you handle
macros or the ruleset optimiser?
There are no macro's as I'm using fwbuilder to build the ruleset and isn't the
ruleset opt
On 2008/07/28 11:37, Charlie Clark wrote:
>
>>
>> don't you have some way to handle the other situations where pfctl -sr
>> doesn't output exactly what pfctl -f was fed as input? how do you handle
>> macros or the ruleset optimiser?
>>
> There are
Stuart Henderson wrote:
On 2008/07/28 11:37, Charlie Clark wrote:
don't you have some way to handle the other situations where pfctl -sr
doesn't output exactly what pfctl -f was fed as input? how do you handle
macros or the ruleset optimiser?
There are no macro'
On 2008-07-28, Charlie Clark <[EMAIL PROTECTED]> wrote:
> Stuart Henderson wrote:
>> On 2008/07/28 11:37, Charlie Clark wrote:
>>
>>>> don't you have some way to handle the other situations where pfctl -sr
>>>> doesn't output exactly what p
Stuart Henderson wrote:
On 2008-07-28, Charlie Clark <[EMAIL PROTECTED]> wrote:
Stuart Henderson wrote:
On 2008/07/28 11:37, Charlie Clark wrote:
don't you have some way to handle the other situations where pfctl -sr
doesn't output exactly what pfctl -f was f
the current SSH
session gets locked due to state issues, but it's still possible to make
a new connection and use that... or else wait a few minutes.
e.g.
pfctl -nf /home/lars/pf.test.conf \
&& echo "/sbin/pfctl -f /etc/pf.conf" \
| at now +3 minutes
Hello,
in the midst of debugging ruleset/migrations, I came across this output
in 'pfctl -vvss':
all tcp 10.45.30.7:993 (public-nat:993) <- remote-ip:4690
ESTABLISHED:ESTABLISHED
[1683650613 + 66296] wscale 7 [3702552199 + 16768] wscale 2
age 04:32:22, expires in
On Wed, Jan 02, 2019 at 07:09:54PM +0100, Philipp Buehler wrote:
> 'pfctl -vvss':
> all tcp 10.45.30.7:993 (public-nat:993) <- remote-ip:4690
> ESTABLISHED:ESTABLISHED
>[1683650613 + 66296] wscale 7 [3702552199 + 16768] wscale 2
>age 04:32:22, expires in 0
persists, `pfctl -a\* -s rules' prints them including
anchors.
Hmm, still a bit ambigious:
===
@11 anchor "relayd/*" all {
[ Evaluations: 21256227 Packets: 845613Bytes: 363090876 States:
31]
[ Inserted: uid 0 pid 12958 State Creations: 16822 ]
anchor "depa_portal_
On Fri, Jul 19, 2013 at 09:22:54AM +0200, Pieter Verberne wrote:
> From 'man pfctl':
> When the variable pf is set to YES in rc.conf.local(8), the rule file
> specified with the variable pf_rules is loaded automatically by the
> rc(8)
> scripts and the packet filter is en
Op Mon, 10 Oct 2011 12:12:23 +0200 schreef "pavel pocheptsov"
:
hello misc.
I have spamd before mail server. and it's work nice with liberal setting
like this:
spamd_flags="-v -l 127.0.0.1 -G 10:4:864 -h mail.server"
pf.conf:
[...]
block in log quick on { $ext_if_a, $ext_if_b } from { ,
,
On Mon, May 28, 2012 at 03:34:04PM +0200, Jan Stary wrote:
> The manpage says
> "-P Print ports using their names in /etc/services if available".
>
> This works with "pfctl -P -sr", but not with "pfctl -P -ss"
> - is that intended?
Good catch. :)
displayed only when -v is given...
kripel> sudo pfctl -s labels
ssh 332 0 0 0 0 0 0
torrent 89 476 181200 241 12953 235 168247
something along the lines of the tables or the interface tables maybe?
kripel> sudo pfctl -vvs Inter -i ne3
ne3
Cleared: Wed Sep 14 23:56:2
# pfctl -nvf /etc/pf.conf > /root/orig
# pfctl -novf /etc/pf.optimized > /root/optimized
# diff -u /root/orig /root/optimized | less
> hi there,
>
> i would like to compare my rules with the optimized ones.
>
> is there a simple way to make pf show the optimized rules
&g
Hello!
On Mon, Mar 06, 2006 at 11:52:40AM +0100, frantisek holop wrote:
>i would like to compare my rules with the optimized ones.
>is there a simple way to make pf show the optimized rules
>without applying them? just a dump to compare with the
>current rules?
pfctl -v -n -f .
hmm, on Mon, Mar 06, 2006 at 07:13:32AM -0500, Mike Frantzen said that
> # pfctl -nvf /etc/pf.conf > /root/orig
> # pfctl -novf /etc/pf.optimized > /root/optimized
^
how do i get this file? :)
this was not tested, was it? :)
thanks for the answers.
On Sun, Jul 23, 2006 at 11:00:05PM +0200, Maxim Bourmistrov wrote:
> Missed "tos"-rule in man page.
do you mean in pf.conf(5) (as opposed to pfctl(8)) ?
> Any reason why?
maybe no reason other than nobody sent a diff?
. maybe this one doesn't suck completely?:
--
On Sun, Jul 23, 2006 at 11:38:31PM -0400, jared r r spiegel wrote:
>
> Index: pf.conf.5
> ===
> RCS file: /cvs/src/share/man/man5/pf.conf.5,v
> retrieving revision 1.350
> diff -u -u -r1.350 pf.conf.5
> --- pf.conf.5 9 Jul 2006 11:00:
Hi All,
Thanks to Jesper and Stuart, i'm using max-pkt-rate not!
I'm also using max-src-conn-rate and overload in conjunction with authpf
and I'm worried that potentially valid traffic may get blocked.
I'm wondering if it's a condoned/accepted/best practice to use
Hi!
I'm having this problem:
# pfctl -sr |fgrep ftp
[...]
pass out on rl0 inet proto tcp from to <__automatic_39c048b4_0>
port = ftp flags S/SA keep state
What is that automatic stuff? I wish to see the corresponding (below)
rules' entries in pfctl's output.
The corre
then I run pfctl -t abuse -Tflush as described in
this thread, and then i reload the pf.conf file with pfctl -f /etc/pf.conf.
When I do this any thing in the state table seems to flow as usual, however
any new sessions timeout. Im not sure whats going on? I tried bumping up the
table-entries limit wi
On 6/20/07, Francesco Toscan <[EMAIL PROTECTED]> wrote:
when I first load the rules everything works fine;
when I reload the rules with pfctl -f pf.conf, pfctl segfaults or
exits returning "Cannot allocate memory" as if table-entries limit
were not high enough.
If I first flush
, more than double the
content of (210144 entries) but reload always gives:
/etc/pf.conf.queue:17: cannot define table large_table: Cannot allocate memory
I guess pfctl needs even more entries or I hit another kind of limit,
I'll look into it.
f.
be hitting one or more of the several relevant limits, but
have you tried something like 'pfctl -T flush -t tablename' before
reloading the table data?
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ htt
2007/6/21, Peter N. M. Hansteen <[EMAIL PROTECTED]>:
You may be hitting one or more of the several relevant limits, but
have you tried something like 'pfctl -T flush -t tablename' before
reloading the table data?
Yes, if I first flush the table it works flawlessy. The '
Openbsd 3.7
Memory: Real: 16M/33M act/tot Free: 55M Swap: 0K/512M used/tot
Trying to load a table from a file that is 21megs and pfctl -t spamd -Tr
-f file.txt
is outputting.. 'pfctl: Cannot allocate memory.'
-mike
Hello.
I've been running spamd with greylisting for a few
weeks.
Today, I am getting 'pfctl: Cannot allocate memory'
notifications.
OpenBSD 4.0 GENERIC#1107 i386
load averages: 0.1
Follow-up.
I googled previously and read a bunch of posts
relating to 3.6, 3.7 & 3.8.
More info.
-
all:\
:bobbeck1:white:spews1:white:china:white:korea:white:
# Bob Beck's traplist mirrored at OpenBSD
bobbeck1:\
:black:\
:msg="SPAM. Go forth and multiply
a condoned/accepted/best practice to use cron with
pfctl to expire table entries that are over a certain age.
I promise I did google "cron pfctl -T expire" first and only came up
with someone who wrote a script from 2014!!!
Thanks in advance!
Thanks to Jesper and Stuart, i'm using max-pkt-rate now!
#x27;m wondering if it's a condoned/accepted/best practice to use cron with
> pfctl to expire table entries that are over a certain age.
Yes, that is often required, "pfctl -T expire [number]" is for exactly this.
#x27;s SHA256.sig, bsd.rd, install.fs
- signify
- cp bsd.rd to /
- dd install.fs to sd1
- reboot
- boot sr0a://bsd.rd
- Choose "upgrade"
- Choose "disk" sd1
- (I unchecked [ ] games ...)
- upgrade the sets
...
reboot
installed firmware
login
---
~: doas pfctl -t cidr_typo -T add 1
When I run the command
pfctl -sr
a list of the rules is displayed, a sample line is below.
pass in log quick on fxp0 inet proto tcp from 226.174.167.164 to
(fxp0) port = smtp flags S/FSRA keep state
Is there a way for me to tell pfctl that I want to see
port = 25
instead of
port
On Dec 25, 2007 10:54 AM, Daniel <[EMAIL PROTECTED]> wrote:
> Hi!
>
> I'm having this problem:
>
> # pfctl -sr |fgrep ftp
> [...]
> pass out on rl0 inet proto tcp from to <__automatic_39c048b4_0>
> port = ftp flags S/SA keep state
>
> What is that
On 26/12/2007, at 7:54 AM, Daniel wrote:
Hi!
I'm having this problem:
# pfctl -sr |fgrep ftp
[...]
pass out on rl0 inet proto tcp from to <__automatic_39c048b4_0>
port = ftp flags S/SA keep state
What is that automatic stuff? I wish to see the corresponding (below)
rules' en
I want to load about 5mln of IP addresses to pf table for spamd,and I get
"pfctl Cannot allocate memory."
here is my sytem:
/bsd: real mem = 1073061888 (1047912K)
/bsd: avail mem = 972406784 (949616K)
/bsd: using 4278 buffers containing 53755904 bytes (52496K) of memory
When I loa
I want add keyword to PF's rule. I started with pfctl. Suppose I want
to add keyword "spraychld".
So, I add field to struct pf_rule (as showed in diff below) and tried
to add keyword to pfctl's parse.y processor.
But it won't to compile.
Where I was wrong?
# cd/usr/sr
I just did an upgrade to 4.3 on my home firewall and upon reboot pfctl
found syntax errors in my pf.conf.
I have narrowed down the problem to this:
ssh = "22"
list = "{" $ssh "}"
So basically it seems that the syntax for creating lists with macros
is not suppor
Hi,
I've just run into the following problem on a 4.6 box:
/etc/pf.conf (excerpt):
table const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }
block out on $extif from
# /sbin/pfctl -F rules -R -f pf.conf
rules cleared
pfctl: Must enable table lo
search online suggests that this used to work before ipfw was deprecated:
ipfw add X fwd ip from to any
(I did try this, and nothing actually happened.)
Further searching led me to this as the possible OpenBSD answer:
route -T X add 0.0.0.0/0 -iface
echo pass in from to 0.0.0.0/0 rtable X | pfc
Hi @misc,
This afternoon i got a very strange issue on a router/firewall. I added
a rule and then the following error appears:
> pfctl -nf /etc/pf.conf
> pfctl -f /etc/pf.conf
pfctl: DIOCADDQUEUE: No such process
I don't have any queue configured on the firewall.
I also tried pfctl -
> From: Henning Brauer (lists-openbsdbsws.de)
> Date: Sun Dec 02 2007 - 14:45:37 CST
>
> * MikeM [2007-12-02 15:35]:
> >
> > When I run the command
> >
> > pfctl -sr
> >
> > a list of the rules is displayed, a sample line is below.
>
On Sat, Sep 10, 2005 at 11:50:29PM -0400, Mike Spenard wrote:
> Openbsd 3.7
> Memory: Real: 16M/33M act/tot Free: 55M Swap: 0K/512M used/tot
>
> Trying to load a table from a file that is 21megs and pfctl -t spamd -Tr
you`re putting into table whole internet? :~)
> -f file.txt
Hi,
try adding the following lines to your /etc/pf.conf and reload with pfctl -f
/etc/pf.conf
set limit tables 5000 # default 1000
set limit table-entries 500 # default 10
Guess this should solve your problem...
- Florian
-Original Message-
From: [EMAIL PROTECTED
After spending over 30 minutes figuring out why a firewall refused to load
its config (turned out that the PCI card had unwedged itself).
Dw
*** pfctl.c.org Tue Jan 31 07:40:08 2006
--- pfctl.c Tue Jan 31 07:43:27 2006
***
*** 1358,1364
return (1);
}
)
queue ftp bandwidth 250Kb priority 3 cbq(borrow rio)
on every attempt to start pf with this section active, I get:
pfctl: DIOCADDALTQ: Cannot allocate memory
I dug through the archives and found a single query on this from
2003 where Henning commented on a possible malloc/pool error in
ENONMEM, but
Given the rule
pass proto tcp from any to mail.example.com \
port { 25 80 110 143 443 587 993 } synproxy state
pfctl barks
/etc/pf.conf:586: warning: synproxy used for inbound rules only, ignored for
outbound
It's pretty obvious from reading pf.conf(5) that the above i
Whenever running "doas pfctl -s queue -v" on a 5.8/amd64 box (PC engines
apu1d4), it outputs the error "pfctl: DIOCGETQSTATS: Bad file
descriptor".
Has anyone seen this before? Both queuing and port filtering have been
working without issue.
Here's a 1:1 copy of the qu
On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote:
> ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
> 1 table created.
> 1/1 addresses added.
I fail to reproduce this with recent snapshots on both amd64 and sparc64:
# pfctl -t cidr_typo -T add 1.2.3.4*5
no IP address
On 11/11/18 19:23, Klemens Nanni wrote:
On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote:
~: doas pfctl -t cidr_typo -T add 1.2.3.4*5
1 table created.
1/1 addresses added.
I fail to reproduce this with recent snapshots on both amd64 and sparc64:
# pfctl -t cidr_typo -T add
1 - 100 of 357 matches
Mail list logo
