I have a 3.3 OpenBSD machine on a Dell G1 with 2 Netgear GA621 gigabit cards.
It bridges just fine but only seems to block multicast IP no matter what rules are used.
Ifconfig looks OK. I have another identical G1 machine with copper fast ethernet cards
that work fine with pf. I tried this
Greetings!
I've got a three-legged PF setup (External,Private,DMZ) under 3.3 that
mostly seems to work great.
However, now I want a machine on the DMZ to be able to SNMP/MRTG to the
router that's on the external side.
I feel like I've tried all sorts of combinations of pass in/out udp and tcp
I figured out the problem. I need to initialize the ruleset before I can
add the 1st rule!
Gustavo Beltrami Rossi wrote:
Hi Daniel, thanks for your quick answer, but I have tried fill the
ruleset name and the same error continues:
char anchorname[PF_ANCHOR_NAME_SIZE] = "test";
char rulesetname
Hi Daniel, thanks for your quick answer, but I have tried fill the
ruleset name and the same error continues:
char anchorname[PF_ANCHOR_NAME_SIZE] = "test";
char rulesetname[PF_RULESET_NAME_SIZE] = "rl1";
strlcpy(add_rule.anchor, anchorname, PF_ANCHOR_NAME_SIZE);
strlcpy(add_rule.ruleset, ruleset
On Tue, Sep 02, 2003 at 05:48:42PM -0300, Gustavo Beltrami Rossi wrote:
> DIOCCHANGERULE: PF_CHANGE_GET_TICKET: Invalid argument
To find the reason for such errors, it helps to check the corresponding
kernel code. It's not more complicated than the client code, actually:
sys/net/pf_ioctl.c, pfio
I need some help on using DIOCCHANGERULE with anchors. I've a program
that insert a rule into pf, and I want to chage it to insert a rule into
an anchor. I've modified the src code insert the modifications bellow,
but now I'm getting an error:
DIOCCHANGERULE: PF_CHANGE_GET_TICKET: Invalid argum
On Tue, Sep 02, 2003 at 10:26:46PM +0200, vg wrote:
> Is it possible to know a little more about it, or maybe am I just too
> curious ?
Well, one idea we never followed was allowing to populate anchors from
within the main ruleset, for instance
anchor foo {
bar {
block from 10.1.2.3
According to Henning Brauer:
> yes, the goal is valid, I don't like the implementation too much.
> using an extra flag to show the anchor stuff is a idea worth thinking
> about - but then, there's something else in the queue for post-3.4
> that might solve this much more elegant ;-) plese note t
Henning Brauer wrote:
> On Tue, Sep 02, 2003 at 12:12:59AM -0400, Amir Seyavash Mesry wrote:
>
>> Henning/Daniel, is there any plans to implement polling in 3.4?
>
>
> in 3.4 for sure not.
> even later - nobody has yet shown that it pays out.
If anyone's interested I'm willing to test a patch (as
Maybe not at 1Gb, but at 10Gb polling comes in handy,
at least that's what we've seen with tests run using
Intel 10Gb NIC under Linux and FreeBSD.
once upon a time a famous beer drinker said:
On Tue, Sep 02, 2003 at 12:12:59AM -0400, Amir Seyavash Mesry wrote:
> Henning/Daniel, is there any pla
On Tue, Sep 02, 2003 at 12:12:59AM -0400, Amir Seyavash Mesry wrote:
> Henning/Daniel, is there any plans to implement polling in 3.4?
in 3.4 for sure not.
even later - nobody has yet shown that it pays out.
--
Henning Brauer, BS Web Services, http://bsws.de
[EMAIL PROTECTED] - [EMAIL PROTECTED]
Henning/Daniel, is there any plans to implement polling in 3.4? Or have a
patch for it?
Amir Seyavash Mesry
[EMAIL PROTECTED]
LSI Logic Corporation
http://www.lsilogic.com/
Raid Support Test Technician
6145-D Northbelt Parkway
Norcross, GA 30071
678-728-1211
NOTICE: This communication may
Damien Miller wrote:
I believe the fastest appliance out there currently is the Cisco PIX535,
coming in at a max of 1.7gb/s, but the other firewall appliances around
are way behind that and are well sub-1gb/s.
Nokia IP1260 w/FW-1 quotes 4.2Gbps
NetScreen 5400 quotes 12Gbps
You can find even gre
Dom De Vitto wrote:
Damn straight.
That's 94% of wire speed!
But largely irrelevant, as it is packets per second and not bytes per
second that matter.
As it is probably interrupts that are loading the box and not packet
processing, you could perster tedu@ for his devpoll patch, but to quote
his
14 matches
Mail list logo
