rom any to (all)
But this doesn't work:
/etc/pf.conf:63: syntax error
pfctl: Syntax error in config file: pf rules not loaded
It seems that there is no 'all' interface group as documented in
ifconfig(8) or at least pf.conf cannot use it.
Christopher
On Aug 11, 2005, at 3:24 PM, jesse wrote:
Take a look at the packets which match. But you
know, this still doesn't tell me which packets *don't* match my rule
that ought to.
You mean, don't match but you meant to match?
I'm afraid your machine may have the same problem mine does: it
actual
ttp://cvs.openbsd.org/faq/pf/ftp.html#natserver but they do not work. I
cannot connect to my ftp server from outside the network.
Thanks,
--
-Christopher
On Wed, Jan 26, 2005 at 09:48:06AM -0500, [EMAIL PROTECTED] wrote:
> On Tue, 25 Jan 2005, Christopher Linn wrote:
>
> >i am interested 9in using altq to limit the outflow from an rfc1918
> >NAT'd network to alleviate the possibility of e.g. DDoS attacks
> >or
something? has this issue been discussed?
i suspect i am missing something..
cheers,
chris linn
--
Christopher Linn, (celinn at mtu.edu) | By no means shall either the CEC
Staff System Administrator| or MTU be held in any way liable
Center for Experimental Computation | for any opin
On Sep 20, 2004, at 4:37 PM, Nick Buraglio wrote:
Back when I used to work for a decent sized insurance company (who
used checkpoint on the nokia boxes) I used to push ipf (as far as I
know pf was not around) and many other open source projects as a cost
savings feature to M$ and other commercia
Dear All
I have an idea which I would like to run by developers and users alike.
Does anyone think 'pattern matching' on packets values would be
a useful addition to pf' current capabilities?
The idea would be to allow users to write simple numeric sequences
representing packet values into the
Hi Dave,
>I've got two firewalls in a CARP/pfsync configuration running a
> 3.5-snapshot from July.
I'm seeing the same symptoms as you on this, presently running -current
as of a few days back, but first noticed the problem with a mid-July
snapshot - which is what I was current when I got pf
en committed a
month or more ago, but it appears to still be missing.
I say 'at least' because there are still some other locations where
state counters aren't reset properly should an error occur which may
bite you - they are shown in the pf-fix-unbalanced-state-counters.diff
in the same
forgive me, but isnt this all going a bit off topic?
After all, this list is about 'pf' not the legality issues surrounding
file sharing.
regards
chris
On Thu, Aug 19, 2004 at 09:38:27PM +0100, Greg Hennessy wrote:
## On 19 Aug 2004 12:02:20 -0700, [EMAIL PROTECTED] (Shawn K.
## Quinn) wrote:
#
Just a little note to all those mailing me letting me know that OBSD is
free.
Thanks, im well aware that its free, I just prefer to support the
project by paying for the it.
Oh yeah, and there is just the little problem of bandwidth, i.e I have
none lol been relegated to dial up so i cant be both
Hello all.
Many thanks for all of your help.
Ive now solved my problem and have a fairly good understanding of the pf
implementationn within OBSD 3.3 (just have to grok the changes in -current when i can
afford to buy it!).
For the benefit of anyone in the same situ as myself heres some code
th
Hello all.
Whilst experimenting with a program I am writing that will use 'pf'
I have discovered that for each new 'rule' i add to an anchor, i must also add a
unique 'ruleset' name.
e.g
rulesetname 0.1
add first rule with rulesetname '0.1'
rulesetname 0.2
add following rule with rulesetname
regarding this post, the problem has now been resolved thanks
to Camiel ;)
On Fri, Aug 06, 2004 at 09:31:03AM +0100, Christopher Keeley wrote:
## Hello everybody.
##
## I am currently writing a program that, at certain points needs to add a rule to
## the current firewall set.
##
## Here is a
Hope that helps, sorry
## for my previous incoherence.
##
## jw
##
##
## > On Thu, 5 Aug 2004, Christopher Keeley wrote:
## >
## > > Hello everybody.
## > >
## > > I am currently writing a program in C that at certain points needs to
## > > add a rule to the
Hello everybody.
I am currently writing a program in C that at certain points needs to add a rule to
the current firewall set.
Here is a copy of the code i have so far for the function that will add
the rule:
--
struct pfi
route-to on any encapsulation
interface that didn't perform its own recursivity tests.
--
Christopher Pascoe
IT Infrastructure Manager
School of Information Technology and Electrical Engineering
The University of Queensland Brisbane QLD 4072 Australia
Web: http://www.itee.uq.edu.au/~chrisp Email: [EMAIL PROTECTED]
Hi Daniel
> I suggest you try with -current, as the loop detection has been
> adjusted recently. Since you reconstructed the code path, here's one
> of the cases that must be prevented:
>
> pass out route-to lo0
> (applying to outgoing packets on lo0, too)
Yep, suspected that would be exactly
Hello,
I'm seeing a problem with reply-to when modifying the interface that
a packet would normally go out on from the one it would normally take.
The following (simplified) test case demonstrates the problem:
Configuration:
Host 1:
- kernel OPENBSD_3_5 (stable)
- fxp0: 192.168.1.1/24
-
On Mar 8, 2004, at 6:19 PM, Jay Moore wrote:
On Mon, Mar 08, 2004 at 09:25:03AM -0600, the entity calling itself
Christopher D. Lewis stated:
Following is an entry from pfTop a few minutes ago:
tcp In 206.33.230.44:4895127.0.0.1:8025
ESTABLISHED:FIN_WAIT_2 46:38:32 00:00:44 335K
Sounds like you've achieved the purpose of the spamd setup perfectly:
you have consumed spammer resources while not really affecting your
own.
Congratulations!
--Chris
On Mar 7, 2004, at 11:31 PM, Jay Moore wrote:
Following is an entry from pfTop a few minutes ago:
tcp In 206.33.230.44:489
On Thursday 26 February 2004 11:58 am, Daniel Hartmeier wrote:
> On Sun, Feb 22, 2004 at 01:31:51PM -0500, Christopher Kruslicky wrote:
> > I restricted traceroute to root for now, since it's setuid I wasn't sure
> > which way it would come through. Anyway, I still see t
t any
rate the results are always the same =) This is the first time I came across
something in the man page that didn't work exactly as expected, so I joined
this list (I should see any replies).
Any pointers appreciated,
Christopher Kruslicky
Daniel,
Setting up symlinks to the appropriate rules file is not a big deal,
so for the time being, I'll do that.
As for rule order, what you stated makes sense, but the tricky part is
the order in which a user's other groups are examined. If I'm a
member of wheel, employees, authors, and editor
I've read the authpf section of the pf FAQ, as well as authpf(8),
login.conf(5), and the relevant chapters in Michael Lucas' most
excellent book, but I have not seen anything that indicates how to
simplify the administration of authpf rules using groups. What I'd
like to do is have one authpf rule
25 matches
Mail list logo