On Fri, Apr 08, 2011 at 01:19:59PM +0300, Bojidara Marinchovska wrote:
> Hello,
>
> netif="netif"
> test1="1.2.3.4"
> test2="2.3.4.5"
>
> block in quick on $netif from {!$test1, !$test2} to x.x.x.x - blocks
> the access from the IPs from test1 and test2 macros, BUT it should
> block all other EXC
On Thu, Dec 30, 2010 at 09:48:52PM -0800, Jonathan Rogers wrote:
> Trying to set up a new telco fiber connection on my OpenBSD router/
> firewall (this is an OLD box with OpenBSD 3.8 on it...sorry). I can't
> put the new telco connection live as the default yet, because it will
> affect all users,
On Wed, Dec 29, 2010 at 10:40:58AM +, Stuart Henderson wrote:
> On 2010/12/29 08:51, Johan Helsingius wrote:
> > Running pf on openbsd 4.8 (i386), I find something very strange going on.
> > Looking at the log:
> >
> > Dec 28 22:23:37.772604 rule 4/(match) [uid 0, pid 28161] pass in on xl2:
>
On Wed, Oct 20, 2010 at 04:50:49AM +0300, Nerius Landys wrote:
> >I then tried to use nemesis to change the spoofed source address from
> >64.156.193.115 to 127.0.0.1 or 192.168.0.x, but nemesis wasn't able to
> >do this with the error message "ERROR: Incomplete packet injection. Only
> >wrote -1
On Wed, Jul 09, 2008 at 07:25:18PM +0200, Leslie Jensen wrote:
> Hello
>
> When I boot the machine where pf is installed, every thing I can see looks
> ok. It's hard to read the text scrolling on the screen and the information
> concerning pf is not to be found in /var/log/messages.
>
> Anyway I
On Tue, Feb 27, 2007 at 04:37:27PM -0600, Travis H. wrote:
> I am not sure if this is pf-related, but has anyone seen
> this error message, and what condition actually causes it?
> Incomplete arp table? Out of memory? Something else?
Something else normaly. Most probably trying to attach a arp e
On Tue, Nov 07, 2006 at 08:28:00PM +0100, Daniel Hartmeier wrote:
> On Tue, Nov 07, 2006 at 06:08:52PM +, Paul Pruett wrote:
>
> > A nominal i386 computer with only a meg of ram
> > without limit changes would not load it.
>
> Neither would a stock GENERIC kernel on any architecture. The reas
On Thu, Jan 05, 2006 at 06:46:54AM -0500, jared r r spiegel wrote:
> On Thu, Jan 05, 2006 at 03:18:22AM +0100, Sylwester S. Biernacki wrote:
> > On Thursday, January 5, 2006, at 01:15:00, jared r r spiegel wrote:
> >
> > > - establish session with A and learn about 1.2.3.4/30; 1.2.3.4/30 is
> > >
On Thu, Jun 16, 2005 at 04:57:19PM +0200, Frederic BRET wrote:
> I was not sure where to send this question, to an OpenBSD list or to the
> PF list. I'm trying to understand why our OpenBSD PF router is not able
> to cope correctly with needed gigabit speeds, and perhaps one of you
> already enc
On Tue, Sep 14, 2004 at 12:51:26PM +0200, Marco Matarazzo wrote:
> Hi Matthew,
>
> I've the same problem here with 3.4 (and had the same problem with 3.3). The
> 'hole' in communication is always just 20 seconds. In the beginning I
> thought about a Spanning Tree issue, but after careful inspectio
On Wed, Mar 10, 2004 at 06:43:33PM +1100, Damien Miller wrote:
> On Tue, 9 Mar 2004, Claudio Jeker wrote:
>
> > The best sollution is to have a full view (with no default route) via bgp
> > and use no-route. So you get a auto-update bogon filter. It is more
> > accurate
On Tue, Mar 09, 2004 at 09:15:11AM -0800, Brian Keefer wrote:
> On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote:
> > Not when you're working on a system that is being attacked with packets
> > with source ip's in the list.
> >
> > In my opinion anyway.
>
> Well, as long as you're using anti-spoo
On Thu, Sep 11, 2003 at 07:37:44PM +0200, Ed White wrote:
> On Thursday 11 September 2003 16:22, Daniel Hartmeier wrote:
> > Oh, the dreaded payload inspection / passing to userland for inspection
> > topic. This is basically unrelated to syn proxying, of course you can
> > combine both once you ha
Hi all,
is there a known problem with skip states and tables in 3.3-stable?
I have multiple rules of the form:
pass in on fxp1 from any to keep state queue a
pass in on fxp1 from any to keep state queue b
pass in on fxp1 from any to keep state queue c
pass in on fxp1 from any to keep state q
On Fri, Jun 20, 2003 at 06:53:08PM +0200, Stefan Sonnenberg-Carstens wrote:
> Hi list,
> I'm sure anyone here knows about the linux virtual server (layer 4 load-balancer).
> I searched the web for an equivalent for *bsd, but found none.
> The only thing which looks like something like a load-balanc
Hi all,
out of curiosity I tried a rule like:
pass in from any to keep state label out_$dstaddr
which results in this funny output:
out_97.108.108.111/0 290089 453609 54227731
It is clear that $dstaddr/$srcaddr can only be used on non table rules so
pfctl should bark on rule loading.
--
:wq
On Tue, Jun 17, 2003 at 06:09:36PM -0600, Glamdring wrote:
> I have been fighting with getting FTP to work through PF without success
> (yet). As I have been perusing this mail list I see many having the
> same problem I am having, the FTP server is a separate machine, behind
> the PF box and for
17 matches
Mail list logo
