as i know you need to specify in your parrent rule a borrow word. So
in anykind of parent rule or sub parent rule you need a borrow rule so
he can borrow from his parrent or his subrules can borrow from the
parrent rule.
something like this :
# First internal interface QoS
altq on $int_if1 cbq b
-- Forwarded message --
From: Nikolay Kalev <[EMAIL PROTECTED]>
Date: Jul 14, 2006 6:10 PM
Subject: Re: PF+ALTQ and WFQ
To: "Karl O. Pinc" <[EMAIL PROTECTED]>
Yes i did and i'm not happy with it at all, it has limitations of
64queues i think and
Use the VLAN interface:
like vlan0 vlan1 vlan2 not the real interface :- it worked for me :-)
On 7/6/06, Peter Blair <[EMAIL PROTECTED]> wrote:
Hello lists! (sorry if cross-list posting is frowned upon)
I'm setting up a BSD/pf machine that will be working as a binat
firewall for a number of
I have a problem with my PF configuration and i'm not sure what causes
it but most likely it is a NAT rules issue.
I have configuration like :
ext_if="em0"
int_if="em1"
kit_if="sk0"
nat_if="sk1"
lo_if="lo0"
tun_if0="tun0"
tun_if1="tun1"
tun_if2="tun2"
tun_if3="tun3"
# nat rules
nat on $nat_if fr
> # Block bad tcp flags from malicious people and nmap scans
> block in log quick on $ext_if proto tcp from any to any flags /S
> block in log quick on $ext_if proto tcp from any to any flags /SFRA
> block in log quick on $ext_if proto tcp from any to any flags /SFRAU
> block in log quick on $ext_
You could try use some example rulesets that stops alot of scans:
# Block bad tcp flags from malicious people and nmap scans
block in log quick on $ext_if proto tcp from any to any flags /S
block in log quick on $ext_if proto tcp from any to any flags /SFRA
block in log quick on $ext_if proto tcp
Where can i find a more advanced schema on how PF is doing filtering
on each packet ?
Something like : interface --> in --> nat --> pf rules ... (
grapfical presentation of where and how each rule PF is acting on each
packet )
Thanks alot !
--
Key fingerprint = 9864 E575 E207 FB90 44C8 26A2
Kelley Reynolds wrote:
On Jan 1, 2006, at 8:52 PM, Peter wrote:
I have written an IP accounting system using pf labels. It runs
every 5
minutes and extracts stats for data entering and leaving my lan. It
works
nicely but I want to go to the next level and graph this data at each
interval
Joe Advisor wrote:
Okay, this is probably a really dumb question, but I
can't figure out how to control the upload bandwidth
of users in a NAT situation. It's a totally trivial
setup:
- -
Using PF for NAT, PPPoE on the obsd box (WAN
connection of the obsd box has a single public IP).
Crea
Jonathan Camenisch wrote:
I can't wait to see the replies on this. What you're describing might
be exactly what I need to do, but I haven't been sure I wanted to deal
with the extra complexity.
On 7/14/05, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
Hi,
It's been said on this list before that
David Hill wrote:
On Sat, Jul 09, 2005 at 03:38:10PM -0400, David Hill wrote:
set skip on sis0
nat on sis0 inet from 10.0.0.0/8 to any -> 216.x.x.x
pass quick all
nat does not work.
Of course not. You didn't expect it to, did you?
If I remove "set skip on sis0", it still
Hello,
I have a few question about pf.
When i do "tcpdump -netttv -i pflog0" with it i get the rule number
which blocked the current packet. Is this the actual number in the
"/etc/pf.conf" file or actual number in "pfctl -s rules" ? Is rules like
scrub or set limit for example counted, are thi
Tihomir Koychev wrote:
Hi
--- Emilio Lucena <[EMAIL PROTECTED]> wrote:
I have the feeling that PF may be having problems
when it tries to
allocate source port during NAT process. It is just
a feeling, though. If
As i think connection which is route-to second
interface is NAT again, becaus
Can please anyone tell me if this is posible or not :
I have several users behind a firewall + nat and i have to accomplish
3 types of shaping per user :
local country shape, internet shape, and upload shape
Is this posible or not with altq. I know for sure that inbound and
outbound can be done bu
14 matches
Mail list logo