On 19 Dec 2005 14:33:27 -0800
"Jonathan Rogers" <[EMAIL PROTECTED]> wrote:
: The think I can't understand is that I'm explicitly passing this kind
: of traffic:
:
:pass in quick on $dmz_if inet proto tcp from 192.168.3.0/26 to any
: port { 53 80 }
: keep state flags S/SA label "pass
On Tue, 7 Sep 2004 09:33:37 +0200
Jedi/Sector One <[EMAIL PROTECTED]> wrote:
: Is it planned to add PF shirts to the OpenBSD store?
: That one is cute :)
:
: http://openbsd.org/papers/bsdcan04-pf/mgp2.html
:
:--
: __ /*-Frank DENIS (Jedi/Sector One) -*\ __
: \ '/http://www.P
On Thu, 2 Sep 2004 02:04:00 +0200
Ed White <[EMAIL PROTECTED]> wrote:
:Hi,
:
:I'm playing with OpenBSD 3.6-beta.
:
:I wanted to test spamd with greylisting, but it seems that the interaction
:with PF is broken. In short spamd doesn't add anything to /var/db/spamd so
:I'll never get my IP added t
OpenBSD 3.6 now comes with shiney red buttons. Buy it starting November
1st.
On Tue, 24 Aug 2004 13:47:15 -0500 (CDT)
Jeff Wilson <[EMAIL PROTECTED]> wrote:
:Could you post a brief synopsis, marketroid style, of incentives to
:upgrading to 3.6? (BTW, when will it be released?) I know I could
On Mon, 24 May 2004 23:19:21 +0200
Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
:On Mon, May 24, 2004 at 12:59:15PM -0500, Peter Hessler wrote:
:
:> Just updated my firewall to the May 21st source, and I am having a
:problem> with synproxy. My synproxy rule is:
:
:This is the seco
Just updated my firewall to the May 21st source, and I am having a problem
with synproxy. My synproxy rule is:
pass in on $ext_if proto tcp from any to { $gateway $prozac $paxil $effexor
$effexor2 } port ssh synproxy state queue(q_def, q_pri)
and that worked quite fine. After the update, I coul
Run an at(1) job for 5 minutes in the future. Have it put /etc/pf.conf as
the active ruleset. Then install a ruleset that isn't /etc/pf.conf (like
from your home directory, or the like). If it works, just kill the at(1)
job. If it doesn't, wait 5 minutes.
I also like the `shutdown -r +2; pfctl
On Thu, 18 Mar 2004 10:02:15 -0500
Jason Dixon <[EMAIL PROTECTED]> wrote:
:
:Not according to pf.conf (5):
:
:If the pass modifier is given, packets matching the translation rule are
: passed without inspecting the filter rules
:
:Is this taken out of context?
:
:--
:Jason Dixon, RHCE
:DixonG
On Thu, 18 Mar 2004 06:27:39 -0500
Jason Dixon <[EMAIL PROTECTED]> wrote:
:Thanks, that works. Looking at pf.conf (5), it appears that "rdr pass"
:is just a feature to bypass the normal filtering rule. I don't see why
:my mine would've failed. I'm running 3.4 -stable. Any ideas?
No, it adds
On Mon, Feb 23, 2004 at 05:21:07AM -0800, Brent Bolin wrote:
:I can see how the IP's can be inserted into the table rule. My
:question is what should be running on port 8025 to really bug the
:spammers ?
:
:rdr inet proto tcp from to any port 25 -> 127.0.0.1 port
:8025
:
:Now it simply gets a con
On Wed, 28 Jan 2004 19:58:18 -0600
"Karl O. Pinc" <[EMAIL PROTECTED]> wrote:
:Hi,
:
:I'm using OpenBSD 3.3 stable as of Jan 23 and find that
:comment lines in pf.conf are continued when they end with a \.
That is a feature, not a bug. ;-) Sorry you don't like it.
--
DeVries's Dilemma:
On Wed, 14 Jan 2004 09:11:42 -0600
"Slavov, Vasil" <[EMAIL PROTECTED]> wrote:
:I am trying to modify the following rule from the example
:provided at the end of the packet filtering section of the
:pf faq:
:http://openbsd.org/faq/pf/filter.html
:
:block return in quick on $int_if proto tcp from
I know I'm doing something (semi) silly, but this might be considered a bug.
My mail server has both IPv6 and IPv4, and most everything is dual, except
for pop3. If I enable synproxy on that server, it seems to hang. I
believe what it does, is my client connects to PF, it does the
three-way-hand
"flags S" -> "flags S/SA" might count. Although, you could call the first
version incorrect in any case.
On Wed, 31 Dec 2003 20:08:28 -
"Dom De Vitto" <[EMAIL PROTECTED]> wrote:
:I don't recall there EVER being a non-backward compatible change to
:PF - can anyone correct me on this?
:(cross-
On Mon, 15 Dec 2003 00:23:58 +
Ryan McBride <[EMAIL PROTECTED]> wrote:
:I just committed code which adds support to track stateful connections
:by source IP address. This allows a user to:
:- Ensure that clients get a consistent IP mapping with load-balanced
: translation/routing rules
:- Lim
You can look at ftp-proxy. This sort of thing won't enter the kernel, but
you can write userland programs to take care of them.
On Wed, 5 Nov 2003 10:47:22 -0600
Nick Buraglio <[EMAIL PROTECTED]> wrote:
:I'm looking for anyone that knows of a bsd project that does something
:similar to to the L
g forward to 3.3 CD to try the ALTQ tools - Ed
:
: -Original Message-
: From: Peter Hessler [mailto:[EMAIL PROTECTED]
: Sent: Tuesday, March 18, 2003 7:04 AM
: To: Marc Balmer
: Cc: [EMAIL PROTECTED]
: Subject: Re: PF, ALTQ on Bridge?
:
:
: Works as well as I can tell. I use it on an in
Works as well as I can tell. I use it on an invisible firewall,
ADSL 1.5Mb down/ 256Kb up. I can do an ftp upload and download
to my ISP, and still browse with little to no delay. =)
On Tue, Mar 18, 2003 at 07:24:17AM +0100, Marc Balmer wrote:
: Gentlemen,
:
: does ALTQ perform well (if it wor
18 matches
Mail list logo