On Wed, 13 Jan 2010, Vadim Zhukov wrote:
> On 13 January 2010 P3. 06:07:35 shweg...@gmail.com wrote:
>> I just installed a snapshot and run it from a usb thumb.
>> The 'iwn' has exactly the same issues (that is hanging after a minute
>> or so of usage and working again after doing 'up down') as with
>> -release, including the 'ping'
>> hanging there and not giving the 'packet loss' error, which I cannot
>> really understand since it worked just fine until a couple of days
>> ago.
>>
>> any ideas?
>
> I can recommend you to show your pf.conf on the list, there was some work
> on PF too. Problems with ping could be related to PF changes. Of
> course, "up-down" means you need help from Damien Bergamini
> <dam...@openbsd.org> .
>
> --
> Best wishes,
> Vadim Zhukov
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?
>
Well, this is my pf.conf. but I dare to think the problem is not there,
since it worked fine until two days ago and I did non make changes to it.
It is a very simple pf.conf for a desktop, comments welcomed
I will eventually write to Damien Bergamini.
Thanks.
# cat /etc/pf.conf
# interface
ext_if="iwn0"
# tables
table <brutes> persist
table <martians> const persist { 127/8, 192.168/16, 172.16/12, 10/8, 0/8,
169.254/16, 192.0.2/24, 240/4 }
# options
set block-policy drop
set loginterface $ext_if
set skip on lo0
# scrub
match in all scrub (no-df max-mss 1440)
# antispoof
antispoof for $ext_if
# block everything
block in log all
block out all
# block evil
block in quick on $ext_if from <martians> to any
block in quick from <brutes> to any
# allow ssh connections
pass in on $ext_if proto tcp from any to any port ssh keep state \
(max-src-conn-rate 2/10, overload <brutes> flush global)
# pass out all traffic
pass out on $ext_if inet all
