Jeremy Chadwick wrote:
> On Wed, Aug 06, 2008 at 10:21:51AM +0200, Jordi Espasa Clofent wrote:
>>> Well, there are always Juniper Networks boxes :-)
>> I do the same (even more in some points) as Juniper boxes with simple
>> standard boxes with OpenBSD and PF.
>>
>> At present day my central FWs
I'm amazed at the fact that people are actually comparing FreeBSD with
pf to Juniper routers. I've a bit of experience with M20s and M40s, and
I can assure you they're VERY different than a little x86 PC routing
packets, and are significantly faster due to hardware routing.
For example, you shou
On Wed, Aug 06, 2008 at 10:21:51AM +0200, Jordi Espasa Clofent wrote:
>> Well, there are always Juniper Networks boxes :-)
>
> I do the same (even more in some points) as Juniper boxes with simple
> standard boxes with OpenBSD and PF.
>
> At present day my central FWs are simply standard 2 boxes
Well, there are always Juniper Networks boxes :-)
I do the same (even more in some points) as Juniper boxes with simple
standard boxes with OpenBSD and PF.
At present day my central FWs are simply standard 2 boxes (each one cost
1000 euros aprox); I remember the Juniper guy offering me a 'ch
El día Tuesday, August 05, 2008 a las 08:55:38AM -0400, Andrew Duane escribió:
> Well, there are always Juniper Networks boxes :-)
Exactly this is what I'm not wanting to end up with :-)
--
Matthias Apitz
w http://www.UnixArea.de/
b http://gurucubano.blogspot.com/
We should all learn from the p
Well, there are always Juniper Networks boxes :-)
-Original Message-
From: [EMAIL PROTECTED] on behalf of Matthias Apitz
Sent: Tue 8/5/2008 4:05 AM
To: freebsd-hackers@freebsd.org
Subject: Fwd: Q: case studies about scalable,enterprise-class firewall w/
IPFilter
Hello,
I've p
Hello Matthias,
On Tuesday 05 August 2008 10:05:20 Matthias Apitz wrote:
> We're currently protecting our network (and as well some FreeBSD laptops
> standalone) with IPFilter... I'm wondering if there are any case studies
> about scalable, enterprise-class firewall solutio
age from Matthias Apitz <[EMAIL PROTECTED]> -
>
> From: Matthias Apitz <[EMAIL PROTECTED]>
> Date: Sun, 3 Aug 2008 08:24:15 +0200
> To: IP Filter <[EMAIL PROTECTED]>
> Subject: Q: case studies about scalable, enterprise-class firewall
> w/ IPFilter
>
>
>
s has an idea? thanks in advance
>
>matthias
>
> - Forwarded message from Matthias Apitz <[EMAIL PROTECTED]> -
>
> From: Matthias Apitz <[EMAIL PROTECTED]>
> Date: Sun, 3 Aug 2008 08:24:15 +0200
> To: IP Filter <[EMAIL PROTECTED]>
> Subject: Q: c
-
From: Matthias Apitz <[EMAIL PROTECTED]>
Date: Sun, 3 Aug 2008 08:24:15 +0200
To: IP Filter <[EMAIL PROTECTED]>
Subject: Q: case studies about scalable, enterprise-class firewall w/ IPFilter
Hello,
We're currently protecting our network (and as well some FreeBSD laptops
stan
Please file a PR.
Darren
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
IPNat and IPFilter are enabled.
IPFW rules are empty.
#uname -a
FreeBSD gw1.awax.corp 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #15: Wed Oct 24
10:05:34 MSD 2007 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/GW i386
OPTIONS Part of kernel config file
makeoptions DEBUG=-g
Hi guys,
The 'return-rst' option in ipfilter does not work for ipv6. I sent a problem
report and just in case decided to send this patch here too. That option
saves a lot of headache and it would be very nice to have it work properly.
The patch was originally written by Peter Postma. I
s.th.
like:
"Can anybody tell me the order packets get processed in kernel related
to IPSec, NAT/divert, ipfw, ipfilter, ... for incoming, outgoing,
forwarding... ?". What about bpf, ... ?
Is there any chance that some of the gurus can draw one or more ascii
arts or xfig or whatever images
I am trying to increase the state table on IPFILTER and also the NAT_SIZE
option but on the ipfilter how-to it says to alter a file called ipf_state.h
This file is not available on FreeBSD. Where is the included batch of files
that compiles ipfilter into the kernel? Specifically, are there
That's not how you specify rules. Read the ipf(8) manual page.
Cheers
Nate
> (14:58) root@(bgd)[~] ipf block in all from any to any
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
On 2002-07-10 14:55 +, Bogdan TARU wrote:
>
> (14:57) root@(bgd)[~] ipf -E
> IP Filter: already initialized
> (14:58) root@(bgd)[~] ipf block in all from any to any
> (14:58) root@(bgd)[~] ipfstat -i
> empty list for ipfilter(in)
> (14:58) root@(bgd)[~] ipfstat -o
>
T> options IPDIVERT#divert sockets
BT> options IPFILTER#ipfilter support
BT> options IPFILTER_LOG#ipfilter logging
BT> rebooted that kernel, and tried:
BT> (14:57) root@(bgd)[~] ipf -E
BT> IP Filter: already initializ
transparent proxy support
options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by
default
options IPDIVERT#divert sockets
options IPFILTER#ipfilter support
options IPFILTER_LOG
Darren Reed wrote:
>> >That sounds like a good plan.
>>
>> OK, updated patches for stable and current are available from:
>>
>> http://home.iae.nl/users/devet/freebsd/
>>
>> I include the README here:
>[...]
>
>How is this progressing ?
Doug Barton asked whether he could review the patch
.
> >>
> >> Maybe it's a good idea if Giorgos and I together come up with 1 'big'
> >> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of
> >> both our patches?
> >
> >That sounds like a good plan.
>
> OK, u
Darren Reed wrote:
>In some email I received from Arjan de Vet, sie wrote:
>> I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/)
>> trying to fix more or less the same bugs/problems.
>>
>> Maybe it's a good idea if Giorgos and I together come
urrent ?
> >
> > I wrote similar patches (see http://home.iae.nl/users/devet/freebsd/)
> > trying to fix more or less the same bugs/problems.
> >
> > Maybe it's a good idea if Giorgos and I together come up with 1 'big'
> > ipfilter /etc/rc.* and rc.
home.iae.nl/users/devet/freebsd/)
> trying to fix more or less the same bugs/problems.
>
> Maybe it's a good idea if Giorgos and I together come up with 1 'big'
> ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of
> both our patches?
That sounds
t's a good idea if Giorgos and I together come up with 1 'big'
ipfilter /etc/rc.* and rc.conf.5 patch which includes the best parts of
both our patches?
Arjan
--
Arjan de Vet, Eindhoven, The Netherlands <[EMAIL PROTECTED]>
URL: http://www.iae.nl/users/dev
In some email I received from Giorgos Keramidas, sie wrote:
> On Tue, Oct 23, 2001 at 07:45:11PM +0200, Gerhard Sittig wrote:
> >
> > I get the feeling this - inappropriate - setting of a _program
> > variable is due to my misguided suggestion in PR conf/20202
> > which verbatimly made it into the
ly one who wants to see some cleanups (including
bugfixes) to the ipfilter /etc/rc.* code and manual pages :).
Arjan
--
Arjan de Vet, Eindhoven, The Netherlands <[EMAIL PROTECTED]>
URL: http://www.iae.nl/users/devet/ <[EMAIL PROTECTED]>
To Unsubscribe: send ma
On Tue, Oct 23, 2001 at 07:45:11PM +0200, Gerhard Sittig wrote:
>
> I get the feeling this - inappropriate - setting of a _program
> variable is due to my misguided suggestion in PR conf/20202
> which verbatimly made it into the FreeBSD start scripts. If it
> doesn't fit the usual rules feel free
>I am wondering if anyone knows of any workarounds to
>get IPFilter to filter across an ethernet bridge.
this a FAQ, or at least a Recently AQ.
ipfilter bridging only works on OpenBSD
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 &
Hello,
I am wondering if anyone knows of any workarounds to
get IPFilter to filter across an ethernet bridge. The
bridge is working fine, and so is ipf, but ipf has no
effect on any packets that go across the bridge.
Pings to localhost are monitored and filtered, but
that's about it.
1)
Aug 3 15:41:15 www /kernel: panic: vm_page_remove(): page not found in
hash
Aug 3 15:41:15 www /kernel:
seems box rebooted after that
freebsd 4.3 release.
2)
echo "starting firewall"
kldload /modules/ipl.ko
ipf -f /etc/ipf.rules
another problems with this box i
> at least there is a GUI for ipchains (albeit a lousy one). Is there one for
> ipfilter anywhere?
"FireWall Builder", http://www.crocodile.org/~vadim/fwbuilder/
Available in /usr/ports/security/fwbuilder
It does ipchains, iptables, ipfilter, and I believe Cisco A
I'd like to volunteer to maintain ipfilter. I already told several people
at the usenix conference, but as I have seen others taking interest as
well, it seems right to at least spread it more publicly.
I am still waiting for a machine I won at the conference to start on it
though so it
I'd like to volunteer to maintain ipfilter. I already told several people
at the usenix conference, but as I have seen others taking interest as
well, it seems right to at least spread it more publicly.
I am still waiting for a machine I won at the conference to start on it
though so it
> > this might ease life to those who want to replace ipfw with ipfilter
> > for dummynet or similar things, if nothing else.
>
> Thank you, Luigi. Could you please help me with some basics?
...
what i do in dummynet is to queue the packet (wheter it comes from
ip_input() or ip
ide to convert the packet,
> > but it doesn't have it ready-to-go when it has to return. However,
> > it may have it ready at some later time, possibly when it processes
> > a hardware interrupt and sees that the co-processor has finished its
> > work on the packet. Can i
> it may have it ready at some later time, possibly when it processes
> a hardware interrupt and sees that the co-processor has finished its
> work on the packet. Can ipfilter handle this?
no idea about ipfilter, but i guess not -- in the case of ipfw i
did have to implement exactly this
Hi All,
I'm now analyzing ipfilter in 3.2 and our goal is to port our
IPSec/firewall. I'm still in the beginning of reading the code
so, at this time, I can't yet tell how nice it fits our needs.
I just have some concerns which I'd like the people who are
going to re-design
38 matches
Mail list logo
