https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=93815
Mark Linimon changed:
What|Removed |Added
Resolution|--- |Overcome By Events
Statu
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=93815
Zane C. Bowers-Hadley changed:
What|Removed |Added
CC||vve...@vvelox.net
--- Comme
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=93815
Mark Linimon changed:
What|Removed |Added
CC||i...@freebsd.org
--- Comment #10 fro
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285066
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|i...@freebsd.org
Keywords
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=108589
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|i...@freebsd.org
--
You are receiv
bin/sh
>
> fwcmd="/sbin/ipfw -q"
>
> ${fwcmd} -f flush
>
> ${fwcmd} add allow proto tcp src-ip me setup keep-state :default
>
> ${fwcmd} add allow proto udp src-ip me keep-state :default
>
>
>
> And, I found these rules is not protecting my FreeBSD box.
>
my firewall_script as follows:
>
#!/bin/sh
fwcmd="/sbin/ipfw -q"
${fwcmd} -f flush
${fwcmd} add allow proto tcp src-ip me setup keep-state :default
${fwcmd} add allow proto udp src-ip me keep-state :default
And, I found these rules is not protecting my FreeBSD box.
Que
On 6/9/12 4:19 AM, Sami Halabi wrote:
Hi,
all rules togther less than 80 rules
how tablearg helps this? each ip & pipe (up & down) are unique...
any other advices?
also, make sure that all rules are only evaluate by packets that might
actually test true..
i.e.
separate out different in
on my box with 130 rules 100Mbit the cpu don't go above 5%.
I daily manage 1.5-6GB.
Thanks in advance,
Sami
On Sat, Jun 9, 2012 at 11:21 PM, Michael Spratt <
m...@magicislandtechnologies.com> wrote:
> I have Linux & FreeBSD systems running ipfw with 80 rules with 70Mb/s
> symmetric, passing traf
I have Linux & FreeBSD systems running ipfw with 80 rules with 70Mb/s
symmetric, passing traffic for about 1000-1200 hosts.
Alexander V. Chernikov wrote:
On 09.06.2012 01:56, Sami Halabi wrote:
Hi,
I Manage a FreeBSD server as an edge router& firewall.
the setup has 10G interfaces (ixgbe-825
On Sat, Jun 09, 2012 at 03:36:15PM +0400, Alexander V. Chernikov wrote:
> On 09.06.2012 15:19, Sami Halabi wrote:
> >Hi,
> >all rules togther less than 80 rules
> However, it is too much.
> You should reduce this to 10 rules or less (at least for main traffic flow).
you should definitely try h
On 09.06.2012 15:19, Sami Halabi wrote:
Hi,
all rules togther less than 80 rules
However, it is too much.
You should reduce this to 10 rules or less (at least for main traffic flow).
(Btw, there is related http://wiki.freebsd.org/NetworkPerformanceTuning
wiki page)
how tablearg helps
Hi,
all rules togther less than 80 rules
how tablearg helps this? each ip & pipe (up & down) are unique...
any other advices?
Sami
On Sat, Jun 9, 2012 at 1:15 PM, Alexander V. Chernikov wrote:
> On 09.06.2012 01:56, Sami Halabi wrote:
>
>> Hi,
>>
>> I Manage a FreeBSD server as an edge ro
On 09.06.2012 01:56, Sami Halabi wrote:
Hi,
I Manage a FreeBSD server as an edge router& firewall.
the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB&
bce-BCM5709) connected to 10G/1G switches.
With the following setup i get higher cpu usage:
bce1-upstream provider with
Hi,
I Manage a FreeBSD server as an edge router & firewall.
the setup has 10G interfaces (ixgbe-82599EB) and 1G interfaces(em-82571EB &
bce-BCM5709) connected to 10G/1G switches.
With the following setup i get higher cpu usage:
bce1-upstream provider with little bandwidth, so i use pipes to limit
Synopsis: [ipfw] [patch] Port numbers always zero in dynamic IPFW rules for
SCTP over IPv4
State-Changed-From-To: open->closed
State-Changed-By: ae
State-Changed-When: Thu Apr 7 11:22:13 UTC 2011
State-Changed-Why:
Committed to head/ and stable/8. Thanks!
http://www.freebsd.org/cgi/qu
Synopsis: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat
enabled
Responsible-Changed-From-To: freebsd-ipfw->hrs
Responsible-Changed-By: hrs
Responsible-Changed-When: Wed Jan 5 01:06:05 UTC 2011
Responsible-Changed-Why:
Take.
http://www.freebsd.org/cgi/query-pr.cgi
Old Synopsis: Port numbers always zero in dynamic IPFW rules for SCTP over IPv4
New Synopsis: [ipfw] [patch] Port numbers always zero in dynamic IPFW rules for
SCTP over IPv4
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Fri
Synopsis: [PATCH] [8.2-BETA1] ipfw rules fail to load cleanly on start if nat
enabled
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Tue Dec 14 20:26:08 UTC 2010
Responsible-Changed-Why:
Over to maintainer(s).
h
Synopsis: [ipfw] IPFW Rules bug
State-Changed-From-To: open->closed
State-Changed-By: olli
State-Changed-When: Wed Aug 4 15:07:12 UTC 2010
State-Changed-Why:
According to the originator, this PR can be closed.
http://www.freebsd.org/cgi/query-pr.cgi?pr=97
The following reply was made to PR kern/97504; it has been noted by GNATS.
From: Oliver Fromme
To: bug-follo...@freebsd.org, freebsd-ipfw@FreeBSD.org,
marcelo...@hotmail.com (Marcelo Machado)
Cc:
Subject: Re: kern/97504: [ipfw] IPFW Rules bug
Date: Wed, 4 Aug 2010 15:38:13 +0200 (CEST
Hello Marcelo,
I just stumbled across this old PR which is still open.
Apparently the problem was caused by missing DNS access,
not a bug in IPFW itself. Note that DNS queries often
happen "behind the scenes". Even if you use IP numbers
only, many programs will try to perform reverse-lookup.
D
Julian Elischer пишет:
Anatoliy wrote:
Greetings to all.
I have a problem to optimise ipfw rules.
When I have started to search for the decision there were some questions
How it is possible to find out how many
loading gives this or that rule or all corrected as a whole.
Prompt as it better to
Anatoliy wrote:
Greetings to all.
I have a problem to optimise ipfw rules.
When I have started to search for the decision there were some questions
How it is possible to find out how many
loading gives this or that rule or all corrected as a whole.
Prompt as it better to make in practice?
As it
Greetings to all.
I have a problem to optimise ipfw rules.
When I have started to search for the decision there were some questions
How it is possible to find out how many
loading gives this or that rule or all corrected as a whole.
Prompt as it better to make in practice?
As it would be
----#
$cmd 02000 deny log all from any to any
#-# End of IPFW rules file
##
--
Lysergius says "Stay light and trust gravity"
_
Hi,
On Fri, Mar 7, 2008 at 2:54 PM, Anders Häggström <
[EMAIL PROTECTED]> wrote:
> Hello list!
>
> I have tried to solve this configuration-issue for a time now but
> without success, so I'm asking if anyone can help me with an
> example-ruleset or point me to some good documentation that descri
Hello list!
I have tried to solve this configuration-issue for a time now but
without success, so I'm asking if anyone can help me with an
example-ruleset or point me to some good documentation that describe
this type of setup.
My scenario is a webserver at 10MBit/s with httpd-service, ftp-seriv
mufalani wrote:
Hi all,
Thank you for help me in configure NAT ... It´s working perfectly!!!
One another doubt...
where my public address = 200.X.Y.Z
and my trusted addresses = 201.1.2.3, 205.6.7.8
I want to only liberate the access to IP 200.X.Y.Z
for addresses: 201.1.2.3, 205.6.7.8 an
Hi all,
Thank you for help me in configure NAT ... It´s working perfectly!!!
One another doubt...
where my public address = 200.X.Y.Z
and my trusted addresses = 201.1.2.3, 205.6.7.8
I want to only liberate the access to IP 200.X.Y.Z
for addresses: 201.1.2.3, 205.6.7.8 and to block for the
Old Synopsis: IPFW Rules bug
New Synopsis: [ipfw] IPFW Rules bug
Responsible-Changed-From-To: freebsd-amd64->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Wed Jun 14 09:15:26 UTC 2006
Responsible-Changed-Why:
This does not sound amd64-specific.
http://www.freebsd.
Hi all,
I need a help to configure my ipfw rules , that they are below.
When active ipfw with this script, nat does not function, and with the
rules of the NAT alone , it it functions normally.
If I make this, I work normally! My pages are showed normally
ipfw add divert 8668 ip from any
How to work this rules?
ipfw add allow tcp from any to me setup limit src-addr 4
and
ipfw add allow tcp from my_net to any setup limit src-addr 10
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To uns
Synopsis: [patch] System panic when i use uid/gid ipfw rules.
Responsible-Changed-From-To: freebsd-ipfw->oleg
Responsible-Changed-By: oleg
Responsible-Changed-When: Fri Feb 3 23:58:24 UTC 2006
Responsible-Changed-Why:
take over.
http://www.freebsd.org/cgi/query-pr.cgi?pr=92
Synopsis: [patch] System panic when i use uid/gid ipfw rules.
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: glebius
Responsible-Changed-When: Thu Feb 2 12:28:26 UTC 2006
Responsible-Changed-Why:
For ipfw list review.
http://www.freebsd.org/cgi/query-pr.cgi
Hi!
I want to build an freeBSD gateway. I had configured all i need, but i
dont understand something. What is corect order for ipfw.
I have rule that divert traffic:
ex: add 50 divert natd all from any to any via rl0
I want to put firewall rule to block some traffic or ports.
I want to build so
36 matches
Mail list logo
