On Mon, 19 Sep 2005, Brett Glass wrote:
> At 10:20 AM 9/19/2005, Luigi Rizzo wrote:
>
> >original
> >
> >ipfw add 1000 dosomething cond1 cond2 cond3 cond4 cond5 ... condN
> >
> >negated:
> >
> >ipfw add 1000 skipto 1001 cond1 cond2 cond3 cond4 cond5 ... condN
> >
Hello,
I'm trying to get ftp working from my lan to the internet. I'm using a
deny by default policy and only allowing out specific traffic. My rules are
below. I start pftpx and load the pf.conf file, all is good, until i try to
ftp. Going from the gateway box ftp can at least log on to the
Brett Glass wrote this message on Mon, Sep 19, 2005 at 09:32 -0600:
> At 03:40 AM 9/19/2005, John-Mark Gurney wrote:
>
> >What's awkward about:
> >#define PIPE_FOO 1
> >#define PIPE_BAR 2
> >
> >add pipe PIPE_FOO config bw 64kbit/sec
> >/* ... etc ... */
>
> I've done that, and unfortunately it
The version of ng_split.c packaged with 5.4 Release has a bug in it
that causes items to get lost (not freed) if there are no nodes
connected on the other end.
This has been fixed in the CVS, Revision 1.7
Would it be possible to bring this 1.7 revision into FreeBSD 5.4 Release?
David
___
Oops! In my earlier message, I said:
>This doesn't work, because you must transform cond1 && cond2 && cond3...
>into multiple rules that implement ~(cond1 || cond2 || cond3...).
I should have said that you must implement !(!cond1 || !cond2 || !cond3...).
--Brett
___
At 10:20 AM 9/19/2005, Luigi Rizzo wrote:
>original
>
>ipfw add 1000 dosomething cond1 cond2 cond3 cond4 cond5 ... condN
>
>negated:
>
>ipfw add 1000 skipto 1001 cond1 cond2 cond3 cond4 cond5 ... condN
>ipfw add 1000 dosomething
This doesn't work, because you must transfor
At 10:08 AM 9/19/2005, Jeremie Le Hen wrote:
>OTOH, I agree with Luigi about the "resume" keyword. This introduces
>a kind of linked-lists, but this is just syntactic sugar and I can't
>see any performance improvement with this.
I think that a few examples might show why it'd be more than
syntac
Hi,
> > >>> In contrast, on Linux (by default), it
> > >>> responds as long as the target IP address in ARP Request matches with
> > >>> any "local" IP address on the system, which is not necessarily an IP
> > >>> address assigned to the interface through which the ARP request is
> > >>> received.
On Mon, Sep 19, 2005 at 06:08:53PM +0200, Jeremie Le Hen wrote:
> Luigi, Brett,
>
> > >in terms of implementation, if you want to add it, the best place
> > >would be to add the 'skipto' fields to each 'action' opcode.
> > >I am not very interested in implementing it, though, because i still see
>
Luigi, Brett,
> >in terms of implementation, if you want to add it, the best place
> >would be to add the 'skipto' fields to each 'action' opcode.
> >I am not very interested in implementing it, though, because i still see
> >ipfw as a low-level language.
Is it a goal or an observation ?
> I don
At 09:16 AM 9/19/2005, Luigi Rizzo wrote:
>> >Same for as the 'resume' option. It might be nice to have,
>> >however but there is already a two-rule version (the one i
>> >suggested, follow the non-terminating action with a skipto rule)
>> >so its absence is not blocking you from doing what you w
Max Laier wrote:
On Monday 19 September 2005 02:40, Andre wrote:
[...]
# echo "set limit src-nodes 1000" | pfctl -f -
pfctl: DIOCSETLIMIT: Invalid argument
[...]
Can you please try the attached patch and report back. Seems like I missed an
initialization there :-\
It worked!
Thank you!
At 03:40 AM 9/19/2005, John-Mark Gurney wrote:
>What's awkward about:
>#define PIPE_FOO 1
>#define PIPE_BAR 2
>
>add pipe PIPE_FOO config bw 64kbit/sec
>/* ... etc ... */
I've done that, and unfortunately it does not solve the problem
I'm describing.
The awkward and inefficient part comes when
On Mon, Sep 19, 2005 at 09:11:33AM -0600, Brett Glass wrote:
> At 01:59 AM 9/19/2005, Luigi Rizzo wrote:
>
> >Same for as the 'resume' option. It might be nice to have,
> >however but there is already a two-rule version (the one i
> >suggested, follow the non-terminating action with a skipto rule)
At 01:59 AM 9/19/2005, Luigi Rizzo wrote:
>Same for as the 'resume' option. It might be nice to have,
>however but there is already a two-rule version (the one i
>suggested, follow the non-terminating action with a skipto rule)
>so its absence is not blocking you from doing what you want.
That op
On Monday 19 September 2005 02:40, Andre wrote:
> I can't set 'limit src-nodes' with pfctl on a FreeBSD 5.4-RELEASE
> system. This is the error I get:
>
> # echo "set limit src-nodes 1000" | pfctl -f -
> pfctl: DIOCSETLIMIT: Invalid argument
>
> I'm able to set 'states' and 'frags' just fine:
>
> #
Current FreeBSD problem reports
Critical problems
Serious problems
Non-critical problems
S Submitted Tracker Resp. Description
---
o [2003/07/11] kern/54383 net [nfs] [patch] NFS root configurations w
Brett Glass wrote this message on Mon, Sep 19, 2005 at 01:32 -0600:
> At 12:56 AM 9/19/2005, Luigi Rizzo wrote:
>
> >[see long original request below]
> >
> >Bret, you want a block structured ipfw control language, but
> >ipfw is an assembly language. You have to live with that.
> >Your only way
On Mon, Sep 19, 2005 at 01:32:33AM -0600, Brett Glass wrote:
...
> Unfortunately, this requires inverting the sense of rules. And in IPFW's
> very simplistic language, you can't invert a single rule with more
> than one condition into another single rule because you can only
yes i know. you need t
> > But that ARP thing happens also with interfaces that are not part of
> > the bridge! Even if the interfaces are ifconfiged NOARP.
>
> This is not what I observed... which of the 3 bridging implementations
> (bridge, if_bridge, ng_bridge) have you seen this behaviour with?
Hummm, I am not sure
At 12:56 AM 9/19/2005, Luigi Rizzo wrote:
>[see long original request below]
>
>Bret, you want a block structured ipfw control language, but
>ipfw is an assembly language. You have to live with that.
>Your only way out is
>A. write a translator from high level to low level language
> (many peop
21 matches
Mail list logo
