Kevin Oberman wrote:
>
> For ipfw you need something like "allow ip from any to me frag". If you
> want to restrict this to DNS, restrict it to dst-port 53.
Unfortunately, UDP fragments only contain the port number in the very first
fragment. So you will not be able to forward the later fragment
Yup, I wrote that :)
Sean, I will check around to see if anything may have changed in that
regard.
Jack
On Fri, Jan 30, 2015 at 5:00 PM, hiren panchasara <
hi...@strugglingcoder.info> wrote:
> On Fri, Jan 30, 2015 at 01:11:50PM -0800, Sean Bruno wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE
On Fri, 30 Jan 2015 16:57:28 -0800, Kevin Oberman wrote:
> On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov wrote:
> > I could not resolve names with DNSSEC (for example, in freebsd.org
> > domain) on two of my installations, one with FreeBSD 11 and other with
> > FreeBSD 9.3.
> >
> > Sym
On Fri, Jan 30, 2015 at 01:11:50PM -0800, Sean Bruno wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> http://www.intel.com/content/dam/doc/datasheet/82574l-gbe-controller-datasheet.pdf
>
> According to 7.1.11, this device does indeed have 2 queues for stuff and
> or things. So,
On Wed, Jan 28, 2015 at 9:13 AM, Lev Serebryakov wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
> I could not resolve names with DNSSEC (for example, in freebsd.org
> domain) on two of my installations, one with FreeBSD 11 and other with
> FreeBSD 9.3.
>
> Symptoms are the same:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165622
Andrew Wilcox changed:
What|Removed |Added
CC||awil...@wilcox-tech.com
--- Commen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.intel.com/content/dam/doc/datasheet/82574l-gbe-controller-datasheet.pdf
According to 7.1.11, this device does indeed have 2 queues for stuff and
or things. So, basic RSS would be possible in something like an Atom box.
I note that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 30.01.2015 12:22, wishmaster wrote:
> At first, i think you should move keep-state from skipto to
> explicit allow rule.
Yep! I like it TOO!
> For my case with 4 ISP link I use something like this example, but
> more complex, though.
Could you
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197059
Andrey V. Elsukov changed:
What|Removed |Added
Assignee|freebsd-b...@freebsd.org|a...@freebsd.org
On Fri, 30 Jan 2015 12:05:07 +0300, Lev Serebryakov wrote:
> On 30.01.2015 05:33, Julian Elischer wrote:
>
> >> 12700 skipto 12900 ip from any to any keep-state 12800 deny ip
> >> from any to any 12900 nat 1 ip from any to any out 12999 allow ip
> >> from any to any
> >>
> >> And rules for
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197059
--- Comment #1 from Dmitry Sivachenko ---
For us this is rather severe problem (it take about 10 seconds to leave machine
without working network).
If these LORs are not enough to debug this issue, I am more than willing to
provide any ne
Hi,
below my experience.
--- Original message ---
From: "Lev Serebryakov"
Date: 30 January 2015, 02:37:54
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
>
> I have problems to understand how combination of nat and stateful
> ruleset for ipfw should work. There is no good gui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 30.01.2015 05:33, Julian Elischer wrote:
>> 12700 skipto 12900 ip from any to any keep-state 12800 deny ip
>> from any to any 12900 nat 1 ip from any to any out 12999 allow ip
>> from any to any
>>
>> And rules for inbound ones are:
>>
>> 11000
13 matches
Mail list logo
