Hi,
Sorry guys if somehow the information I post in this thread is
incomplete.
We are using PF from FreeBSD 7.0 and using the rules we used from
openbsd 4.0 PF. With the help of Jeremy chadwick, I found out that
modulate state is broken in FreeBSD PF so I replaced all rules that uses
modulate st
Mark Pagulayan wrote:
I am using bridge pf:
I only allow pass all on my internal interface. So there is no other
rule for that interface. How do I know that states are mismatched for
both internal and external?
could you post your full ruleset and a quick description of your net
topology? the
Hi Jill,
I am using bridge pf:
I only allow pass all on my internal interface. So there is no other
rule for that interface. How do I know that states are mismatched for
both internal and external?
Cheers,
Mark
-Original Message-
From: Jille [mailto:[EMAIL PROTECTED]
Sent: Thursday
Hello,
Mark Pagulayan schreef:
Hi Tom,
I have just zeroed in the statistics and yes the state-mismatch is still
increasing.
If I do enable logging, how would I know that packet is mismatched?
If you use tcpdump, the standard flags will also show what rule it matched,
so if it is an 'pas
Hi Tom,
I have just zeroed in the statistics and yes the state-mismatch is still
increasing.
If I do enable logging, how would I know that packet is mismatched?
Cheers,
Mark
-Original Message-
From: Tom Uffner [mailto:[EMAIL PROTECTED]
Sent: Thursday, 15 May 2008 11:55 a.m.
To: Kia
Kian Mohageri wrote:
On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan
The way I see this is that this rule would be applied to udp traffic as
well which will be dropped/blocked because flags only work for tcp and
this might be the cause of state-mismatches that I see in the table -
'flags S/SA
On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan
<[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
>
>
> OS: FreeBSD 7.0-RELEASE
>
>
>
> Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
> inserts 'Flags S/SA' to rules?
>
>
It does... actually 'flags S/SA keep state'.
>
> The problem
Mark Pagulayan wrote:
OS: FreeBSD 7.0-RELEASE
Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
inserts 'Flags S/SA' to rules?
this is correct.
The problem is that when it comes to this rule:
pass in quick on $int_if
after loading to pf
pass in quick on em0 flags
Hi Guys,
OS: FreeBSD 7.0-RELEASE
Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
inserts 'Flags S/SA' to rules?
The problem is that when it comes to this rule:
pass in quick on $int_if
after loading to pf
pass in quick on em0 flags S/SA keep stat
On Wed, May 14, 2008 14:51, Jon Radel wrote:
> Reinhold wrote:
>
>
>>
>> What I've also noticed is that in pf I have this rule
>> pass in log quick on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp
>> from any to { 192.168.1.2 } port = 22 keep state (max 1024, max-src-conn
>> 15,
>> max-src-conn-r
Reinhold wrote:
What I've also noticed is that in pf I have this rule
pass in log quick on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp from
any to { 192.168.1.2 } port = 22 keep state (max 1024, max-src-conn 15,
max-src-conn-rate 2/1, overload flush global)
When I'm getting the bad header
On Wed, May 14, 2008 09:39, Jeremy Chadwick wrote:
> On Wed, May 14, 2008 at 09:30:17AM +0100, Reinhold wrote:
>
>> I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have
>> two running 7 and 4 running 6.3 and the problems are only on my 7
>> systems.
>>
>> The first problem is that
On Wed, May 14, 2008 09:39, Jeremy Chadwick wrote:
> On Wed, May 14, 2008 at 09:30:17AM +0100, Reinhold wrote:
>
>> I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have
>> two running 7 and 4 running 6.3 and the problems are only on my 7
>> systems.
>>
>> The first problem is that
On Wed, May 14, 2008 at 09:30:17AM +0100, Reinhold wrote:
> I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have two
> running 7 and 4 running 6.3 and the problems are only on my 7 systems.
>
> The first problem is that I'm plagued by bad hdr length on both my 7 systems
When usi
Hi
I'm have a few problems with pf on my FreeBSD 7 STABLE systems, I have two
running 7 and 4 running 6.3 and the problems are only on my 7 systems.
The first problem is that I'm plagued by bad hdr length on both my 7 systems
Here are the unames for them
FreeBSD host1.name.local 7.0-STABLE FreeBS
15 matches
Mail list logo
