On 7/23/2012 4:05 AM, Daniel Hartmeier wrote:
If you can reliably reproduce the problem with en.wikipedia.org, I
suggest the following:
On the firewall
1) enable verbose logging with pfctl -xm
2) save the output of pfctl -si and netstat -s
3) run the following three tcpdump in paral
On Mon, July 23, 2012 04:12, Damien Fleuriot wrote:
>
>
> On 7/23/12 7:31 AM, Jason Mattax wrote:
>>
>> based on that I could easily upgrade to 8.3, or possibly 9.0 tomorrow if
>> I have the inclination.
>>
>
> I can recommend 8.3, we're using it widely in production.
>
Thanks.
>
>>> 2/ When the
caldero...@gmail.com wrote
> I have the same problem, although i remember having it from the start. I
> started with some basic example configuration for gateway. Noticed that
> some sites would'nt load ans some do.. exc. googles.
>
> Added pass all rule for Internal IF on the right spot, and it wo
On Mon, Jul 23, 2012 at 01:32:07PM +0200, Tonix (Antonio Nati) wrote:
> I have customers which should be allowed to go whetever they like and
> accept from all.
>
> So I'd love to make something like this:
>
> - deny on INPUT WAN from hackers/abusers
> - allow any other INPUT on WAN
> - allow a
Sorry, gorgot a basic rule!
Il 23/07/2012 13:26, Tonix (Antonio Nati) ha scritto:
Il 23/07/2012 13:13, Daniel Hartmeier ha scritto:
On Mon, Jul 23, 2012 at 12:53:41PM +0200, Tonix (Antonio Nati) wrote:
So, does that mean the OUT phase evaluation always occurs when IN phase
has been positive (
Il 23/07/2012 13:13, Daniel Hartmeier ha scritto:
On Mon, Jul 23, 2012 at 12:53:41PM +0200, Tonix (Antonio Nati) wrote:
So, does that mean the OUT phase evaluation always occurs when IN phase
has been positive (packet should pass)?
Yes. You have to both allow a packet in on the first interfac
On Mon, Jul 23, 2012 at 12:53:41PM +0200, Tonix (Antonio Nati) wrote:
> So, does that mean the OUT phase evaluation always occurs when IN phase
> has been positive (packet should pass)?
Yes. You have to both allow a packet in on the first interface and out
on the second interface. If you forget/
Note: to view an individual PR, use:
http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).
The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.
S Tracker
Il 23/07/2012 11:55, Daniel Hartmeier ha scritto:
On Mon, Jul 23, 2012 at 11:37:27AM +0200, Tonix (Antonio Nati) wrote:
What it is not clear to me is related to in/out rules evaluation.
Diagram starts obviously from the packet entering the system, until the
packet exits the system. When the pa
If you can reliably reproduce the problem with en.wikipedia.org, I
suggest the following:
On the firewall
1) enable verbose logging with pfctl -xm
2) save the output of pfctl -si and netstat -s
3) run the following three tcpdump in parallel, and save the output:
tcpdump -s 1600 -
On Mon, Jul 23, 2012 at 11:37:27AM +0200, Tonix (Antonio Nati) wrote:
> What it is not clear to me is related to in/out rules evaluation.
>
> Diagram starts obviously from the packet entering the system, until the
> packet exits the system. When the packet enters the system, which rules
> are e
Il 21/07/2012 20:23, Daniel Hartmeier ha scritto:
On Sat, Jul 21, 2012 at 05:22:07PM +0200, Tonix (Antonio Nati) wrote:
If you can provide a link to this PF diagram it would be very useful.
A copy is preserved on http://www.benzedrine.cx/pf_flow.png
Yes, there are two phases.
HTH,
Daniel
On 7/23/12 7:31 AM, Jason Mattax wrote:
>
>
> On 07/22/2012 07:30 PM, Damien Fleuriot wrote:
>>
>> On 23 Jul 2012, at 01:49, jmat...@clanspum.net wrote:
>>
>>> A few weeks ago (I've been trying to debug it myself since then) my pf
>>> firewall stopped working fully correctly. The symptom is tha
13 matches
Mail list logo
