https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219803
Damjan Jovanovic changed:
What|Removed |Added
Attachment #183243|0 |1
is obsolete|
Don't get me wrong. I get your point.
I guess when using your method, I need to put in rule by rule, to test
each "pass" rule one on its own - okay no problem. But ... :D
I also need to test a mix of 300 nat/binat/rdr rules out of 10 networks.
So the pass quick rule can't help me, because the na
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219803
--- Comment #6 from Kristof Provost ---
With this patch my gateway box (pf and vimage jails) panics pretty quickly
during boot.
#0 doadump (textdump=0) at pcpu.h:232
#1 0x803a4c2b in db_dump (dummy=, dummy2=, dummy3=, dummy4=)
On 6/15/2017 3:32 PM, Malte Graebner wrote:
> using quick phrase has the side effect, that Im not able to see, if
> there are any packets that would be blocked which shouldn't, because of
> not eval the hole ruleset ( about 500 rules ).
I am not sure I follow, can you rephrase/state the above ? Do
using quick phrase has the side effect, that Im not able to see, if
there are any packets that would be blocked which shouldn't, because of
not eval the hole ruleset ( about 500 rules ).
e.g. : multiple bi directional nat rules , doing not what I expect them
to do. Then I can fix the ruleset,
On 6/15/2017 2:21 PM, Malte Graebner wrote:
> Hello folks,
> is there an option, to only log all stuff going on via "log" command and
> without taking any action to traffic flow itself ?
Perhaps
pass quick log
... quick matches and then no longer evals the rules.
---Mike
--
Hello folks,
is there an option, to only log all stuff going on via "log" command and
without taking any action to traffic flow itself ?
I'm migrating an existing iptables firewall, and i want to set the new
one in front of it and bridge the traffic to the old one. Meanwhile I
want to test my
