[Bug 229477] [PATCH] fail-policy changes cause delays on synproxy packets

2018-07-02 Thread bugzilla-noreply
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229477 Mark Linimon changed: What|Removed |Added Assignee|b...@freebsd.org|p...@freebsd.org Keywords

Re: Possible bug: 11.2-RELEASE guest with vtnet and PF

2018-07-02 Thread Jakub Chromy
... omg.. sorry. I've checked the r333181 revision, but I'm not as capable in C to understand it completely. So it looks like that in up to 11.1-RELEASE, one can run the /sbin/pfctl -n -f ./config successfully without having the pf module loaded. Now in 11.2, the pfctl without pf module in

Re: Possible bug: 11.2-RELEASE guest with vtnet and PF

2018-07-02 Thread Kristof Provost
On 2 Jul 2018, at 16:17, Kristof Provost wrote: Hi Jakub, On 30 Jun 2018, at 17:07, Jakub Chromy wrote: I've just installed a 11.2-RELEASE guest under bhyve (hypervisor is 11.1-RELEASE)... and I cant use Virtio network interface with PF: odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.wo

Re: pf reload/resync and skipped interface groups on 11.2-RELEASE

2018-07-02 Thread Kristof Provost
On 2 Jul 2018, at 16:44, Felix J. Ogris wrote: this is a fresh install of 11.2-RELEASE amd64 with a minimal pf rule set. After the first reload/resync, any traffic on an interface that is skipped via an interface group statement in pf.conf is rejected: Thanks for the report. I think that’s th

pf reload/resync and skipped interface groups on 11.2-RELEASE

2018-07-02 Thread Felix J. Ogris
Hi, this is a fresh install of 11.2-RELEASE amd64 with a minimal pf rule set. After the first reload/resync, any traffic on an interface that is skipped via an interface group statement in pf.conf is rejected: root@fbsd:~ # ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 56 data bytes 64 bytes from

Re: Possible bug: 11.2-RELEASE guest with vtnet and PF

2018-07-02 Thread Jakub Chromy
... will try without that "-n" parameter also... -- regards Jakub Chromy CGI Systems div. CGI CZ s.r.o. sa...@cgi.cz 775 144 257 234 697 102 www.cgi.cz Dne 02.07.2018 v 16:17 Kristof Provost napsal(a): Hi Jakub, On 30 Jun 2018, at 17:07, Jakub Chromy wrote: I'v

Re: Possible bug: 11.2-RELEASE guest with vtnet and PF

2018-07-02 Thread Jakub Chromy
Hello Kristof, I can give you access to that instance if you wish... -- regards Jakub Chromy CGI Systems div. CGI CZ s.r.o. sa...@cgi.cz 775 144 257 234 697 102 www.cgi.cz Dne 02.07.2018 v 16:17 Kristof Provost napsal(a): Hi Jakub, On 30 Jun 2018, at 17:07, Jakub Ch

Re: Possible bug: 11.2-RELEASE guest with vtnet and PF

2018-07-02 Thread Kristof Provost
Hi Jakub, On 30 Jun 2018, at 17:07, Jakub Chromy wrote: I've just installed a 11.2-RELEASE guest under bhyve (hypervisor is 11.1-RELEASE)... and I cant use Virtio network interface with PF: odine:/boot/kernel# /sbin/pfctl -n -f ~/local/tmp/pf.work *pfctl: pfi_get_ifaces: Bad file descriptor*