Hi,
SCTP protocol header has src port and dst port fields. But pf doesn't
supports.
# echo "pass log (to pflog0) quick proto SCTP from any to any port
13873" | pfctl -f -
stdin:1: port only applies to tcp/udp
stdin:1: skipping rule due to errors
stdin:1: rule expands to no valid combination
p
Hi,
I'm trying to rdr packages that has tos lowdelay only.
But pf.conf doesn't support filteropt in rdr syntax.
I need to write a rule like below:
rdr proto tcp from 10.0.0.0/24 to any tos lowdelay -> 127.0.0.1 port 8080
Is it possible to do anyway?
___
Thank you for the clarification.
On Sun, Jun 28, 2020 at 1:10 PM Kristof Provost wrote:
> On 26 Jun 2020, at 13:56, Özkan KIRIK wrote:
> > My goal is save pkt/byte counters of each expired/killed/closed states
> > into
> > a txt file.
> > What is the right
Hi,
My goal is save pkt/byte counters of each expired/killed/closed states into
a txt file.
What is the right way to do this in userspace ?
Is it possible to do something with ioctl & poll ?
Alternatively is it possible to create multiple pfsync interfaces, first
one for real purpose to send stat
Hi,
Problem solved,
pass all as first rule drops packets with IP options
regards
On Wed, May 20, 2020 at 10:35 PM Özkan KIRIK wrote:
> Hello,
>
> I'm running FreeBSD 12.1-Stable. pimd is running.
> When I enabled pf, multicast traffic is dropped.
>
> I wrote a sing
Hello,
I'm running FreeBSD 12.1-Stable. pimd is running.
When I enabled pf, multicast traffic is dropped.
I wrote a single basic rule:
pass quick all allow-opts
but still multicast traffic is dropped. after pfctl -xm, dmesg shows this
error:
pf: dropping packet with ip options
pf: dropping pack
Hi,
I'm trying to use overload tables using global tables within anchors.
Sample ruleset is shown below:
table persist
block quick from
pass in proto tcp to port ssh modulate state \
(max-src-conn-rate 5/3, overload flush global)
anchor "ftp" {
pass in proto tcp to port ftp modulate stat
Hi,
I need last match timestamps for each rule. ipfw has an option for this.
But pfctl -v -sr command doesnt show last match timestamp.
Is there way to gather this information in pf?
Thanks
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.o
Hi,
I want to block SYN with data packets.
I read the pf.conf manual, but couldn't find a clear way to do this.
Is it possible to match packets greater then N bytes using pf on FreeBSD
12.1 stable?
Does synproxy state or modulate state perform this operation?
Thanks
_
Hello,
I'm trying to get states belongs to an anchor.
but pfctl -ss -a anchorName command waits, Ctrl+C and Ctrl+Z doesnt work.
ps ax gives D+ state. and kill -9 doesnt work.
When pfctl is in D+ state, I run pfctl -d. pf becomes disabled but the
process has D+ state still in same state.
This is
Hello,
I need to kill states from Host1 that belongs to a rdr rule. But pfctl
flush all states belongs to Host1.
Is it possible ?
Regards
___
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send
23 ifp->if_obytes += len;
524 if (mflags & (M_BCAST|M_MCAST))
525 ifp->if_omcasts++;
526
527 if ((ifp->if_drv_flags & IFF_DRV_OACTIVE) == 0)
528 epair_s
12 matches
Mail list logo
