Re: [Bug 124933] [pf] [ip6] pf does not support (drops) IPv6 fragmented packets

On 2/5/2015 1:21 AM, bugzilla-nore...@freebsd.org wrote: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933 Kristof Provost changed: What|Removed |Added CC|

Re: Controlling P2P with PF

On 1/19/2015 8:06 AM, Odhiambo Washington wrote: Hello all, So I found this link while trying to figure out of PF can control P2P - ttp://www.benhup.com/?mf=freebsd&sf=freebsd8.2-p9_04_peerblock I tried using it, but I could still download using utorrent from my network. Does this mean I am be

Re: Get RID of the multi threading patch in FreeBSDs version of PF

On 12/7/2014 2:57 AM, Kurt Jaeger wrote: On 12/5/2014 6:09 PM, Martin Hanson wrote: Has any important bugs been fixed in PF on OpenBSD since the current port in FreeBSD that actually makes the current PF in FreeBSD "dangerous" to run with? FreeBSD's pf is broken for IPv6. Its lack of fragment

Re: Get RID of the multi threading patch in FreeBSDs version of PF

On 12/5/2014 6:09 PM, Martin Hanson wrote: Has any important bugs been fixed in PF on OpenBSD since the current port in FreeBSD that actually makes the current PF in FreeBSD "dangerous" to run with? FreeBSD's pf is broken for IPv6. Its lack of fragment support means a FreeBSD breaks EDNS0 and

Re: Configuring PF with Jails only having IPv6

On 11/22/2014 4:55 AM, Robin Geuze wrote: IPv6 uses icmp6 to trqnsmit ndp packets. Ndp is basically the ipv6 version of arp. Based on your packet dump it seems your server is trying to figure out the mac address for the router for ipv6 but is disallowed by your pf rules. "pass in quick icmp6 from

Re: PF rule question

On 10/13/2013 6:02 PM, Rob Fraser wrote: would this work ? block in on lo0 from lo0 to lo0 block out on lo0 from lo0 to lo0 That reduces to "block on lo0", which you almost certainly do not want on a running system. :) ___ freebsd-pf@freebsd.org m

Re: PF rule question

On 10/9/2013 3:54 PM, Uroš Gruber wrote: Hi, I'm strugling to complete my pf firewall configuration with a bit more optimized rules. I have a few hudreds jails set up on network from 172.16.1.0 to 172.16.10.0 My goal is to deny access between jails, but allow a few exceptions for example all j

Re: Windows 7 + freebsd-pf + windows scale SYN-ACK problem

On 8/19/2013 5:13 AM, Alexander wrote: i have 'pass on bridge0 all flags S/SA keep state rule on bridge' That still filters on the bridge interface. Worse, it doesn't allow everything. You need to set skip on bridge0 to completely disable pf on that interface. _

Re: Including files in pf.conf

On 2012-09-06 03:40, Damien Fleuriot wrote: Is there any interest regarding the support of includes in PF's configuration ? Pf already supports loading tables and anchors from file. Can you expand a bit on what you want to do? ___ freebsd-pf@freebs