Re: NAT-PT (was: Crazy Question - IPv6 to IPv4 and vice versa)

2008-09-03 Thread Jeremie Le Hen
kish but could be very useful. It used to be implemented in KAME snapshot but has never made its path to one of the BSD. I'm sure there are good reasons for this and I'd be happy if someone could point them. Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot or

Re: Traffic Shaping with pf ...

2005-11-20 Thread Jeremie Le Hen
(non-DoS) and can work on both inbound and outgoing paths (actually, it does not even need to be bound to a particular interface, which may be worth if you have multiple internal interfaces and this also means this can be used to rate limit connections with the box itsel

Re: Filtering IPSec traffic ?

2005-10-29 Thread Jeremie Le Hen
t//require; % spdadd 5.6.7.8 1.2.3.4 ip4 -P out ipsec esp/transport//require; Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: nmap

2005-08-23 Thread Jeremie Le Hen
> List, > > How can I block nmap options using PF ?? nmap scans are harmless. nmap could still use the connect(2) scan (-sT) and blocking such a scan would prevent valid connection attempts to be blocked as well. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz

Re: ALTQ && PF && vlan(4) - is it possible?

2005-08-16 Thread Jeremie Le Hen
p://lists.freebsd.org/pipermail/freebsd-hackers/2005-August/013177.html -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Bridge and PF

2005-08-12 Thread Jeremie Le Hen
he same is true for ipf and ipfw with the > old bridge code. Does if_bridge generally support PF_HOOKS (thus one can use ipfw), or is it strictly bound to pf ? Thanks. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

Re: PF & BLOCK MP3 (AVI)

2005-07-20 Thread Jeremie Le Hen
e FreeBSD, please learn to understand want people are telling you and stop felling that you know everything better than others : when the firewall developper himself tells you that an idea is foolish, there are very good chances that this idea is foolish. Sorry for

Re: PF NAT and DNS

2005-07-20 Thread Jeremie Le Hen
ay not be applicable in you case) is to move the DNS server in the internal network. Then I use Bind9's zones to make a different reply whether the request is coming from the internal network or from Internet). Regards, -- Jeremie Le Hen < jeremie