Re: Filter connections based on the hostname.

On Wed, Jun 15, 2016 at 11:11 AM, atar wrote: >> atar wrote on 06/14/2016 20:29: atar wrote on 06/14/2016 16:05: >> atar wrote on 06/14/2016 14:52: [...] >>> The hostname "google.com" isn't blocked since its current ip differs >>> from its previous ip when pf has l

Re: PF rule question

On Mon, Oct 14, 2013 at 11:30 PM, Uroš Gruber wrote: > Ok, one way of doing it is something like this: > > ( pfctl -a jails -sr ; echo "pass on lo0 from 192.0.2.65 to 192.0.2.65" ) | > pfctl -a jails -f - > > But still, it's only for add the rule to the anchor. I need to work on > something for de

Re: another pf question, arp filtering

On Mon, May 13, 2013 at 11:43 AM, Nomad Esst wrote: > Hi all > Here's another PF question. I suppose that filtering based on arp protocol is > also impossible using PF just like MAC address filtering. Am I right? All of > these options are supported by IPFW. What are we supposed to do with these

Re: Filtering bridge with pf.

On Thu, Apr 4, 2013 at 9:56 PM, Thomas Steen Rasmussen wrote: > On 04-04-2013 16:35, Carsten Sonne Larsen wrote: >> >> I am using the keyword *quick* and would expect a certain rule match >> instead of rule 2..16777216 >> > > It has been like this since FreeBSD 9 I believe, and the situation > is

Re: nc: connect to b:b:b:b::1:1 port 53 (tcp) failed: Operation timed out

On Sat, Dec 29, 2012 at 1:54 PM, CyberLeo Kitsana wrote: > On 12/28/2012 05:59 AM, Michael Grimm wrote: >> Hi -- >> >> I do run both my primary and secondary nameservers (distinct servers) in >> FreeBSD jails1 and jail2 as outlined below: > >> I do see using tcpdump at server1: >> >> | 00:00:02.

Re: Patch for adding "options PF_DEFAULT_TO_DROP" to kernel configuration file

On Fri, Sep 14, 2012 at 7:51 PM, Damien Fleuriot wrote: > > On 13 Sep 2012, at 23:26, Olivier Cochard-Labbé wrote: > >> Hi, >> here is a little patch (tested on FreeBSD 9.1-RC1) that add a new >> option to the kernel configuration file: >> options PF_DEFAULT_TO_DROP >> >> Without this option, wit

Re: PF: matching gif(4) encapsulated IPv6

On Thu, Sep 6, 2012 at 2:13 AM, Kimmo Paasiala wrote: > Hello, > > I'd like to prioritize gif(4) encapsulated IPv6 over other IPv4 > traffic on an interface. I have queues set up and the shaping works > for other types of IPv4 traffic but for some reason I can't find

PF: matching gif(4) encapsulated IPv6

Hello, I'd like to prioritize gif(4) encapsulated IPv6 over other IPv4 traffic on an interface. I have queues set up and the shaping works for other types of IPv4 traffic but for some reason I can't find a way to match outgoing protocol 41 (ipv6) on the interface. My rule is simply: pass out log