Quoting Tom Uffner :
eculp wrote:
Thanks for responding. As I read your answer and my question. I'm
pretty sure that I probably didn't ask the question properly. What
I need to do is be intermediary between my upstream ISP's and my
customers and would like to control the
Quoting Tom Uffner :
eculp wrote:
I don't remember why but for some reason I have the idea that
pf+altq is not bidirectional. Am I mistaken?
no solution that does not involve cooperation from your upstream
connection(s) is truly bidirectional. it is easy to limit/shape
your out
Quoting "Ronnel P. Maglasang" <[EMAIL PROTECTED]>:
Александр Шевченко wrote:
Using ipfw+dummynet you could easily limit bandwidth per ip:
$IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x03ff
$IPFW pipe 7 config bw 50KByte/s mask src-ip 0x03ff
$IPFW add pipe 4 ip from any to 172.16.16.0/
Quoting Peter Jeremy <[EMAIL PROTECTED]>:
On 2008-Dec-02 10:42:27 +0200, Andrei Kolu <[EMAIL PROTECTED]> wrote:
That description sounds like it simplifies to "limit bandwidth based on
IP address" - which is fairly trivial for ipfw+dummynet or pf+altq.
ipfw+dummynet is really ugly traffic "sha
Quoting Miguel Alcántara <[EMAIL PROTECTED]>:
Hi everybody, I'm having a problem for a week. I have to setup PF + SQUID in
a P2 machine, with 128RAM and 6GB hard disk and just one nic. I virtualized
an interface with an ip 192.168.1.80 and it has squid, the nic has
192.168.1.60 and all the lan i
Quoting Ken <[EMAIL PROTECTED]>:
PF how to block domain
Outgoing, I assume? Maybe something like the following.
block = "{ domain.com, domain2.com, domain3.com }"
block out quick from any to $block
You can also block addresses and or address blocks
addressblock = "{ 207.46.0.0/16 65
Quoting Dave <[EMAIL PROTECTED]>:
Hello,
I've got a machine running ssh and i'm trying to cut down on
brute force attacks on it. I'm running pf on a freebsd 6.2 box and
have added in swatch to try to curve these attacks. The problem is
nothing is being added to either the memory hackers
< snip >
On a side note,
The default block rule should match both ingress and egress traffic.
A system cannot be deemed secure it if implictly allows egress traffic to
flow.
Makes sense but I haven't done it do to an ignorance of which
unprivileged ports need to be enabled for things like sk
Quoting Scott Ullrich <[EMAIL PROTECTED]>:
On 9/7/06, KES <[EMAIL PROTECTED]> wrote:
Hello
pf fails to start if interface doesnt exist or IP address not assigned
I have trobles with tun0 (pppeo connection)
Look at next picture:
1) power fail,
2) FreeBSD starting,
3) do pppoe connection to p
Quoting elmer <[EMAIL PROTECTED]>:
Hi all,
I am using pf on freebsd6.1. how do I enable ftp passive and active.
Im following the pfmanual but my users cant establish a connection.
Is there a debugging for the ftp-proxy?
IIRC you need to open the following ports for pasive ftp but I could be
Quoting Daniel Dvořák <[EMAIL PROTECTED]>:
... but you know, proxy is not what I am asking, proxy is not firewall.
We do not need to restrict everything and all members.
We like full routeable network with full access to IPv6 / IPv4 internet
without any necessary action like configure proxy cl
11 matches
Mail list logo
