Hi Tom,
Thanks heaps for the advice
I will review and reorganize our ruleset.
Cheers,
Mark
-Original Message-
From: Tom Uffner [mailto:[EMAIL PROTECTED]
Sent: Friday, 16 May 2008 1:16 p.m.
To: Mark Pagulayan
Cc: freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA
Mark Pagulayan wrote:
Yes I am using net.link.bridge.pfil_member: 1. What is the effect of
this on the bridge interface.
see if_bridge(4) for full details. in short they control whether or not
filtering is available on the member interfaces and/or the bridge.
net.link.bridge.pfil_local_phys:
is
rule on the bridge?
Thanks for the suggestion on the ruleset. It is much appreciated.
Cheers,
Mark
-Original Message-
From: Tom Uffner [mailto:[EMAIL PROTECTED]
Sent: Friday, 16 May 2008 5:18 a.m.
To: Mark Pagulayan
Cc: freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts
Mark Pagulayan wrote:
We are using PF from FreeBSD 7.0 and using the rules we used from
openbsd 4.0 PF. With the help of Jeremy chadwick, I found out that
modulate state is broken in FreeBSD PF so I replaced all rules that uses
modulate state to use keep state.
FreeBSD 7.0 uses PF 4.1 so a num
d outputs,
can someone point me in the right direction?
Cheers,
Mark
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Tom Uffner
Sent: Thursday, 15 May 2008 1:26 p.m.
To: freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rul
Mark Pagulayan wrote:
I am using bridge pf:
I only allow pass all on my internal interface. So there is no other
rule for that interface. How do I know that states are mismatched for
both internal and external?
could you post your full ruleset and a quick description of your net
topology? the
: Thursday, 15 May 2008 12:16 p.m.
To: Mark Pagulayan
Cc: Tom Uffner; Kian Mohageri; freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules
Hello,
Mark Pagulayan schreef:
> Hi Tom,
>
> I have just zeroed in the statistics and yes the state-mismatch
'pass all' rule, it mismatched your other rule.
-- Jille
Cheers,
Mark
-Original Message-
From: Tom Uffner [mailto:[EMAIL PROTECTED]
Sent: Thursday, 15 May 2008 11:55 a.m.
To: Kian Mohageri
Cc: Mark Pagulayan; freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts
: Kian Mohageri
Cc: Mark Pagulayan; freebsd-pf@freebsd.org
Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules
Kian Mohageri wrote:
> On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan
>> The way I see this is that this rule would be applied to udp traffic
as
>> wel
Kian Mohageri wrote:
On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan
The way I see this is that this rule would be applied to udp traffic as
well which will be dropped/blocked because flags only work for tcp and
this might be the cause of state-mismatches that I see in the table -
'flags S/SA
On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan
<[EMAIL PROTECTED]> wrote:
> Hi Guys,
>
>
>
> OS: FreeBSD 7.0-RELEASE
>
>
>
> Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
> inserts 'Flags S/SA' to rules?
>
>
It does... actually 'flags S/SA keep state'.
>
> The problem
Mark Pagulayan wrote:
OS: FreeBSD 7.0-RELEASE
Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
inserts 'Flags S/SA' to rules?
this is correct.
The problem is that when it comes to this rule:
pass in quick on $int_if
after loading to pf
pass in quick on em0 flags
Hi Guys,
OS: FreeBSD 7.0-RELEASE
Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically
inserts 'Flags S/SA' to rules?
The problem is that when it comes to this rule:
pass in quick on $int_if
after loading to pf
pass in quick on em0 flags S/SA keep stat
13 matches
Mail list logo
