RES: Trouble with PF

Hi, The limit of the states was reached. "set limit { states 7, frags 5000 }": solves my problem. Have anyone that has a number higher then 10? Regards, David -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de David Verzolla Enviada em: quarta-feir

Re: RES: Trouble with PF

David Verzolla wrote: > Hi, > The limit of the states was reached. > > "set limit { states 7, frags 5000 }": solves my problem. > > Have anyone that has a number higher then 10? > > Regards, > > David > One of the firewalls I maintain averages at ~420k without issue or special memory

Re: filtering local traffic on nat gateway

Hi David, David DeSimone schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reinhard Haller <[EMAIL PROTECTED]> wrote: Based on the last rule there is no way to distinguish forwarded from local outgoing traffic. Any suggestions? Change this rule like so: nat on $ext_if from

Rule doubt

Hi All, Its possible creates a rule that can match all the traffic designated to an specific interface? Example: pass in on $vlan10 from to (the interface, not the address) $ext_if The $ext_if:network doesn't works for me. Thanks. David Verzolla Administrador de Redes Fundação Cásper Líbero

Re: bin/116610: [patch] teach tcpdump(1) to cope with the new-style pflog(4) output

Synopsis: [patch] teach tcpdump(1) to cope with the new-style pflog(4) output Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: remko Responsible-Changed-When: Thu Sep 27 17:01:13 UTC 2007 Responsible-Changed-Why: Reassign to PF team since this influences the PF applic

RE: Rule doubt

Hello David: > -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > [EMAIL PROTECTED] On Behalf Of David Verzolla > Sent: Thursday, September 27, 2007 9:25 AM > To: freebsd-pf@freebsd.org > Subject: Rule doubt > > Hi All, > Its possible creates a rule that can match all t

RES: Rule doubt

Hi Michael, When I do this, the PF changes de interface to IP. Exemple: ext_if="bge0" IN pf.conf: pass in quick on $vlan10 inet from any to $ext_if With pfctl -sr: pass in quick on vlan10 inet from any to 200.x.x.x Regards, David -Mensagem original- De: Michael K. Smith - Adhost [mai

Re: Rule doubt

On Thursday 27 September 2007, David Verzolla wrote: > Hi All, > Its possible creates a rule that can match all the traffic designated > to an specific interface? > > Example: > > pass in on $vlan10 from to (the interface, not the address) > $ext_if I'm not 100% sure what you are after here. The

Re: Rule doubt

On Thu, Sep 27, 2007 at 01:24:45PM -0300, David Verzolla wrote: > Its possible creates a rule that can match all the traffic designated to an > specific interface? > > Example: > > pass in on $vlan10 from to (the interface, not the address) $ext_if > > The $ext_if:network doesn't works for me