I'm maintaining some OpenBSD-based firewalls and have been really stumped
with a problem when trying to add a Sonicwall VPN appliance behind the
firewall, and thought I'd ask here for help.
The Sonicwall device uses SSL on port 443 for it's external VPN traffic
and listens on other ports for i
28.01.2011 10:49, andy thomas пишет:
I'm maintaining some OpenBSD-based firewalls and have been really
stumped with a problem when trying to add a Sonicwall VPN appliance
behind the firewall, and thought I'd ask here for help.
The Sonicwall device uses SSL on port 443 for it's external VPN traff
On Fri, 28 Jan 2011, Artyom Viklenko wrote:
28.01.2011 10:49, andy thomas :
I'm maintaining some OpenBSD-based firewalls and have been really
stumped with a problem when trying to add a Sonicwall VPN appliance
behind the firewall, and thought I'd ask here for help.
The Sonicwall device uses SS
Hello,
Here is my simple rule set:
set loginterface wlan0
block log
block quick on wlan0
Now I'm booting my 8.1-R box. After it's up and running with pf I'm
powering on my wireless access point.
After couple seconds my wlan0 is associated and receives it's IP
address. I don't understand why
Could be talking complete nonsense here, but
IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'll be
serviced before any filtering policy applies.
Greg
> -Original Message-
> From: owner-freebsd...@freebsd.org [mailto:owner-freebsd-
> p...@freebsd.org] On B
On 1/27/11 10:44 PM, Jack Vogel wrote:
>
> The 8.X kernel is NOT single-threaded. Anything but. And the stack has
> also been improved, I believe there are still bottlenecks but its far better
> than the old days.
>
> The igb driver in 8.2 creates up to 8 queues on the right hardware, they
> are
On 1/27/11 9:58 PM, Jeremy Chadwick wrote:
>
> Kernel folks should be able to talk about this in detail, but my
> understanding is that the kernel itself supports multiple threads, but
> the question is whether or not the drivers or relevant "pieces" (e.g.
> igb(4) driver, pf, TCP stack, etc.) s
And it makes perfect sense only if you can trust your dhcp server
(runs chrooted and privilege separated :)
On 1/28/11, Greg Hennessy wrote:
> Could be talking complete nonsense here, but
>
> IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'll
> be serviced before any f
On 28/01/2011 09:47, Greg Hennessy wrote:
IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so it'll be
serviced before any filtering policy applies.
Now that's not cool man.. ;) So is it like there's nothing I can do
about it?
Thanks a lot for your explanation, I was not a
On 1/28/11 4:25 PM, Michael wrote:
> On 28/01/2011 09:47, Greg Hennessy wrote:
>>
>> IIRC BPF sees all traffic before PF. DHCP hooks at the BPF layer, so
>> it'll be serviced before any filtering policy applies.
>>
>
> Now that's not cool man.. ;) So is it like there's nothing I can do
> about it?
Too true.
> -Original Message-
> From: Iñigo Ortiz de Urbina [mailto:inigoortizdeurb...@gmail.com]
> Sent: 28 January 2011 11:34 AM
> To: Greg Hennessy; freebsd-pf@freebsd.org
> Subject: Re: why "block quick on wlan0" doesn't stop DHCP?
>
> And it makes perfect sense only if you can trus
11 matches
Mail list logo
