On 8/30/07, Lorenz Helleis <[EMAIL PROTECTED]> wrote:
> Nessus give it to me:
>
> Mensagem:
> The machine crashed when pinged with an incorrectly fragmented packet.
> This is known as the 'jolt' or 'ping of death' denial of service attack.
>
> An attacker may use this flaw to shut down this server,
On Feb 11, 2008 11:35 AM, Gavin Spomer <[EMAIL PROTECTED]> wrote:
> I have no idea what I'm supposed to do when I get this email. Am I supposed
> to stop using pf until it gets patched or what?
>
If you don't know what to do with it, ignore it. :)
No, no need to stop using it, those are just op
On Thu, Jul 17, 2008 at 10:25 PM, Ansar Mohammed <[EMAIL PROTECTED]> wrote:
> Hello All,
> I just read the following on the pfsense website:
>
> "PPTP and GRE Limitation - The state tracking code in pf for the GRE
> protocol can only track a single session per public IP per external server.
> This
On Thu, Jul 17, 2008 at 11:48 PM, Ansar Mohammed <[EMAIL PROTECTED]> wrote:
> Is this like "a known bug" that's being fixed or is this "by design" and we
> have to deal with it?
>
It's not a bug. If you search the OpenBSD list archives you'll find
plenty of discussion on it.
There are proxies tha
On Fri, Jul 18, 2008 at 6:03 AM, Rudi Kramer - MWEB <[EMAIL PROTECTED]> wrote:
>
> I had the same issue and when I checked with our ms-admin team they said
> it was a Microsoft limitation.
>
No, it's an issue with many NAT implementations and how they handle
state for the GRE protocol. pf only tra
Leslie Jensen wrote:
Hello
I've done some testing with Steve Gibsons "Shields up"
https://www.grc.com/x/ne.dll?bh0bkyd2
These tests lists the ports as closed but visible.
Instead the site suggest that one uses stealth so that the ports are
not visible from the Internet.
Is there a way to a
On Fri, Nov 21, 2008 at 9:25 PM, <[EMAIL PROTECTED]> wrote:
> Old Synopsis: pf doesn't forget the old tun IP
> New Synopsis: [pf] [tun] pf doesn't forget the old tun IP
>
This sounds like the expected behavior, not a bug. You have to kill
your states when your WAN IP changes or else traffic will
On Sat, Jul 4, 2009 at 3:48 AM, Tim Traver wrote:
> Thank you for your response.
>
> My rules are ok, because I have no other rules than that one, and I ran the
> syntax checker on it...
>
> I am indeed running 7.0, so I guess I could update the sources on that
> machine to 7.1 and rebuild pf.
>
r
On Mon, Jul 6, 2009 at 1:28 AM, Tim Traver wrote:
>
> Thanks for responding. I am indeed testing this from within the same
> machine, as I need the redirection to take place when attempting to make
> requests FROM the machine to an outside source.
>
> Is there not a way to do that with pf ???
>
Th
On Mon, Jul 6, 2009 at 1:43 AM, Tim Traver wrote:
>
>
>
> yes, that is where I originally got all of the information, and made my
> original post with my redirection line in the pf.conf that does not appear
> to be doing anything.
Then you didn't read the bottom of that page. What you're missing i
On Thu, Aug 13, 2009 at 5:25 PM, Tom Uffner wrote:
> I am curious what level of performance I should expect from the
> firewall box described below in terms of packets/sec and bytes/sec.
>
> it is an 800 MHz VIA c3 with a Gigabit switch on the inside interface
> and 20 Mbs symetric Fios on the outs
On Thu, Nov 12, 2009 at 5:32 PM, wrote:
> Old Synopsis: pf doesn't block udp packets on multicast addresses
> New Synopsis: [pf] pf doesn't block udp packets on multicast addresses
>
This isn't a legit PR, tcpdump shows traffic before it's evaluated by
the ruleset.
__
On Wed, May 19, 2010 at 5:36 PM, Randal L. Schwartz
wrote:
>
> Now that OpenBSD 4.7 is out, I see that the pf has undergone a flag day.
>
> Are there people here actively working on incorporating this new release
> into FreeBSD?
>
4.5, yes.
http://svn.freebsd.org/viewvc/base/user/eri/pf45/head/
On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa
wrote:
> Hi all.
>
> I know there is a problem in using rdr with the reply-to, I usually
> use some software to "rdr", as the rinetd, but it's not a pretty
> solution.
>
> Is there any alternative?
>
> Below is an example of what I'm talking a
On Mon, Jun 28, 2010 at 6:24 PM, Luiz Gustavo S. Costa
wrote:
> hi Chris ! how are you?
>
> as it says here in Brazil: "I eat ball" :).
>
> pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to
> 192.168.1.100 port 80
>
> but still, the combination does not work
>
Then that's not the
On Thu, Jul 29, 2010 at 5:09 PM, Peter Maxwell wrote:
>
> An ISMS, is a company defined document so will likely have different entries
> or even none at all for that matter depending on the company. In a previous
> company I worked for, you would have just supported my point.
>
> And nice try, wh
On Fri, Nov 19, 2010 at 10:21 AM, Holger Rauch wrote:
> Hi,
>
> is there such a patch? The reason why I ask for it is:
>
> I'm currently experiencing saturated network interfaces when using gigabit
> networking in conjunction with certain Linux driver<->NIC combos for Broadcom
> chips against th
On Fri, Nov 19, 2010 at 1:18 PM, Holger Rauch wrote:
> Hi Chris,
>
> thanks for mentioning this. Unfortunately I forgot to mention that the
> problem doesn't occur when both hosts are on the same subnet (i.e. no
> firewall in
> between, only HP ProCurve switches).
>
That doesn't invalidate my p
On Thu, Jan 13, 2011 at 12:51 AM, The Anarcat wrote:
> Hi!
>
> I have digged into the archive after reading in the handbook that pf is
> stuck at OpenBSD's 4.1 version, which is now quite old (may 2007).
>
> I have found this thread mentionning testing required for a patch:
>
> http://lists.freebs
On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote:
>
> I've found them, but there no status about.
>
You aren't looking very hard, it's been discussed at length on this
list, check the archives.
___
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.
On Wed, Jun 29, 2011 at 12:42 AM, Peter Jeremy
wrote:
> Following up on some very old mail...
>
> On 2008-Nov-04 16:53:52 +0100, Ermal Luçi wrote:
>>actually this is the latest against RELENG_7 which is confirmed to
>>work with full features of pf(4) like route-to/reply-to etc...
>>http://cvs.pfs
On Fri, Oct 7, 2011 at 5:11 PM, Spenst, Aleksej
wrote:
> Hi,
>
> my browser goes online via proxy.
> So, when I type http://0.0.0.0 in my browser I see in wireshark the following:
>
> Source Destination Protocol
> Info
> 172.16.102.100 17
On Fri, Jun 8, 2012 at 2:17 AM, Gleb Smirnoff wrote:
> Hello, networkers!
>
> [net@ in Cc, but further discussion should go on pf@]
>
> As you already probably know, or some may be don't yet know, the pf(4)
> subsystem in FreeBSD is currently working under a single mutex. This mutex
> is acquir
On Fri, Jun 21, 2013 at 8:49 PM, Stan Gammons wrote:
> I see there are several PF bugs and wondered if it's because PF isn't
> maintained on FreeBSD? Perhaps that's the case given the version
> differences versus PF on OpenBSD.
pf is actively developed and maintained on FreeBSD, and widely used.
On Tue, Oct 14, 2014 at 2:54 PM, Laszlo Danielisz via freebsd-pf
wrote:
> Hi,
>
> Which is your set block-policy? Drop or Return?
> And why?
>
Depends on the circumstance. Generally speaking, for traffic sourced
from trusted networks, return so you don't hang applications or
services by blocking
On 5/17/05, dave <[EMAIL PROTECTED]> wrote:
> Hello,
>Does nyone have a pf configuration for mpd? I'm allowing port 1723 in
> but when i atempt a connection from outside my network i'm getting an error
> 619. Connections within the network work fine so i don't believe this is a
> mpd issue.
>
On 6/8/06, Dominic Marks <[EMAIL PROTECTED]> wrote:
I've experienced the same. If you have a lot of concurrent connections
going on it seems that every so often an connection will be blocked,
even if it doesnt match any rule. In my case I experienced this with
apache22 acting as a reverse proxy/
On 8/23/06, beno <[EMAIL PROTECTED]> wrote:
Since I'm here at said café, this is my
current address:
*200.88.97.128
*I went to ripe.net and searched it, but that didn't provide anything
interesting that I could see. It says "Allocated Unspecified" and "This
country is really worldwide." Any idea
On 3/3/07, Sergey N. Romanov <[EMAIL PROTECTED]> wrote:
Max Laier wrote:
> How do you test? Are you by chance using abench (or similar) from one
> probe box?
I use bench software on another server.
That's exactly what Max is talking about - this is a very poor way to
test a web server, espe
29 matches
Mail list logo
