re: When should I worry about performance tuning?

that's backwards to good practice. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe

Getting auto-block to work

#x27;t PF supposed to do that for me? (And yes, Sendmail also has this non-working "feature", but that's OT.) -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org

Re: [Bug 92949] [pf] PF + ALTQ problems with latency

|Added > > CC||jpaet...@freebsd.org > Resolution|--- |Overcome By Events > Status|In Progress |Closed An interesting way to close a bug... -- Dave Horsfall DTM (VK2KFU) "Those wh

Help with woodpecker config

k (FreeBSD 10.3). Does anyone have a working config that they can share, to give me a leg up? Thanks. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://list

Help with woodpecker config (fwd)

Hmmm, no replies. Does this mean that no-one is using this useful feature, is using it but is not willing to share, or it's known not to work at all and are too embarrassed to say so? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."

Re: Help with woodpecker config (fwd)

Quite likely I've been doing something fundamentally wrong, but it's too late in the day now for me to be playing with firewalls... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@

Rate-limiting in PF

:42:25 aneurin sm-mta[73012]: v8UMgFNw073012: [196.196.27.126] did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 What have I done wrong? Does max-src-conn-rate actually work? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security w

Re: Rate-limiting in PF

On Sun, 1 Oct 2017, Dave Horsfall wrote: 10.3-RELEASE-p21 I am trying to restrict woodpecker attempts to my mail server (stupid spamware regards rejects and a long banner it as a challenge), and following advice on this list I used the following (the important bit, anyway): # # No

Re: Rate-limiting in PF

two sorts of Windoze boxes: those that are compromised, and those that soon will be... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/ma

Re: Rate-limiting in PF

On Thu, 5 Oct 2017, Dave Horsfall wrote: is anything added to the table (pfctl -t woodpeckers -T show) I have lots of them because I've been adding them by hand, but this time I'll hold back and observe, just to be sure. No, they are not being added; here's an extract fr

Had to allow localhost->localhost on FB 10.4

to localhost Anyone else noticed this? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: Had to allow localhost->localhost on FB 10.4

On Fri, 20 Oct 2017, Max wrote: set skip on lo (or  set skip on lo0) Already have it... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://lists.free

Re: Why is PF rejecting these connections?

enabled for the table (and some of them are damned persistent). Sorry for the noise; I'll just quietly slink off now and keep quiet for a while... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." __

Re: Hope Drive

[ Charity drivel ] Is this list now a FreeBSD-approved spamming list? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinf

Re: Southern California Linux Expo - SCALE Attendee List

On Mon, 19 Feb 2018, Brent Watson wrote: Would you be interested in Southern California Linux Expo - SCALE ? The issue of spammers being able to post to this list aside, this might be a good opportunity to show the Penguins what a real OS looks like :-) -- Dave Horsfall DTM (VK2KFU

Is there an upper limit to PF's tables?

I can't get access to kernel sauce right now, but I'm hitting over 1,000 entries from woodpeckers[*] etc; is there some upper limit, or is it just purely dynamic? aneurin% freebsd-version 10.4-RELEASE-p9 [*] A fairly loose definition in the anti-spammer community, but it includes attempt

Re: Is there an upper limit to PF's tables?

Thanks, all, for your suggestions; I suspect that this ancient server with but 512MB memory will need upgrading soon :-) Thankfully, all it does at the moment is act as my mail/web server, and an internal firewall to the Mac and Penguin boxes; I do my development work on the Mac[*], and test i

Re: Modern 1 & 2 Bedroom Apartments

I didn't know that spam was allowed on the -pf list. Hint: I got -ports to be subscriber-only... Does FreeBSD Inc. support spammers, or not? If you want to post to a mailing list (every spammers' wet dream) then you'd better be a member of it (the few "help" lists excepted, of course, of wh

Re: Tanzania Country Training on Project Management

Is freebsd-pf a spam-magnet i.e. anyone can post to it? -- Dave ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"

Re: SUBMISSION: Prime Sinister - ‘Prime Time’ [Prod. Muckaniks] [UK Hip-Hop]

I didn't know that spammers were welcome on this list; it's trivial to block them if you really want to, otherwise this list is merely a spam-support service (meaning that its servers are likely to be blocked). -- Dave ___ freebsd-pf@freebsd.org maili

Getting tables to work in PF

s. As a quick test, I disallow *all* SMTP. Still works. So, err, does PF actually work? Have I stuffed up somewhere? Thanks. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) _

Re: Getting tables to work in PF

g SMTP as a test, hence my question as to whether PF was actually working here. Also don't forget my other observation that wasn't created until I did so by hand. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (

Re: Getting tables to work in PF

e sure with output of pfctl -s all that pf is actually enabled to > do filtering on packets. Attached; the empty "FILTER RULES" looks a bit suspicious... > NOTE: You enable pf by running pfctl -e I know; I was using "service pf restart" as well. -- Dave Horsfall (VK2

Re: Getting tables to work in PF

Further to this, it's behaving as though it's parsing the rules but not actually honouring them. Ring any bells with anyone? If I had an OpenBSD box to hand then I'd swap it in, but I don't. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server.

Re: Getting tables to work in PF

efault pf config file. Your pf.conf file has a bunch of rules, > none of which are shown in the pfctl output. That's what I thought, but: a) it flags syntax errors. b) it's reading the /etc/spammers file. -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD serve

Re: Getting tables to work in PF (fwd)

Meant to go to list; I was interrupted by a phone call at the crucial moment... -- Dave Horsfall (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) -- Forwarded message -- Date:

Re: Getting tables to work in PF

On Tue, 4 Nov 2014, Dave Horsfall wrote: > The rules? Not a sausage. It's behaving as though it's reading the > file (which it is), but not honouring the rules themselves (which it > isn't). A bit more progress; I finally got around to tracing it, and the salient bit

Re: Getting tables to work in PF

On Wed, 5 Nov 2014, Dave Horsfall wrote: > 13925 pfctlCALL ioctl(0x3,DIOCSETDEBUG,0xbfbfdc84) > 13925 pfctlRET ioctl 0 > 13925 pfctlCALL ioctl(0x3,DIOCSETSTATUSIF,0xbfbfdc5c) > 13925 pfctlRET ioctl -1 errno 22 Invalid argument > > Aha... So, what

Re: Getting tables to work in PF

On Sat, 8 Nov 2014, Dave Horsfall wrote: > Same thing on FreeBSD 8.2-RELEASE-p9 (GENERIC); I'll summon up the > courage and try 9.3 or whatever. I went to 8.4-RELEASE-p19 instead (and noted a few weird things in the ports department), and it still ain't working; I disabled in

Re: Getting tables to work in PF

I'll do what I did on my MacBook (its ports is based on FreeBSD's) i.e. blow it away and reinstall the entire ports tree. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you&

/etc/periodic/security/520.pfdenied

11246 Bytes: 489992 States: 0 ] - Thanks. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ freebsd-pf@freebsd.org mailing li

Re: Swap Issue

I'm having difficulty in understanding just what this has to do with PF... Or is every FreeBSD list getting spammed? -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whil

/etc/periodic/security/520.pfdenied (fwd)

le. Judicious use of "-v" would appear to be indicated here, along with the aforementioned optional clearing. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) ---

Hints on rate limiting

lge) so it's not worth the hassle. And anyway, I've screwed up the ports area Yet Again from a failure to read simple instructions :-( -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfal

Re: Large scale NAT with PF - some weird problem

On Mon, 29 Jun 2015, Milan Obuch wrote: > Thanks for hint, there is some logic in there, however > > grep /etc/* > > yields nothing, it is never mentioned in any config, just as part of > pool in pf.conf statement What about "grep -r"? My ACLs are under /etc/