PF Performance on FreeBSD 6.2 Release

Hi All, We are planning to upgrade our old Firewall ( PF) boxes which runs on OpenBSD 4.0 to run OpenBSD 4.2 because of the improvements being done on the PF. I tried to install OpenBSD 4.2 on our new hardware, IBM x3655 with an IBM ServeRaid 8K controller, but unfortunately OpenBSD 4.2

enable multicast forwarding in the kernel

Hi Guys, I am customizing my own kernel, and part of it is enabling multicast forwarding. I have been trying to figure out how to enable multicast forwarding in the kernel for both ipv4 and ipv6 (e.g.net.inet.ip.mforwarding) but no luck. Can you please help on how to do this? Cheers,

version of PF on freebsd 7.0

Hi Guys, I was just thinking what version of OpenBSD PF would be running on FreeBSD 7.0, any idea on this guys? Also on which FreeBSD Release will OpenBSD 4.2 PF version be included? Best Regards, Mark ___ freebsd-pf@freebsd.org mai

RE: version of PF on freebsd 7.0

. To: Mark Pagulayan Cc: freebsd-pf@freebsd.org Subject: Re: version of PF on freebsd 7.0 On Feb 6, 2008 11:07 PM, Mark Pagulayan <[EMAIL PROTECTED]> wrote: Hi Guys, I was just thinking what version of OpenBSD PF would be running on FreeBSD 7.0, any idea o

RE: version of PF on freebsd 7.0

. To: Mark Pagulayan Cc: Dalibor Gudzic; freebsd-pf@freebsd.org Subject: Re: version of PF on freebsd 7.0 On Fri, Feb 08, 2008 at 09:36:37AM +1300, Mark Pagulayan wrote: > Thanks for the info. I am also wondering with the link you provided > below, Is it possible for me to see updates on bug

RE: pftop 0.7 in ports ?

Hi, I have checked this link for the pftop-0.7 ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/ But no luck, where can I get the pftop-0.7 version for freebsd 7.0? Cheers, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Max Laier Sent

RE: PF and State Table

Hi, What pf version are you using? Correct me if I am wrong guys, on PF4.1 which a the release version of pf on freebsd 7.0 when you specify keep state the flag S/A is implied? Cheers, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Diego Salvad

RE: pftop 0.7 in ports ?

Hi guys, Thanks for the help. Able to update my ports and installd the new version of pftop. Cheers, Mark -Original Message- From: Greg Hennessy [mailto:[EMAIL PROTECTED] Sent: Wednesday, 2 April 2008 9:18 p.m. To: Mark Pagulayan Cc: freebsd-pf@freebsd.org Subject: Re: pftop 0.7 in

smtp not working with state modulation

Hi Guys, OS: FreeBSD 7.0-RELEASE I am having trouble Allowing external request SMTP through the firewall with "module state". But with "keep state" it is working fine. Here is my rules below in pf: ext_if="em1" int_if="em0" scrub in on $ext_if block in log on $ext_if a

RE: smtp not working with state modulation

Thanks for the reply Jeremy. This is a big help. Cheers, Mark -Original Message- From: Jeremy Chadwick [mailto:[EMAIL PROTECTED] Sent: Tuesday, 13 May 2008 3:03 p.m. To: Mark Pagulayan Cc: freebsd-pf@freebsd.org Subject: Re: smtp not working with state modulation On Tue, May 13

FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

Hi Guys, OS: FreeBSD 7.0-RELEASE Please correct me if I am wrong that PF 4.1 in FreeBSD 7.0 automatically inserts 'Flags S/SA' to rules? The problem is that when it comes to this rule: pass in quick on $int_if after loading to pf pass in quick on em0 flags S/SA keep stat

RE: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

: Kian Mohageri Cc: Mark Pagulayan; freebsd-pf@freebsd.org Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules Kian Mohageri wrote: > On Wed, May 14, 2008 at 3:45 PM, Mark Pagulayan >> The way I see this is that this rule would be applied to udp traffic as >> wel

RE: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

: Thursday, 15 May 2008 12:16 p.m. To: Mark Pagulayan Cc: Tom Uffner; Kian Mohageri; freebsd-pf@freebsd.org Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules Hello, Mark Pagulayan schreef: > Hi Tom, > > I have just zeroed in the statistics and yes the state-mismatch

RE: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

d outputs, can someone point me in the right direction? Cheers, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Uffner Sent: Thursday, 15 May 2008 1:26 p.m. To: freebsd-pf@freebsd.org Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rul

RE: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

is rule on the bridge? Thanks for the suggestion on the ruleset. It is much appreciated. Cheers, Mark -Original Message- From: Tom Uffner [mailto:[EMAIL PROTECTED] Sent: Friday, 16 May 2008 5:18 a.m. To: Mark Pagulayan Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD PF 4.1 Inserts

RE: FreeBSD PF 4.1 Inserts Flags S/SA Automatically to rules

Hi Tom, Thanks heaps for the advice I will review and reorganize our ruleset. Cheers, Mark -Original Message- From: Tom Uffner [mailto:[EMAIL PROTECTED] Sent: Friday, 16 May 2008 1:16 p.m. To: Mark Pagulayan Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD PF 4.1 Inserts Flags S/SA

PF: See packet errors on external interface

e the uplink that has problems but I hope I could gather information on what might be causing this, or things might be or not related to this issue. Your help would be greatly appreciated. Thanks Mark Pagulayan University of Auckland ___ freeb

pfsync ignoring stale update

ppreciated. Best Regards, Mark Pagulayan University Of Auckland ___ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Suggestions on how to do Layer 2 load balacing with PF

Hi Guys, I was just wondering if anyone of you have done layer 2 load balancing with PF. We tried to load balance traffic between two bridge firewall through OSPF, by putting equal weights on the router ports. But the problem we encountered is that when packet exits FW1 ( a state is created) it