search for: pflog0

...uick on lo0 all and when i'm trying to rsh to ipcad that is listening on anna# netstat -a|grep shell tcp4 0 0 localhost.shell *.* LISTEN anna# rsh -l root localhost show ip accounting i got no replay, but pflog says the following: anna# tcpdump -n -e -ttt -x -i pflog0 host 127.0.0.1 000034 rule 0/3(short): pass out on lo0: IP 127.0.0.1.514 > 127.0.0.1.643: . ack 30 win 65535 0x0000: 4600 002c 6605 4000 0306 11c5 7f00 0001 F..,f.@......... 0x0010: 7f00 0001 0100 0000 0202 0283 8129 5dab .............)]. 0x0020: 5db7 f2f2 5010 f...

...ing the userid who tried to do it. header,79,11,connect(2),0,Sun Jan 6 17:06:04 2013, + 439 msec,argument,1,0x3,fd,subject,tw,tw,tw,tw,tw,54100,54064,13556,64.7.yy.yy,return,failure : Operation not permitted,4294967295,trailer,79, But if I make a simple php script to try and connect out, again, pflog0 blocks it and logs it, but it does not show up in the audit logs 17:07:46.518501 rule 433/0(match): block out on em0: 64.7.xx.xx.36528 > 8.8.8.8.25: Flags [S], seq 1724105073, win 65535, options [mss 1460,nop,wscale 3,sackOK,TS val 177324430 ecr 0], length 0 Any idea what I am missing ? This...

...ting ports opened for a web server which I have totally closed now but when I chose option 10 (filter log) on pfSense I get all of this type of traffic (note that it was only 1 single IP and once I blocked that one it was like opening a can full of bees with all different IPs): tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 000000 rule 70/0(match): block in on vr1: 221.132.34.165.33556 > 69.90.78.53.52229: tcp 20 [bad hdr length 0 - to...

...00:e0:81:72:7d:05 1859059 2 1872743 0 0 em0 1500 10.0.0/24 databank.X 1859059 2 1872743 0 0 em0 1500 fe80::%em0/ fe80::2e0:81ff:fe 1859059 2 1872743 0 0 em1* 1500 <Link> 00:e0:81:72:7d:06 0 0 0 0 0 pflog0* 33192 <Link> 0 0 0 0 0 enc0* 1536 <Link> 0 0 0 0 0 any advice or clues on how to get samba to turn out > 6 MBps, or preferably > 20 MBps, would be greatly appreciated. do let...

...ption: When using ifconfig(8) to change MTU of an interface it is not allowed. # ifconfig lagg0 mtu 1492 ifconfig: ioctl (set mtu): Invalid argument # ifconfig dc0 mtu 1492 ifconfig: ioctl (set mtu): Invalid argument # ifconfig dc1 mtu 1492 ifconfig: ioctl (set mtu): Invalid argument # ifconfig pflog0 mtu 120 ifconfig: ioctl (set mtu): Invalid argument # ifconfig ath0 mtu 1500 ifconfig: ioctl (set mtu): Invalid argument >How-To-Repeat: See description. >Fix: No workaround known.

..., self powered uhub3: 6 ports with 6 removable, self powered ugen0.3: <USB> at usbus0 ukbd0: <USB USB Keykoard, class 0/0, rev 1.10/1.10, addr 3> on usbus0 kbd2 at ukbd0 uhid0: <USB USB Keykoard, class 0/0, rev 1.10/1.10, addr 3> on usbus0 Trying to mount root from ufs:/dev/ad4s1a pflog0: promiscuous mode enabled em2: link state changed to UP bridge0: promiscuous mode enabled pflog0: promiscuous mode disabled Waiting (max 60 seconds) for system process `vnlru' to stop...done Waiting (max 60 seconds) for system process `bufdaemon' to stop...done Waiting (max 60 seconds) for...

...> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:15:17:50:40:29 inet 192.168.245.11 netmask 0xffffff00 broadcast 192.168.245.255 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 [ns8]# snmpwalk -v1 -c xxxx ns8 .1.3.6.1.2.1.25.3.3.1 with ULE gives a bogus value HOST-RESOURCES-MIB::hrProcessorFrwID.3 =...

...without issue, which is strange, since I would figure if there were network issues, then I would see it for both in and out. So box sends a syn outbound, ack is never returned. I can see on the destination boxes interface that the return packet is never actually generated. Running tcpdump -nei pflog0 doesn't show any blocked return packets, so I think the packets are just not getting generated. I don't really understand how this could be honestly. I first thought it was an issue with a Linux box, since its running a service that both boxes are trying to talk to, but I don't think...

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is