similar to: [PATCH] ipfw2 fails with 'bad command' error

hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling

Hi, has anybody an example of firewall rules written with IPFW2 using the MAC asdress? Regards, Dirk Hombrecher

Dear FreeBSD! I would like to use custom rules file with ipfw2. My computer goes to the net via dial-up modem and kernel ppp type. Since I don't have experience with dinamic rules, but want to, reading tutorials stranded me somewhere in the middle. In this moment I need recall of known links to docs about topic. Provider gives new address every time when connected. One machine. Via ppp...

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES"

This looks like a very cool feature addition to RELENG_7! Are there any performance penalties that you know of with this built in ? ---Mike At 09:13 PM 7/23/2008, Julian Elischer wrote: >julian 2008-07-24 01:13:22 UTC > > FreeBSD src repository > > Modified files: (Branch: RELENG_7) > contrib/pf/pfctl parse.y > lib/libc/sys

I have a hotplug setup in initramfs. Everytime that modprobe is called I get a kernel oops: NULL pointer dereference: Unable to handle kernel NULL pointer dereference<1>Unable to handle kernel NULL pointer dereference at virtual address 00000014 printing eip: c015db49 *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: CPU: 3 EIP: 0060:[<c015db49>] Not tainted

I can't make R on a Solaris 9 box. Does anyone have any suggestions? Thanks in advance. <3>-> make `Makedeps' is up to date. `libbz2.a' is up to date. `Makedeps' is up to date. `libpcre.a' is up to date. `Makedeps' is up to date. `libz.a' is up to date. ../../../src/include/libintl.h is unchanged ../../../include/libintl.h is unchanged `localecharset.h'

Hi. Since this revision (appeared in 6.3) I think ipfw violates POLA. I mean "ipfw table N list" shows values of table in Internet '.' notation. A friend of mine was surprised to found Internet representation of this "optional 32-bit unsigned value". For example security/bruteblock stores unix timestamps here and AFAICS there is no possibility to come back to the

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

Hi, I have buit Xen (32 bit) with PAE and can start multiple Paraguests with 4 gig memory, but cannot launch a single VM with more than 4 gb memory. I would like to launch 1 VM with 30GB or so memory. Are there any config paramters like kernel,/inittrd that need to be changed. I have the ramdisk set to the initrd I used to boot xen with PAE. Thanks - padma

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET

I have same problem on same class machine, here is dmesg from failing boot (via serial console): -------------------- Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.8-RELEASE-p7 #0: Sat Sep 20 17:07:38 EEST 2003

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

Hello, I''m looking how (if) can I solve the following problem using HTB and iproute2: I need to assing the same bandwidth limit to every client, but the problem is that clients will be random - i.e. I know niether number of clients no IP or MAC addresses. If anybody knows FreeBSD''s ipfw2 - I''m looking for something like "ipfw pipe 150 config mask dst-ip 0xffffffff

I hesitate to call this a "bug" as I don't know all the history behind the ipfw2 decisions, so let me toss this out there and see I'm just missing something. Overview ======== The negated operator, "not recv any" was taken to mean "any packet never received by an interface" believed to be equivalent to "any packet that originated on the current

I'm just one of those weirdos, who wanna make a powerfull queues shaper (not QoS but near) with ipfw2 on their freebsd 4.x-stable. My server is using frequently used configuration with NAT+FW ADSL router with one external ip on external network interface (we're using ADSL modem in bringe mode). I've configured single pipe, configured queues to use that pipe, add queues with different

Hi, We have a pretty serious problem with our news server crashing during the expire cronjob. This happened with 4.7-RELEASE, so we upgraded to 4.8-RELEASE recently, hoping that the problem might be fixed, but it isn't. The machine is a Compaq DL360-G2. I've searched the PR database as well as the mailing list archives for the panic string, but didn't find anything. What makes the

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

Hello, I noticed that after enabling firewall in my kernel (5.3-release), my dmesg now gives me this: ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to accept, logging limited to 5 packets/entry by default On 5.2.1, I used to get this: ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to accept, logging disabled If both cases, I am

The patch below adds support for custom HTTP headers in download.file() and url(). My main motivation for this is performing basic http authentication. Some web sites do not support embedding the credentials into the URI itself, they only work if the username and password are sent in the HTTP headers. In fact specifying the username and password in the URI has been