similar to: PF - pf not loading non-persist tables from main ruleset on 8.3-PRERELEASE

I've read a bit about how keeping state works with PF and written rulesets which look logical to me, but present some problems intermittently. I believe it has to do with the creation of state entries, and how PF judges what to do in any case. > pass in quick on em0 from <trusted> to port any port = 3306 keep state As I understood it, because I did not specify any flags such as

https://bugzilla.netfilter.org/show_bug.cgi?id=1706 Bug ID: 1706 Summary: Nft is slow when loading ruleset with lots of add element calls of different interval maps Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority:

Hello from ealier 6.0 there is problem with synproxy in pf filter: this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006 pf.conf just with single rule pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state result telnet 127.0.0.1 22 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. and it's hangs pfctl -s rules -v No ALTQ support in

https://bugzilla.netfilter.org/show_bug.cgi?id=1195 Bug ID: 1195 Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work. Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:07.pf Security Advisory The FreeBSD Project Topic: IP fragment handling panic in pf(4) Category: contrib Module: sys_contrib Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:07.pf Security Advisory The FreeBSD Project Topic: IP fragment handling panic in pf(4) Category: contrib Module: sys_contrib Announced:

https://bugzilla.netfilter.org/show_bug.cgi?id=1349 Bug ID: 1349 Summary: "nft list ruleset" shows rules twice Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1130 Bug ID: 1130 Summary: Better handling DNS names in nft ruleset Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1256 Bug ID: 1256 Summary: Default ruleset files with tables are no longer installed after 0.8.3 version Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1477 Bug ID: 1477 Summary: Unable to use saved ruleset when using dynamic sets Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1

https://bugzilla.netfilter.org/show_bug.cgi?id=1325 Bug ID: 1325 Summary: Reproducible NULL ptr deref upon checking trivial nftables ruleset in Linux 5.0 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1118 Bug ID: 1118 Summary: nft: nft -f and nft list ruleset use different sets of service -> port mappings Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1093 Bug ID: 1093 Summary: 'Flush ruleset' is undocumented Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1450 Bug ID: 1450 Summary: Using certain simple set combinations with TCP flags causes error in mergesort.c from nft list ruleset Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal

https://bugzilla.netfilter.org/show_bug.cgi?id=1424 Bug ID: 1424 Summary: v0.9.0: segfault when using nft -f <file> and issuing "ruleset flush" twice Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal

I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep

https://bugzilla.netfilter.org/show_bug.cgi?id=1382 Bug ID: 1382 Summary: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major

https://bugzilla.netfilter.org/show_bug.cgi?id=1222 Bug ID: 1222 Summary: nft list ruleset – infinite memory use Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1463 Bug ID: 1463 Summary: nft --json table list ruleset crashes Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org