Displaying 20 results from an estimated 400 matches similar to: "Real solution for OpenBSD masq firewall w/udp connections"
2006 Mar 15
0
build world failed on pflogd
list:
cvsuped and build world failed today on pflogd.
cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes
-Wno-uninitialized -Wstrict-prototypes
-I/usr/src/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ
-Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -c
/usr/src/sbin/pfctl/../../contrib/pf/pfctl/pfctl_radix.c
cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes
2008 Mar 09
2
Dead Air on PF firewall
Hi All,
I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I
can make a call but some reasons I have a dead air.
Any Ideas? below are my rules...
ext_if = "bce0"
int_if = "bce1"
altitude = "172.16.1.0/24"
#### machines ####
vbox = "172.16.1.1"
uci = "172.16.1.4"
voices = "203.172.x.1"
ipc =
2005 Sep 28
1
Control Trafic
Hi !
I have an error in this script as it is not working and I can''t figure out what that is.
Anyone can help?
Thanks!
#!/bin/bash
### unitati de masura pt debit
# kbps - kilobytes per second
# mbps - megabytes per second
# kbit - kilbits per second
# mbit - megabits per second
EXT_IF="eth0"
INT_IF="eth1"
TC=/sbin/tc
IPTABLES=/sbin/iptables
# RATE
2005 Oct 01
0
Re: RE: Control Traffic
Hi Andreas!
I mainly understand what you mean, I tried to fix something on the script, I don''t know if I did it well.
Can you take another look on it please and if is wrong to make the corrections directly on it so that I see where the mistake is...
With this script I want to make limits for IP class 85.120.48.0/25 for international traffic in 256 KBps classes and for metropolitan
2004 Apr 09
1
HTB
Hello,
I have problems with htb. The problem is that when I download
any file via shaper with htb, the traffic is very dinamic,
it jumps, for example:
if i have set ceil = 128kbit the results that it jumps from 112kbps
to 144kbps or smth like that maybe its not very bad, but when the
traffic drops down to 40kbps or less and then after 1 or 2 seconds
jumps to 144kbps, its bad :-( and it is often.
2007 Jul 02
1
Jails and loopback interfaces
I've got a server running FreeBSD 6.2 and PF. The server has a couple
dozen jails on it. Previously, I had a few "private" services such as
MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails
running on the public IPs.
I have to renumber my machine with a new block of public IPs so I
thought I'd be clever and move all the jails onto loopback IPs. Then
2005 Oct 05
1
Shorewall traffic shaping, getting confused....
Hey list and possible Arne...
I try to get traffic shaping working on my firewall but getting cunfused
with settings, but first my current setup:
tcclasses file:
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
$EXT_IF 10 64kbit full 1
tcp-ack,tos-minimize-delay
$EXT_IF 20 full/3 full/2 2 default
$EXT_IF 30
2006 Mar 16
1
pf: synproxy broken
Hello
from ealier 6.0 there is problem with synproxy in pf filter:
this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006
pf.conf just with single rule
pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state
result
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
and it's hangs
pfctl -s rules -v
No ALTQ support in
2006 Mar 28
1
Problems with pf + ftp-proxy on gateway
I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine.
I have this line on inetd.conf:
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -n
And this lines on pf.conf:
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy
pass in quick on $ext_if inet proto tcp from any port ftp-data to
$ext_if:0 user proxy flags S/SA keep
2018 Apr 24
2
[Bug 1248] New: The rr-load-balance part doesn't actually work on 0.7
https://bugzilla.netfilter.org/show_bug.cgi?id=1248
Bug ID: 1248
Summary: The rr-load-balance part doesn't actually work on 0.7
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: nft
Assignee: pablo at
2008 Jul 24
0
cvs commit: src/contrib/pf/pfctl parse.y src/lib/libc/sys Symbol.map getsockopt.2 src/sbin/ipfw ipfw.8 ipfw2.c src/sys/conf NOTES options src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c src/sys/contrib/pf/net pf.c pf_ioctl.c src/sys/kern init_sysent.c
This looks like a very cool feature addition to RELENG_7! Are there
any performance penalties that you know of with this built in ?
---Mike
At 09:13 PM 7/23/2008, Julian Elischer wrote:
>julian 2008-07-24 01:13:22 UTC
>
> FreeBSD src repository
>
> Modified files: (Branch: RELENG_7)
> contrib/pf/pfctl parse.y
> lib/libc/sys
2007 Aug 24
3
traffic shaping stranges
Hello list,
I discover strange behaviour of shaping traffic that i setup from
Shorewall-4.0.2.
I know that this is not Shorewall problem but may be somebody from list
can help me
or explain this situation.
I have follow interfaces in 'tcdevices' files:
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
#
$EXT_IF 500kbit 248kbit
$INT1_IF 500mbit
2020 Apr 01
2
Can't block intrusion
On 2020-04-01 15:12, Greg Troxel wrote:
> D'Arcy Cain <darcy at VybeNetworks.com> writes:
> But yet, new packets from that IP address reach asterisk. It seems
> almost entirely clear to me that you have a firewall problem, not an
> asterisk problem.
This could well be but Asterisk is the only thing that continues to
communicate.
> I would test this out with a remote
2005 Dec 19
7
Brute Force Detection + Advanced Firewall Policy
Any BFD/AFP softwares available for FreeBSD 4.10?
Im getting flooded with ssh and ftp attempts.
2006 Aug 19
9
SSH scans vs connection ratelimiting
Gang,
For months now, we're all seeing repeated bruteforce attempts on SSH.
I've configured my pf install to ratelimit TCP connections to port 22
and to automatically add IP-addresses that connect too fast to a table
that's filtered:
table <lamers> { }
block quick from <lamers> to any
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22
modulate
2020 Apr 02
2
Can't block intrusion
On 2/04/2020 6:35 AM, D'Arcy Cain wrote:
> On 2020-04-01 16:28, Mark Boyce wrote:
>> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com
>> <mailto:gdt at lexort.com>> wrote:
>>> I think you need to use tcpdump and turn up firewall debugging.
>> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
> block drop in log quick on bge0
2020 Apr 01
2
Can't block intrusion
I am running Asterisk 16.9 on FreeBSD 12.1-RELEASE-p1. I keep seeing
lines like this in my logs.
[Apr 1 13:30:33] NOTICE[101155][C-00004526] chan_sip.c: Call from ''
(45.143.220.235:5356) to extension '2037' rejected because extension not
found in context 'unauthenticated'.
I have a script that checks for things like this and adds them to my
packet filter (pf).
2005 Oct 25
1
pf and short packets
Dear ALL!
Maybe someone can help me with my problem? I have no adea what is
happening with my packets :(
I have 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 box running pf.
And i have ipcad daemon running (installed from ports)
pf.conf says
pass quick on lo0 all
and when i'm trying to rsh to ipcad that is listening on
anna# netstat -a|grep shell
tcp4 0 0 localhost.shell *.*
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes:
> Here is the first four lines from "pfctl -sr":
>
> pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state
> block drop in log quick on bge0 from <ENEMIES> to any
> block drop in log quick on bge0 from <AUTOBLOCK> to any
> block drop out log quick on bge0 from any to
2020 Apr 01
0
Can't block intrusion
On 2/04/2020 5:28 AM, Mark Boyce wrote:
> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com
> <mailto:gdt at lexort.com>> wrote:
>>
>> I think you need to use tcpdump and turn up firewall debugging.
>
> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
>
> Mark
Or the stateful entry still exists when the table entry is updated.