similar to: pf does not use IPv6 interface addresses at startups

list: cvsuped and build world failed today on pflogd. cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes -I/usr/src/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -c /usr/src/sbin/pfctl/../../contrib/pf/pfctl/pfctl_radix.c cc -O2 -fno-strict-aliasing -pipe -Wall -Wmissing-prototypes

Dear ALL! Maybe someone can help me with my problem? I have no adea what is happening with my packets :( I have 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 box running pf. And i have ipcad daemon running (installed from ports) pf.conf says pass quick on lo0 all and when i'm trying to rsh to ipcad that is listening on anna# netstat -a|grep shell tcp4 0 0 localhost.shell *.*

current setup SIP phone 192.168.1.30 --> linksys wrt54g sveasoft -- INTERNET -- (xl0) Firewall (xl2:172.16.0.50)--> (em1:172.16.0.101) Asterisk problem is RTP stream not oging trouhg from * to sip and vice versa. #1 and asterusk is pushing 192.168.1.30 back to linksys with 172 as return address.... or #2 asterisk trying to get back to me as 192.168 on public internet.. got

Dear all, Browsing through the securityfocus vulnerability database I found two items, that might interesting for the FreeBSD community: 1. GNU GNATS Syslog() Format String Vulnerability http://www.securityfocus.com/bid/10609 GNATS is vital part of the PR handling of FreeBSD. I think security officers should contact developers of GNU GNATS about this issue to resolve the potential problem.

TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "ipcomp6_input()" function in

Hello list, I installed a box recently and updated it to 8.3-PRERELEASE on 2012/04/11 I'm experiencing this extremely weird behavior where PF refuses to load standard and const table definitions from the main ruleset. - persist tables load just fine - normal and const tables inside anchors load just fine Does anyone else have the same problem ? I'll try to update the kernel again,

This looks like a very cool feature addition to RELENG_7! Are there any performance penalties that you know of with this built in ? ---Mike At 09:13 PM 7/23/2008, Julian Elischer wrote: >julian 2008-07-24 01:13:22 UTC > > FreeBSD src repository > > Modified files: (Branch: RELENG_7) > contrib/pf/pfctl parse.y > lib/libc/sys

I've read a bit about how keeping state works with PF and written rulesets which look logical to me, but present some problems intermittently. I believe it has to do with the creation of state entries, and how PF judges what to do in any case. > pass in quick on em0 from <trusted> to port any port = 3306 keep state As I understood it, because I did not specify any flags such as

Any help about this error on domU ? request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 I am using xen_changeset : Sat Apr 1 14:59:12 2006 +0100

Any help about this error on domU ? request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 request_module: runaway loop modprobe net-pf-16-proto-9 I am using xen_changeset : Sat Apr 1 14:59:12 2006 +0100

Hi all. I recently turned net.inet.udp.log_in_vain on on some of my boxen and have been seeing UDP connection attempts to port 67 on the local host. This initially seemed odd, as the target ip addres was indeed that of a DHCP-configured interface and the source address was that of my DHCP server. However, it turns out this is totally valid, as dhclient(8) does not bind(2) on the bootpc port but

From: Mihai Don?u <mdontu at bitdefender.com> It can happened to end up emulating the VMCALL instruction as a result of the handling of an EPT write fault. In this situation, the emulator will try to unconditionally patch the correct hypercall opcode bytes using emulator_write_emulated(). However, this last call uses the fault GPA (if available) or walks the guest page tables at RIP,

From: Mihai Don?u <mdontu at bitdefender.com> It can happened to end up emulating the VMCALL instruction as a result of the handling of an EPT write fault. In this situation, the emulator will try to unconditionally patch the correct hypercall opcode bytes using emulator_write_emulated(). However, this last call uses the fault GPA (if available) or walks the guest page tables at RIP,

Hi all, Just FYI, this post showed up on the pf mailing list a couple of days ago: Cc: pf at benzedrine.cx From: Axel Rau <Axel.Rau at Chaos1.DE> Subject: Re: mismatch on route through packet/byte counts Date: Sun, 18 Feb 2007 14:37:56 +0100 To: Daniel Hartmeier <daniel at benzedrine.cx> X-Mailer: Apple Mail (2.752.2) Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from

My apologies in advance if this is the wrong list to ask this in, but how well does pf work in 4.8-STABLE? And if so, what kernel options do I need to compile in? Can pf kernel options coexist w/ IPFW options, if I keep the IPFW modulus from loading? Can I still bridge in regular fashion w/ pf? I've already read up on http://pf4freebsd.love2party.net/install.html, but this seemd a bit

Hi List, We have a large (6500 desktops) network distributed over a few dozen sites. The clients are (almost) all Windows95 and WinXP. We currently use Netware as our network operating system, and are looking at the possibility of moving to (Samba on) Linux to provide file and print services. One of the nice things about Novell NDS is that you can specify printers that are available to

Hello from ealier 6.0 there is problem with synproxy in pf filter: this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006 pf.conf just with single rule pass in quick on lo0 proto tcp from any to any port 22 flags S/SA synproxy state result telnet 127.0.0.1 22 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. and it's hangs pfctl -s rules -v No ALTQ support in

Hi everybody, today I met the following problems on my freebsd box. I had a USB stick of opensolaris bootable USB image and tried to mount it on my fbsd box. The first time, when I tried to mount the usb device, my system freezed and then rebooted giving me one core in my dumpdev. When I tried to redo the mounting, the kernel informed me that the filesystem needed to be fsck'd before

Bug Description: Problem with the function pf() when the non-centrality parameter is large. Here is a sample command. You should see a smooth line from 0 to about 55, and then the values of pf() go crazy from 55 to 100. ############################ ncp <- seq(0,100,length=200) plot(ncp,pf(5,7,2,ncp=ncp)) ############################ Version: platform = i686-pc-linux-gnu arch = i686 os =

Hi, I followed the "Optimizing CentOS for gigabit firewall" posting and as some posters wrote pf is soo sooo ssooooo mutch faster, I was thinking to give it a try. But I'm not familier to BSD so I was looking for some tools and found "pfsense" http://www.pfsense.org/ "pfSense is a free, open source customized distribution of FreeBSD tailored for use as a