From owner-freebsd-pf@FreeBSD.ORG  Sun Mar 12 09:17:49 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CA8D516A65E
	for <freebsd-pf@freebsd.org>; Sun, 12 Mar 2006 09:17:49 +0000 (GMT)
	(envelope-from raymond.jacob@navy.mil)
Received: from gate15-norfolk.nmci.navy.mil (gate15-norfolk.nmci.navy.mil
	[138.162.5.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ABCF44277
	for <freebsd-pf@freebsd.org>; Sun, 12 Mar 2006 04:49:58 +0000 (GMT)
	(envelope-from raymond.jacob@navy.mil)
Received: from naeanrfkms03.nmci.navy.mil by gate15-norfolk.nmci.navy.mil
	via smtpd (for mx1.freebsd.org [216.136.204.125]) with ESMTP;
	Sun, 12 Mar 2006 04:49:58 +0000
Received: (private information removed)
Received: from no.name.available by naeanrfkfw09c.nmci.navy.mil
	via smtpd (for insidesmtp2.nmci.navy.mil [10.16.0.170]) with ESMTP;
	Sun, 12 Mar 2006 04:49:57 +0000
Received: (private information removed)
Received: (private information removed)
Received: (private information removed)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 11 Mar 2006 23:49:56 -0500
Message-ID: <653C8E7D21FB654997909E77C691053F45B0E7@NAEAWNYDEX21VA.nadsusea.nads.navy.mil>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Two(2) questions regarding quick and adding rules later.
Thread-Index: AcZEmCAXOHyC8MvBQc6G5xQGKtM7PwAVv/0QACg341A=
From: "Jacob, Raymond A Jr" <raymond.jacob@navy.mil>
To: <freebsd-pf@freebsd.org>
X-OriginalArrivalTime: 12 Mar 2006 04:49:57.0044 (UTC)
	FILETIME=[6945FF40:01C64590]
Subject: RE: Two(2) questions regarding quick and adding rules later.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2006 09:17:50 -0000

So you are saying if I have just one quick statement the last rule
matching i.e. block log all wins?=20

Thank you,
Raymond

-----Original Message-----
From: Greg Hennessy [mailto:Greg.Hennessy@nviz.net]
Sent: Saturday, March 11, 2006 4:38
To: Jacob, Raymond A Jr; freebsd-pf@freebsd.org
Subject: RE: Two(2) questions regarding quick and adding rules later.


>=20
> All traffic blocked unless I use quick.
> tcpdump -n -e -ttt -r /var/log/pflog
> showed traffic was blocked by the last rule unless I added=20
> quick to pass rules.
> I thought the matching rules would have overiden the block rule?

If you don't use quick , the last matching rule wins.=20

Make the very 1st rule=20

block log all

And delete any non specific blocks further down.=20




Greg

From owner-freebsd-pf@FreeBSD.ORG  Sun Mar 12 10:30:01 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4B74316A400
	for <freebsd-pf@freebsd.org>; Sun, 12 Mar 2006 10:30:01 +0000 (GMT)
	(envelope-from remko@freebsd.org)
Received: from caelis.elvandar.org (caelis.elvandar.org [217.148.169.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C08EC43D48
	for <freebsd-pf@freebsd.org>; Sun, 12 Mar 2006 10:30:00 +0000 (GMT)
	(envelope-from remko@freebsd.org)
Received: from localhost (caelis.elvandar.org [217.148.169.59])
	by caelis.elvandar.org (Postfix) with ESMTP id C015092FC6C;
	Sun, 12 Mar 2006 11:29:59 +0100 (CET)
Received: from caelis.elvandar.org ([217.148.169.59])
	by localhost (caelis.elvandar.org [217.148.169.59]) (amavisd-new,
	port 10024)
	with ESMTP id 59347-09; Sun, 12 Mar 2006 11:29:59 +0100 (CET)
Message-ID: <4413F82F.30608@FreeBSD.org>
Date: Sun, 12 Mar 2006 11:30:07 +0100
From: Remko Lodder <remko@FreeBSD.org>
User-Agent: Thunderbird 1.5 (Macintosh/20051201)
MIME-Version: 1.0
To: "Jacob, Raymond A Jr" <raymond.jacob@navy.mil>
References: <653C8E7D21FB654997909E77C691053F45B0E7@NAEAWNYDEX21VA.nadsusea.nads.navy.mil>
In-Reply-To: <653C8E7D21FB654997909E77C691053F45B0E7@NAEAWNYDEX21VA.nadsusea.nads.navy.mil>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by the elvandar.org maildomain
Cc: freebsd-pf@freebsd.org
Subject: Re: Two(2) questions regarding quick and adding rules later.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: remko@FreeBSD.org
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2006 10:30:01 -0000

Jacob, Raymond A Jr wrote:
> So you are saying if I have just one quick statement the last rule
> matching i.e. block log all wins? 
> 
> Thank you,
> Raymond

Basically he is saying:

block log all
pass in quick <whatever>

which represents: Block all traffic and log that unless we hit some
other rule that we match.  The pass in quick rule will get the matching
packet from the queue and process it.  If it does not match the pass in
quick rule it will continue down the queue of rules and if nothing
matches he reverts to the match he had at the top "block log all".

Hope this makes it a bit easier to understand,

Cheers,
Remko
-- 
Kind regards,

      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org

      /* Quis custodiet ipsos custodes */

From owner-freebsd-pf@FreeBSD.ORG  Sun Mar 12 11:18:41 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77D2516A400;
	Sun, 12 Mar 2006 11:18:40 +0000 (GMT)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from lon-mail-3.gradwell.net (lon-mail-3.gradwell.net
	[193.111.201.127])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9146743D45;
	Sun, 12 Mar 2006 11:18:39 +0000 (GMT)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from 88-105-196-1.dynamic.dsl.as9105.com ([88.105.196.1] helo=vaio
	ident=gregh*pop3*nviz*net)
	by lon-mail-3.gradwell.net with esmtpa (Gradwell gwh-smtpd 1.214) id
	4414038d.97ea.13a; Sun, 12 Mar 2006 11:18:37 +0000
	(envelope-sender <Greg.Hennessy@nviz.net>)
From: "Greg Hennessy" <Greg.Hennessy@nviz.net>
To: <remko@freebsd.org>,
	"'Jacob, Raymond A Jr'" <raymond.jacob@navy.mil>
Date: Sun, 12 Mar 2006 11:18:26 -0000
Message-ID: <000301c645c6$af4a6f90$0301a8c0@vaio>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <4413F82F.30608@FreeBSD.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
Thread-Index: AcZFxIEwIR+hjNBkTgWhWG4vuMOAhQAAhRzw
Cc: freebsd-pf@freebsd.org
Subject: RE: Two(2) questions regarding quick and adding rules later.
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Mar 2006 11:18:41 -0000

 
> which represents: Block all traffic and log that unless we 
> hit some other rule that we match.  The pass in quick rule 
> will get the matching packet from the queue and process it.  
> If it does not match the pass in quick rule it will continue 
> down the queue of rules and if nothing matches he reverts to 
> the match he had at the top "block log all".
> 
> Hope this makes it a bit easier to understand,

Works for me, couldn't have said it better myself. 


Greg


From owner-freebsd-pf@FreeBSD.ORG  Mon Mar 13 11:02:54 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2ACB616A400
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 11:02:54 +0000 (UTC)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF10A43D49
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 11:02:52 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (peter@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k2DB2qgi097719
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 11:02:52 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Received: (from peter@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k2DB2okc097713
	for freebsd-pf@freebsd.org; Mon, 13 Mar 2006 11:02:50 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Date: Mon, 13 Mar 2006 11:02:50 GMT
Message-Id: <200603131102.k2DB2okc097713@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: peter set sender to
	owner-bugmaster@freebsd.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-pf@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2006 11:02:54 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2005/06/15] kern/82271  pf          [pf] cbq scheduler cause bad latency
f [2005/07/31] kern/84370  pf          [modules] Unload pf.ko cause page fault
f [2005/09/13] kern/86072  pf          [pf] Packet Filter rule not working prope
o [2006/02/07] kern/92949  pf          [pf] PF + ALTQ problems with latency
o [2006/02/18] sparc64/93530pf          Incorrect checksums when using pf's route
o [2006/02/25] kern/93829  pf          [carp] pfsync state time problem with CAR

6 problems total.

Non-critical problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2005/05/15] conf/81042  pf          [pf] [patch] /etc/pf.os doesn't match Fre
o [2005/12/09] kern/90148  pf          [pf] pf_enable="YES" -> Fatal trap 12: pa
o [2006/02/25] kern/93825  pf          [pf] pf reply-to doesn't work
o [2006/02/26] kern/93849  pf          pf no-df breaks IP checksum of all tcp tr

4 problems total.


From owner-freebsd-pf@FreeBSD.ORG  Mon Mar 13 14:27:11 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A13F16A420
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 14:27:11 +0000 (UTC)
	(envelope-from trobalo@mrna.ist.utl.pt)
Received: from smtp2.ist.utl.pt (smtp2.ist.utl.pt [193.136.128.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9D46B43D4C
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 14:26:55 +0000 (GMT)
	(envelope-from trobalo@mrna.ist.utl.pt)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp2.ist.utl.pt (Postfix) with ESMTP id 65883700005A
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 14:26:53 +0000 (WET)
Received: from smtp2.ist.utl.pt ([127.0.0.1])
	by localhost (smtp2 [127.0.0.1]) (amavisd-new, port 10025) with LMTP
	id 14849-01-60 for <freebsd-pf@freebsd.org>;
	Mon, 13 Mar 2006 14:26:53 +0000 (WET)
Received: from mrna.ist.utl.pt (mRNA.ist.utl.pt [193.136.165.100])
	by smtp2.ist.utl.pt (Postfix) with ESMTP id 458EF70000BA
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 14:26:53 +0000 (WET)
Received: from localhost (localhost [127.0.0.1])
	by mrna.ist.utl.pt (Postfix) with ESMTP id CA1FC40CA
	for <freebsd-pf@freebsd.org>; Mon, 13 Mar 2006 14:29:24 +0000 (WET)
Received: from mrna.ist.utl.pt ([127.0.0.1])
	by localhost (mrna.ist.utl.pt [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 46356-07 for <freebsd-pf@freebsd.org>;
	Mon, 13 Mar 2006 14:29:24 +0000 (WET)
Received: by mrna.ist.utl.pt (Postfix, from userid 80)
	id 8699B40B3; Mon, 13 Mar 2006 14:29:24 +0000 (WET)
Received: from lti20.ltideq.net (lti20.ltideq.net [192.168.100.170]) by
	mRNA.ist.utl.pt (Horde MIME library) with HTTP;
	Mon, 13 Mar 2006 14:29:24 +0000
Message-ID: <20060313142924.7uz50nbj4kcokgok@mRNA.ist.utl.pt>
Date: Mon, 13 Mar 2006 14:29:24 +0000
From: trobalo@mrna.ist.utl.pt
To: freebsd-pf@freebsd.org
References: <43F213F2.3080003@chm.org.ua>
In-Reply-To: <43F213F2.3080003@chm.org.ua>
MIME-Version: 1.0
Content-Type: text/plain;
	charset=UTF-8;
	format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.4-RC2)
X-Virus-Scanned: by amavisd-new at mrna.ist.utl.pt
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ist.utl.pt
Subject: Re: PF: dynamic rules
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2006 14:27:11 -0000

Hi,

Try authpf

Bye
Tiago

Quoting "Victor V. Melnichenko" <worm@chm.org.ua>:

> Hi ALL!
>
> I have some problem with PF.
> I have pppoe server based on mpd.
> What i want:
> When client connect to the server some rules (e.g. altq ... priq ... 
> etc) must be load and apply to the interface ng0 for example. When 
> client disconnected from server this rules must be delete from 
> rule-table.
> In IPFW this things works fine...
>
> Question: how can i do this in PF?
>
> P.S. Sorry, i am new in this mail-list and my english is bad sometimes :(
>
> Thanks!
> -- 
> With Best Regards,
> Victor V. Melnichenko
> VVM7-UANIC
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>



From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 12:30:09 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1897316A401
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 12:30:09 +0000 (UTC)
	(envelope-from dvincent1@free.fr)
Received: from email.siw.ch (email.siw.ch [217.197.213.203])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E56743D55
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 12:30:07 +0000 (GMT)
	(envelope-from dvincent1@free.fr)
Received: from [127.0.0.1] by email.siw.ch (MDaemon.PRO.v8.1.4.R)
	with ESMTP id md50006151732.msg
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 13:31:40 +0100
Message-ID: <441808C5.2020509@free.fr>
Date: Wed, 15 Mar 2006 13:29:57 +0100
From: David Vincent <dvincent1@free.fr>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: david.vincent@confort-it.com
X-MDRemoteIP: 195.70.2.231
X-Return-Path: dvincent1@free.fr
X-MDaemon-Deliver-To: freebsd-pf@freebsd.org
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05)
X-Spam-Report: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled 
	version=3.0.4
X-Spam-Level: 
X-Spam-Processed: email.siw.ch, Wed, 15 Mar 2006 13:31:43 +0100
X-MDAV-Processed: email.siw.ch, Wed, 15 Mar 2006 13:31:43 +0100
Subject: PF conf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dvincent1@free.fr
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 12:30:09 -0000

I want to setup a firewall using freebsd 5.4 with 3 zones:

EXTERNAL
INTERNAL
DMZ

I have a reverse proxy and mail/dns servers in the DMZ. The reverse 
proxy forward requests  to servers in the internal zone.

I'm a newbie in PF configuration and I need some help in order to right 
configure PF.

Many thanks in advance,

David.



From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 12:46:42 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A88316A400
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 12:46:42 +0000 (UTC)
	(envelope-from wash@wananchi.com)
Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 853D943D48
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 12:46:40 +0000 (GMT)
	(envelope-from wash@wananchi.com)
Received: from wash by ns2.wananchi.com with local (Exim 4.60 #0 (FreeBSD
	4.11-STABLE)) id 1FJVOf-000PIt-17 by authid <wash>
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 15:46:37 +0300
Date: Wed, 15 Mar 2006 15:46:36 +0300
From: Odhiambo Washington <wash@wananchi.com>
To: freebsd-pf@freebsd.org
Message-ID: <20060315124636.GE78482@ns2.wananchi.com>
Mail-Followup-To: Odhiambo Washington <wash@wananchi.com>,
	freebsd-pf@freebsd.org
References: <441808C5.2020509@free.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <441808C5.2020509@free.fr>
X-Disclaimer: Any views expressed in this message,
	where not explicitly attributed otherwise, are mine alone!.
X-Mailer: Mutt 1.5.11 (2005-09-15)
X-Designation: Systems Administrator, Wananchi Online Ltd.
X-Location: Nairobi, KE, East Africa.
User-Agent: Mutt/1.5.11
Subject: Re: PF conf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 12:46:42 -0000

* On 15/03/06 13:29 +0100, David Vincent wrote:
| I want to setup a firewall using freebsd 5.4 with 3 zones:
| 
| EXTERNAL
| INTERNAL
| DMZ
| 
| I have a reverse proxy and mail/dns servers in the DMZ. The reverse 
| proxy forward requests  to servers in the internal zone.
| 
| I'm a newbie in PF configuration and I need some help in order to right 
| configure PF.
| 
| Many thanks in advance,
| 
| David.

If you are a newbie, then http://www.openbsd.org/faq/pf and google will
be good friends ;)
You have to craft rules by hand, one by one, after reading and googling.

What are you using currently though?


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

A fool's brain digests philosophy into folly, science into
superstition, and art into pedantry.  Hence University education.
		-- George Bernard Shaw

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 13:23:13 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E290D16A400
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 13:23:13 +0000 (UTC)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 88D4143D46
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 13:23:13 +0000 (GMT)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from gw2.local.net (unknown [62.3.210.251])
	by smtp.nildram.co.uk (Postfix) with ESMTP id 52C13333B71
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 13:23:09 +0000 (GMT)
From: "Greg Hennessy" <Greg.Hennessy@nviz.net>
To: <freebsd-pf@freebsd.org>
Date: Wed, 15 Mar 2006 13:23:10 -0000
Message-ID: <000001c64833$9a96bda0$0a00a8c0@thebeast>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <20060315124636.GE78482@ns2.wananchi.com>
Thread-Index: AcZIMN/6BSAEL+4DTReaZRdMPgcomwAAqtQg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-OriginalArrivalTime: 15 Mar 2006 13:23:10.0074 (UTC)
	FILETIME=[9A96BDA0:01C64833]
Subject: RE: PF conf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 13:23:14 -0000

 
> If you are a newbie, then http://www.openbsd.org/faq/pf and 
> google will be good friends ;) You have to craft rules by 
> hand, one by one, after reading and googling.

https://solarflux.org/pf/

Should be able to assist also. 


Greg


From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 16:48:31 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BDDF716A400
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 16:48:31 +0000 (UTC)
	(envelope-from freebsd-isp@epcdirect.co.uk)
Received: from gunfright.epcdirect.co.uk (gunfright.epcdirect.co.uk
	[195.10.242.32])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3815043D48
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 16:48:28 +0000 (GMT)
	(envelope-from freebsd-isp@epcdirect.co.uk)
Received: from lfarr (l-farr.int.epcdirect.co.uk [192.168.6.200])
	by gunfright.epcdirect.co.uk (Postfix) with ESMTP id 8D2106C889D;
	Wed, 15 Mar 2006 16:48:27 +0000 (GMT)
From: "Lawrence Farr" <freebsd-isp@epcdirect.co.uk>
To: <dvincent1@free.fr>,
	<freebsd-pf@freebsd.org>
Date: Wed, 15 Mar 2006 16:48:26 -0000
Message-ID: <011601c64850$48052c80$0200a8c0@lfarr>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <441808C5.2020509@free.fr>
Thread-Index: AcZILHqkobrCZ6pASOab4ZrVHSgWhwAI6vXg
Cc: 
Subject: RE: PF conf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 16:48:31 -0000

Pfsense is a lot easier to set up and maintain
for the same result:

http://www.pfsense.org
 

> -----Original Message-----
> From: owner-freebsd-pf@freebsd.org 
> [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of David Vincent
> Sent: 15 March 2006 12:30
> To: freebsd-pf@freebsd.org
> Subject: PF conf
> 
> I want to setup a firewall using freebsd 5.4 with 3 zones:
> 
> EXTERNAL
> INTERNAL
> DMZ
> 
> I have a reverse proxy and mail/dns servers in the DMZ. The reverse 
> proxy forward requests  to servers in the internal zone.
> 
> I'm a newbie in PF configuration and I need some help in 
> order to right 
> configure PF.
> 
> Many thanks in advance,
> 
> David.
> 
> 
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
> 


From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 18:33:05 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 63B9816A42A
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 18:33:05 +0000 (UTC)
	(envelope-from wsantee@gmail.com)
Received: from pproxy.gmail.com (pproxy.gmail.com [64.233.166.177])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 348B743D68
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 18:32:59 +0000 (GMT)
	(envelope-from wsantee@gmail.com)
Received: by pproxy.gmail.com with SMTP id n25so141176pyg
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 10:32:58 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:user-agent:mime-version:to:subject:x-enigmail-version:content-type:content-transfer-encoding;
	b=WCBJKHzcQO0MNZE4lTHgi4X0rQ5O6EVLz/3Vd5R3RHprB+f4bu4Vi1kUh1+mMetz4Mo2ot9sY2/dPwRt6wG72I5DtzdGhAITpAd/eGjeFToffoZ5nHVm4wCba7LIPYvcDvzVybAaeo3ePHJ3gfRNtyailw8jaU8zBPlSXOO7EJU=
Received: by 10.35.121.2 with SMTP id y2mr513524pym;
	Wed, 15 Mar 2006 10:32:58 -0800 (PST)
Received: from ?10.0.1.3? ( [168.103.224.74])
	by mx.gmail.com with ESMTP id w28sm1008613pyc.2006.03.15.10.32.57;
	Wed, 15 Mar 2006 10:32:58 -0800 (PST)
Message-ID: <44185DD4.8010009@gmail.com>
Date: Wed, 15 Mar 2006 10:32:52 -0800
From: Wes Santee <wsantee@gmail.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
X-Enigmail-Version: 0.94.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: cbq and borrowing not working
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 18:33:05 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings.

I asked this same question on the pf@benzedrine.cx list and so far the
only answer I've received is "yeah, it happens here also, anyone know
what's going on?"  Perhaps someone here can shed some light.  My
apologies if you're on that list also and this question is a repeat.

I'm on 6-STABLE if that makes any difference.

Short Version
_____________

Assume altq is using only the cbq scheduler.  When a parent queue "A" is
not labeled for borrowing from its root queue, the child queues of "A"
will not fully borrow from their parent, even if there is plenty of
bandwidth available to the parent queue.

Does anyone know what is happening here, or how to solve it?

Long Version
____________

The setup from pf.conf is this:

altq on $ext_if bandwidth 54Mb cbq queue { internal, external }
queue internal bandwidth 53104Kb priority 7 cbq(borrow)
queue external bandwidth 896Kb priority 4 cbq { highq, defaultq, lowq }
   queue highq    bandwidth 40% priority 3 cbq(borrow)
   queue defaultq bandwidth 40% priority 2 cbq(default borrow)
   queue lowq     bandwidth 20% priority 1 qlimit 300 cbq(borrow)

The internal queue is for wireless traffic coming from and going to the
internal network.  The external queue (and its children) are for traffic
going upstream to my ISP.  The "external" queue is set to my max
upstream bandwidth to my ISP, so it can't borrow from the root queue.
All the child queue's under "external" can (and should) borrow against
the available upstream bandwidth amount if available.

The problem is that packets in lowq are filling up the queue, even
though there is plenty of bandwidth available to borrow from the parent
queue.

Here's a snapshot from pfctl -vvsqueue:

queue  internal bandwidth 53.10Mb priority 7 cbq( borrow )
  [ pkts:        401  bytes:     216532  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  external bandwidth 896Kb priority 4 {highq, defaultq, lowq}
  [ pkts:          0  bytes:          0  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   highq bandwidth 358.40Kb priority 3 cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   defaultq bandwidth 358.40Kb priority 2 cbq( borrow default )
  [ pkts:       7397  bytes:    3230740  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:     10  suspends:      9 ]
  [ measured:     1.0 packets/s, 4.16Kb/s ]
queue   lowq bandwidth 179.20Kb qlimit 300 cbq( borrow )
  [ pkts:      41643  bytes:   48966175  dropped pkts:    0 bytes:   0 ]
  [ qlength: 117/300  borrows:  31513  suspends:   6282 ]
  [ measured:    21.1 packets/s, 193.23Kb/s ]


Notice that queue "external", the parent of lowq, has plenty of
available bandwidth (if you add up the usage for its child queues).
However, lowq has still got a backlog of 117 packets, and refuses to go
over 193Kbit/sec.  It is borrowing, but not enough to keep the queue in
check.  If I don't set a qlimit of 300 on lowq, the queue will fill up
in about 5 seconds after starting pf.

Okay, now what happens if I change queue "external" to allow borrowing
from the root, ala:

altq on $ext_if bandwidth 54Mb cbq queue { internal, external }
queue internal bandwidth 53104Kb priority 7 cbq(borrow)
queue external bandwidth 896Kb priority 4 cbq(borrow) { highq, defaultq,
lowq }
   queue highq    bandwidth 40% priority 3 cbq(borrow)
   queue defaultq bandwidth 40% priority 2 cbq(default borrow)
   queue lowq     bandwidth 20% priority 1 cbq(borrow)

"pfctl -vvsqueue" paints a different picture:

queue  internal bandwidth 53.10Mb priority 7 qlimit 200 cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/200  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue  external bandwidth 896Kb priority 4 cbq( borrow ) {highq,
defaultq, lowq}
  [ pkts:          0  bytes:          0  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:   1285  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   highq bandwidth 358.40Kb priority 3 cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   defaultq bandwidth 358.40Kb priority 2 cbq( borrow default )
  [ pkts:       2781  bytes:    1226812  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:    180  suspends:      0 ]
  [ measured:    17.5 packets/s, 66.61Kb/s ]
queue   lowq bandwidth 179.20Kb cbq( borrow )
  [ pkts:       5189  bytes:    6068440  dropped pkts:    0 bytes:   0 ]
  [ qlength:   0/ 50  borrows:   4341  suspends:      0 ]
  [ measured:    40.9 packets/s, 398.70Kb/s ]

Now the queue "lowq" is borrowing heavily from its parent queue
(external) and the queue is not backing up even at the default of 50
elements.

The strange thing here is that the queue "external" now shows that it is
borrowing from its parent (the root queue), although the amount of
bandwidth going through its queue is never getting close to its max of
896Kbit (about the highest I've seen it go is ~700Kbit/sec).  At any
rate, having "queue" external borrow from the root queue is a recipe for
disaster as I'll just end up saturating my upstream bandwidth.

The question is the same:  does anyone know what is happening here, or
how to solve it?

Cheers,
- -Wes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBRBhdxorq8W17hxGfAQiaeQ/8DJD0Yh8bLwwx9QiwhIUx9jwr/iyDaLMP
z1wTvvGhGmE2Lksa8Y0ewhIbHHhNiAxnQ0q5bZGq6nmR1A54WntJ7DWfxKIfecSH
C45K0WYz536fo+XipkEb0OHV6YwKuaOf+cLMObiKcVvWo6fLblU/hLNg6yYwv/PS
rhZGr5Y/oul0pFgrLEWOTYmPXnn2wzUjoVZU5B4U1uNL+IZX0YBVkhlACm2yd/vc
wSVNP7abpZb8tPQ6yZ5MafFrIFDapuou2nqKhtBOGECytSCdRihR8jtBOEsTYtlh
V+Gzcwac7x4DNkbagMYuv888F+by7W1Ao9vTFU9oa0IBawtHhet1ihONRo+nbOMv
gMYs4UW50JxkflQL3OGBZw5bypRh945m1gLzwMdaBdVzvVouduiz2N/EEAxFqNMo
zcjkQiUToZAK+iZSLz5ptPVjaJnDX5NILQvu59IujpqdbDFbdORtWHpUixJnRxZh
eCm3kptfPvbNVeWlHVapraQZcdF2/grJ8gM2+bi1jOlqvBbJUCHRjmrOfs4jnv1O
5cdqex5G3gob9terfTi02iwOylnACKPxkJzFGyyjjG+4gnendLgW7EAhoIWrC4WC
20dJfLg3BbC2uyr+lJR9vP0rrS5ShKxwwXUmtKe3U8PYeN83mGAc9kwJ/SvGT+2L
GpJFrnQR4UU=
=WeJv
-----END PGP SIGNATURE-----

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 20:11:35 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D4D2516A400
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 20:11:35 +0000 (UTC)
	(envelope-from smeier@eee.strath.ac.uk)
Received: from esna.cc.strath.ac.uk (vif-mailread-e.cc.strath.ac.uk
	[130.159.16.86])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7668543D45
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 20:11:34 +0000 (GMT)
	(envelope-from smeier@eee.strath.ac.uk)
Received: from unit196.ure-b.village.strath.ac.uk ([10.1.43.196]:63557
	helo=[192.168.1.3]) by esna.cc.strath.ac.uk with esmtp (Exim 4.34 #1)
	id 1FJcLC-0005qt-QW
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 20:11:30 +0000
Mime-Version: 1.0 (Apple Message framework v746.3)
Content-Transfer-Encoding: 7bit
Message-Id: <00083557-7AE7-4625-ABFD-D9BFC26942A0@eee.strath.ac.uk>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
To: freebsd-pf@freebsd.org
From: Sven Meier <smeier@eee.strath.ac.uk>
Date: Wed, 15 Mar 2006 20:11:28 +0000
X-Mailer: Apple Mail (2.746.3)
X-Strath-Information: Contact <email-security@strath.ac.uk> for more
	information
X-Strath-Scan: clean
X-Strath-UBECheck: 
Subject: authpf not working
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 20:11:35 -0000

Hello pf experts,

I'm running pf on FreeBSD 6.0-STABLE.  PF itself works fine, but I  
cannot get authpf to work.  It used to work and after a reinstall  
(and upgrade to the 6 branch) I copied all the config files back into  
their places and now the magic is gone.

I have placed the relevant anchors in my /etc/pf.conf (anchor "authpf/ 
*" and so on) file and created the user files in /etc/authpf/users/.  
When sshing in as an authpf user, I get the following error on the  
client machine.  The server shows just the authpf exited abnormally.

pfctl: /dev/fd/4: No such file or directory
Unable to modify filters
Connection to XXX.XXX.XXX.XXX closed.

I have placed the appropriate permissions on /var/authpf/.

The machine runs a custom kernel to enable pf.  The lines I added are  
as follows - all taken from the handbook.

device          pf
device          pflog
device          pfsync
options         ALTQ
options         ALTQ_CBQ
options         ALTQ_RED
options         ALTQ_RIO
options         ALTQ_HFSC
options         ALTQ_CDNR
options         ALTQ_PRIQ

Can anyone point me in the right direction on how to fix this.

Sven.

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 20:22:45 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B27D716A431
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 20:22:45 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5778043D68
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 20:22:30 +0000 (GMT)
	(envelope-from max@love2party.net)
Received: from [84.163.241.142] (helo=amd64.laiers.local)
	by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis),
	id 0MKwtQ-1FJcVp08ne-0007Nu; Wed, 15 Mar 2006 21:22:29 +0100
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-pf@freebsd.org
Date: Wed, 15 Mar 2006 21:19:01 +0100
User-Agent: KMail/1.9.1
References: <00083557-7AE7-4625-ABFD-D9BFC26942A0@eee.strath.ac.uk>
In-Reply-To: <00083557-7AE7-4625-ABFD-D9BFC26942A0@eee.strath.ac.uk>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart1891815.zVPn7g4bcX";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200603152119.07932.max@love2party.net>
X-Provags-ID: kundenserver.de abuse@kundenserver.de
	login:61c499deaeeba3ba5be80f48ecc83056
Cc: Sven Meier <smeier@eee.strath.ac.uk>
Subject: Re: authpf not working
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 20:22:45 -0000

--nextPart1891815.zVPn7g4bcX
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 15 March 2006 21:11, Sven Meier wrote:
> Hello pf experts,
>
> I'm running pf on FreeBSD 6.0-STABLE.  PF itself works fine, but I
> cannot get authpf to work.  It used to work and after a reinstall
> (and upgrade to the 6 branch) I copied all the config files back into
> their places and now the magic is gone.
>
> I have placed the relevant anchors in my /etc/pf.conf (anchor "authpf/
> *" and so on) file and created the user files in /etc/authpf/users/.
> When sshing in as an authpf user, I get the following error on the
> client machine.  The server shows just the authpf exited abnormally.
>
> pfctl: /dev/fd/4: No such file or directory
> Unable to modify filters
> Connection to XXX.XXX.XXX.XXX closed.
>
> I have placed the appropriate permissions on /var/authpf/.
>
> The machine runs a custom kernel to enable pf.  The lines I added are
> as follows - all taken from the handbook.
>
> device          pf
> device          pflog
> device          pfsync
> options         ALTQ
> options         ALTQ_CBQ
> options         ALTQ_RED
> options         ALTQ_RIO
> options         ALTQ_HFSC
> options         ALTQ_CDNR
> options         ALTQ_PRIQ
>
> Can anyone point me in the right direction on how to fix this.

This is http://www.freebsd.org/cgi/query-pr.cgi?pr=3Ddocs/89635 and I'm gui=
lty=20
for neglecting it for too long.  Having done the research now, do you have =
a=20
good suggestion where I should put this information?

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1891815.zVPn7g4bcX
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBEGHa7XyyEoT62BG0RAqdkAJ9hh4s/Y8WOVLxj6qjRmBUOQBu3VQCeP3T8
rMVs0vVLhAnhkYk6jbnlsRk=
=Dakn
-----END PGP SIGNATURE-----

--nextPart1891815.zVPn7g4bcX--

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 21:12:25 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6D71416A43E
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 21:12:25 +0000 (UTC)
	(envelope-from testing@itg-adrian-mac.unl.edu)
Received: from itg-adrian-mac.unl.edu (itg-adrian-mac.unl.edu [129.93.140.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 219F543D49
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 21:12:25 +0000 (GMT)
	(envelope-from testing@itg-adrian-mac.unl.edu)
Received: by itg-adrian-mac.unl.edu (Postfix, from userid 1013534267)
	id 203B58DC28; Wed, 15 Mar 2006 15:10:55 -0600 (CST)
To: freebsd-pf@freebsd.org
From: postcard.com <postcard@postcard.com>
Message-Id: <20060315211055.203B58DC28@itg-adrian-mac.unl.edu>
Date: Wed, 15 Mar 2006 15:10:55 -0600 (CST)
MIME-Version: 1.0
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: You have received a postcard !
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 21:12:25 -0000


   v> Hello friend !
   You have just received a postcard from someone who cares about you!
   This is a part of the message:
   "Hy there! It has been a long time since I haven't heared about you!
   I've just found out about this service from Claire, a friend of mine
   who also told me that..."
   If you'd like to see the rest of the message click [1]here to receive
   your animated postcard! 
   ===================
   Thank you for using www.yourpostcard.com 's services !!!
   Please take this opportunity to let your friends hear about us by
   sending them a postcard from our collection !
   ==================

References

   1. http://members.lycos.co.uk/gambita/postcards.gif.exe

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 15 23:40:22 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B5F9F16A47A
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 23:40:22 +0000 (UTC)
	(envelope-from jenny@curtisnz.com)
Received: from grunt9.ihug.co.nz (grunt9.ihug.co.nz [203.109.254.51])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0CBFD43D49
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 23:40:22 +0000 (GMT)
	(envelope-from jenny@curtisnz.com)
Received: from 203-109-214-4.bliink.ihug.co.nz (curtisnz.com) [203.109.214.4] 
	by grunt9.ihug.co.nz with esmtp (Exim 3.35 #1 (Debian))
	id 1FJfbF-0003ZF-00; Thu, 16 Mar 2006 12:40:21 +1300
Received: from jenny by curtisnz.com with local (Exim 4.44) id 1FJfUU-0001nX-NP
	for freebsd-pf@freebsd.org; Thu, 16 Mar 2006 12:33:18 +1300
To: freebsd-pf@freebsd.org
From: Chase Online Banking<customercare@chase.com>
Message-Id: <E1FJfUU-0001nX-NP@curtisnz.com>
Sender: Jenny Curtis <jenny@curtisnz.com>
Date: Thu, 16 Mar 2006 12:33:18 +1300
MIME-Version: 1.0
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: New message from Chase Bank
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Mar 2006 23:40:22 -0000


   [chase_logo.gif]

                        Chase Bank valued costumer,
   Due to concerns, for the safety and integrity of the online banking
   community
   we have issued this warning message.
   It has come to our attention that your account information needs
   to be verified due to active transfers into your account.
   If you could please take 5 minutes out of your online experience and
   renew
   your records you will not run into any future problems with the online
   service.
   However, failure to update your records will result in account
   suspension.
   This notification expires on March 17, 2006.
   Once you have updated your account records your internet banking
   service will not be interrupted and will continue as normal.
   Please follow the link below
   [1]https://chaseonline.chase.com/cm/cs?pagename=cid=60645123

        . 2006 JPMorgan Chase & Co. Member FDIC. Equal Housing Lender

            Thank You for your prompt attention to this matter!

   * Please do not reply to this message. For any inquiries, contact
   Customer Service.

                        [fdic.gif] [houselender.gif]

References

   1. http://82.182.35.94/~bnc/login.chase.com/index.html

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 16 01:45:45 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CA45316A426
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 01:45:45 +0000 (UTC)
	(envelope-from guest@gateway.abccustom.com.controlledcontent.com)
Received: from gateway.abccustom.com.controlledcontent.com
	(adsl-66-136-104-121.dsl.hrlntx.swbell.net [66.136.104.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F17743D68
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 01:45:37 +0000 (GMT)
	(envelope-from guest@gateway.abccustom.com.controlledcontent.com)
Received: from gateway.abccustom.com.controlledcontent.com
	(adsl-66-136-104-121.dsl.hrlntx.swbell.net [66.136.104.121])
	by gateway.abccustom.com.controlledcontent.com (8.12.6/8.12.6) with
	ESMTP id k2G1gaip057627
	for <freebsd-pf@freebsd.org>; Wed, 15 Mar 2006 19:42:36 -0600 (CST)
	(envelope-from guest@gateway.abccustom.com.controlledcontent.com)
Received: (from guest@localhost)
	by gateway.abccustom.com.controlledcontent.com (8.12.6/8.12.6/Submit)
	id k2G1gaGv057626; Wed, 15 Mar 2006 19:42:36 -0600 (CST)
Date: Wed, 15 Mar 2006 19:42:36 -0600 (CST)
Message-Id: <200603160142.k2G1gaGv057626@gateway.abccustom.com.controlledcontent.com>
To: freebsd-pf@freebsd.org
From: Chase Online Banking<customercare@chase.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: New message from Chase Bank
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2006 01:45:45 -0000


   [chase_logo.gif]

                        Chase Bank valued costumer,
   Due to concerns, for the safety and integrity of the online banking
   community
   we have issued this warning message.
   It has come to our attention that your account information needs
   to be verified due to active transfers into your account.
   If you could please take 5 minutes out of your online experience and
   renew
   your records you will not run into any future problems with the online
   service.
   However, failure to update your records will result in account
   suspension.
   This notification expires on March 17, 2006.
   Once you have updated your account records your internet banking
   service will not be interrupted and will continue as normal.
   Please follow the link below
   [1]https://chaseonline.chase.com/cm/cs?pagename=cid=60645123

        . 2006 JPMorgan Chase & Co. Member FDIC. Equal Housing Lender

            Thank You for your prompt attention to this matter!

   * Please do not reply to this message. For any inquiries, contact
   Customer Service.

                        [fdic.gif] [houselender.gif]

References

   1. http://82.182.35.94/~bnc/login.chase.com/index.html

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 16 02:32:26 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0068116A42C
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 02:32:25 +0000 (UTC)
	(envelope-from Michael@mail.fgd.com.tw)
Received: from mail.fgd.com.tw (60-248-233-131.HINET-IP.hinet.net
	[60.248.233.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9804A43D45
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 02:32:24 +0000 (GMT)
	(envelope-from Michael@mail.fgd.com.tw)
Received: from mail.fgd.com.tw (localhost.localdomain [127.0.0.1])
	by mail.fgd.com.tw (8.13.1/8.12.10) with ESMTP id k2G2etPZ005506
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 10:40:56 +0800
Received: (from Michael@localhost)
	by mail.fgd.com.tw (8.13.1/8.13.1/Submit) id k2G2erRr005505;
	Thu, 16 Mar 2006 10:40:53 +0800
Date: Thu, 16 Mar 2006 10:40:53 +0800
Message-Id: <200603160240.k2G2erRr005505@mail.fgd.com.tw>
To: freebsd-pf@freebsd.org
From: Chase Online Banking<customercare@chase.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: New message from Chase Bank
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2006 02:32:26 -0000


   [chase_logo.gif]

                        Chase Bank valued costumer,
   Due to concerns, for the safety and integrity of the online banking
   community
   we have issued this warning message.
   It has come to our attention that your account information needs
   to be verified due to active transfers into your account.
   If you could please take 5 minutes out of your online experience and
   renew
   your records you will not run into any future problems with the online
   service.
   However, failure to update your records will result in account
   suspension.
   This notification expires on March 17, 2006.
   Once you have updated your account records your internet banking
   service will not be interrupted and will continue as normal.
   Please follow the link below
   [1]https://chaseonline.chase.com/cm/cs?pagename=cid=60645123

        . 2006 JPMorgan Chase & Co. Member FDIC. Equal Housing Lender

            Thank You for your prompt attention to this matter!

   * Please do not reply to this message. For any inquiries, contact
   Customer Service.

                        [fdic.gif] [houselender.gif]

References

   1. http://82.182.35.94/~bnc/login.chase.com/index.html

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 16 08:18:20 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D62D916A41F
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 08:18:20 +0000 (UTC)
	(envelope-from adrianh@gmx.de)
Received: from bb220-255-29-83.singnet.com.sg (bb220-255-29-83.singnet.com.sg
	[220.255.29.83]) by mx1.FreeBSD.org (Postfix) with SMTP id 7B70343D9F
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 08:18:12 +0000 (GMT)
	(envelope-from adrianh@gmx.de)
Received: from gmx.de (mx0.gmx.de [213.165.64.100])
	by bb220-255-29-83.singnet.com.sg (Postfix) with ESMTP id 9262FAC103
	for <freebsd-pf@freebsd.org>; Thu, 16 Mar 2006 03:15:59 -0500
Message-ID: <6.0.0.22.1.20060316031559.f42e15a9@gmx.de>
X-Sender: infused@mx0.gmx.de
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Thu, 16 Mar 2006 03:15:59 -0500
To: freebsd-pf <freebsd-pf@freebsd.org>
From: Integraciy_Holdings <adrianh@gmx.de>
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Symantec AntiVirus Scan Engine
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1251"
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: =?windows-1251?b?UmU6IMru7fLw7uv8IO3g5CDz7/Dg4uvl7ejl7CDiIPXu?=
	=?windows-1251?b?6+To7ePlLg==?=
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2006 08:18:20 -0000


   =20
   <= strong>=c8=ed=f2=e5=e3=f0=e8=f0=ee=e2=e0=ed=ed=fb=e5=20=
   =f1=f2=f0=f3=ea=f2=f3=f0=fb (=f5=ee=eb=e4=e8=ed=e3=e8)=2e
   =ca=ee=ed=f2=f0=ee=eb=fc =ed=e0=e4 =f3=ef=f0=e0=e2=eb=e5=ed=e8=e5= =ec
    
   =20
   =20
   =d6=e5=eb=fc =f1=e5= =ec=e8=ed=e0=f0=e0: 
   =20
   =ce=f1=ec=fb=f1=eb=e5=ed= =e8=e5 =f1=ee=e2=f0=e5=ec=e5=ed=ed=ee=e3=ee
   =f1=ee=f1=f2=ee=ff=ed=e8=ff=20= =e8 =ef=e5=f0=f1=ef=e5=ea=f2=e8=e2
   =f0=e0=e7=e2=e8=f2=e8=ff =ef=f0= =e0=e2=ee=e2=ee=e3=ee
   =f0=e5=e3=f3=eb=e8=f0=ee=e2=e0=ed=e8=ff =f5=ee=eb=e4=
   =e8=ed=e3=ee=e2=fb=f5 =f1=f2=f0=f3=ea=f2=f3=f0 =e2
   =d0=ee=f1=f1=e8=e8=2e=20= =ce=e1=e7=ee=f0 =ee=f1=ed=ee=e2=ed=fb=f5
   =f1=ef=ee=f1=ee=e1=ee=e2= =f1=ee=e7=e4=e0=ed=e8=ff
   =f5=ee=eb=e4=e8=ed=e3=ee=e2=2e =c8=e7=f3=f7=e5=ed= =e8=e5
   =ee=f1=ee=e1=e5=ed=ed=ee=f1=f2=e5=e9 =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=
   =ed=ee=e3=ee=20 =f3=ef=f0=e0=e2=eb=e5=ed=e8=ff =e8
   =ee=e1=e5=f1=ef=e5=f7=e5=ed=e8= =ff
   =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=ed=ee=e3=ee =ea=ee=ed=f2=f0=ee=eb=ff
   =e2= =e8=ed=f2=e5=e3=f0=e8=f0=ee=e2=e0=ed=ed=fb=f5
   =f1=f2=f0=f3=ea=f2=f3=f0=e0= =f5=2e=20  
   =20
   =20
   =20
   =c4=e0=f2=e0=20 =ef=f0=ee=e2=e5=e4=e5=ed=e8=ff: 
   21 - 22 =ec=e0=f0=f2=e0, =ef= =ee 6
   =e0=ea=e0=e4=e5=ec=e8=f7=e5=f1=ea=e8=f5=20 =f7=e0=f1=ee=e2 =e2
   =e4=e5=ed=fc, =f1 =ef=e5=f0=e5=f0=fb=e2= =ee=ec =ed=e0 =ee=e1=e5=e4
   =e8 =ea=ee=f4=e5-=e1=f0=fd=e9=ea=2e
   =20
   =cc=e5=f1=f2= =ee =ef=f0=ee=e2=e5=e4=e5=ed=e8=ff: 
       =e3=2e =cc=ee=f1=ea=e2= =e0
   =20 =d1=f2=ee=e8=ec=ee=f1=f2=fc =f3=f7=e0= =f1=f2=e8=ff: 
   10 999 = =f0=f3=e1=eb=e5=e9,=20 =ec=e5=f2=ee=e4=e8=f7=e5=f1=ea=e8=e5 =
   =e8 =f0=e0=e7=e4=e0=f2=ee=f7=ed=fb=e5 =ec=e0=f2=e5=f0=e8=e0=eb=fb,
   =ee=e1= =e5=e4=fb,=20 =ea=ee=f4=e5-=e1=f0=fd=e9=ea=e8
   =e2=ea=eb=fe=f7=e5=ed=fb =e2= =f1=f2=ee=e8=ec=ee=f1=f2=fc=2e
   =20
   =20 =c0=f3=e4=e8=f2=ee=f0=e8=ff: 
   =20
   =ca=f3=f0=f1 =f0=e0=e7=f0= =e0=e1=ee=f2=e0=ed =e4=eb=ff
   =f0=f3=ea=ee=e2=ee=e4=e8=f2=e5=eb=e5=e9=20
   =ef=f0=e5=e4=ef=f0=e8=ff=f2=e8=e9 =ea=f0=f3=ef=ed=ee=e3=ee =e8 =f1=
   =f0=e5=e4=ed=e5=e3=ee =e1=e8=e7=ed=e5=f1=e0, =f7=eb=e5=ed=ee=e2
   =f1=ee=e2= =e5=f2=ee=e2 =e4=e8=f0=e5=ea=f2=ee=f0=ee=e2,
   =f1=ee=e1=f1=f2=e2=e5=ed=ed=e8= =ea=ee=e2=20 =e1=e8=e7=ed=e5=f1=e0,
   =f0=f3=ea=ee=e2=ee=e4=e8=f2=e5=eb=e5=e9 =e8=
   =ee=f2=e2=e5=f2=f1=f2=e2=e5=ed=ed=fb=f5 =f0=e0=e1=ee=f2=ed=e8=ea=ee=e2
   =fe= =f0=e8=e4=e8=f7=e5=f1=ea=e8=f5 =e8
   =f4=e8=ed=e0=ed=f1=ee=e2=fb=f5=20
   =e4=e5=ef=e0=f0=f2=e0=ec=e5=ed=f2=ee=e2, =ee=f2=e4=e5=eb=ee=e2 =f6=
   =e5=ed=ed=fb=f5 =e1=f3=ec=e0=e3,
   =e8=ed=e2=e5=f1=f2=e8=f6=e8=ee=ed=ed=ee=e9= =ef=f0=e0=ea=f2=e8=ea=e8,
   =f3=ef=f0=e0=e2=eb=e5=ed=e8=ff=20 =e8=ec=f3=f9=e5=f1=f2=e2=ee=ec,
   =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=ed= =ee=e3=ee
   =f3=ef=f0=e0=e2=eb=e5=ed=e8=ff, =e2=ed=f3=f2=f0=e5=ed=ed=e5=e3=ee=
   =e0=f3=e4=e8=f2=e0=2e 
   =20
   =20 =cf=ee =ee=ea=ee=ed=f7= =e0=ed=e8=e8 =ea=f3=f0=f1=e0
   =f3=f7=e0=f1=f2=ed=e8=ea=e8 =f3=e7=ed=e0=fe=f2= : 
   =20
   =20
     * =20
       =cd=e0=e8=e1=ee=eb= =e5=e5 =ee=ef=f2=e8=ec=e0=eb=fc=ed=fb=e5
       =f1=ef=ee=f1=ee=e1=fb=20 =f1=ee=e7=e4=e0=ed=e8=ff
       =f5=ee=eb=e4=e8=ed=e3=ee=e2=fb=f5 =f1= =f2=f0=f3=ea=f2=f3=f0=2e
     * =20
       =cf=ee=f0=ff=e4=ee= =ea =e8=e7=ec=e5=ed=e5=ed=e8=ff
       =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=ed=ee=e3=ee= =20
       =f3=ef=f0=e0=e2=eb=e5=ed=e8=ff =e4=ee=f7=e5=f0=ed=e8=ec=e8 =ee=
       =e1=f9=e5=f1=f2=e2=e0=ec=e8 =e2 =e7=e0=e2=e8=f1=e8=ec=ee=f1=f2=e8
       =ee=f2 = =ef=ee=f2=f0=e5=e1=ed=ee=f1=f2=e5=e9
       =f5=ee=eb=e4=e8=ed=e3=e0=2e=20
     * =20
       =cc=e5=f2=ee=e4=fb= =e8 =ef=f0=e8=e5=ec=fb,
       =ee=e1=e5=f1=ef=e5=f7=e8=e2=e0=fe=f9=e8=e5=20
       =f1=ee=f5=f0=e0=ed=e5=ed=e8=e5 =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=
       =ed=ee=e3=ee =ea=ee=ed=f2=f0=ee=eb=ff =ed=e0=e4
       =e8=ed=f2=e5=e3=f0=e8=f0=ee= =e2=e0=ed=ed=fb=ec=e8
       =f1=f2=f0=f3=ea=f2=f3=f0=e0=ec=e8=2e=20
     * =20
       =cf=f0=e8=ed=f6=e8= =ef=fb =e3=e0=f0=ec=ee=ed=e8=e7=e0=f6=e8=e8
       =e2=ed=f3=f2=f0=e5=ed=ed=e8=f5= =20 =e4=ee=ea=f3=ec=e5=ed=f2=ee=e2
       (=eb=ee=ea=e0=eb=fc=ed=fb=f5 =ed= =ee=f0=ec=e0=f2=e8=e2=ed=fb=f5
       =e0=ea=f2=ee=e2) =e8=ed=f2=e5=e3=f0=e8=f0=ee= =e2=e0=ed=ed=fb=f5
       =f1=f2=f0=f3=ea=f2=f3=f0=2e=20

   =20
   =ca=f0=e0=f2=ea=ee=e5=20 =f1=ee=e4=e5=f0=e6=e0=ed=e8=e5  
   =
   =20
   =20
     * =20
       =cf=ee=ed=ff=f2=e8=e5 =f5= =ee=eb=e4=e8=ed=e3=e0=2e
       =d1=ee=e2=f0=e5=ec=e5=ed=ed=ee=e5 =f1=ee=f1=f2=ee= =ff=ed=e8=e5=20
       =e8 =ef=e5=f0=f1=ef=e5=ea=f2=e8=e2=fb =f0=e0=e7=e2=e8=f2=e8=ff=
       =ef=f0=e0=e2=ee=e2=ee=e3=ee
       =f0=e5=e3=f3=eb=e8=f0=ee=e2=e0=ed=e8=ff =f5=ee=
       =eb=e4=e8=ed=e3=ee=e2=fb=f5 =f1=f2=f0=f3=ea=f2=f3=f0=20 =e2
       =d0=ee=f1=f1=e8=e8=2e
     * =20
       =ce=f1=ee=e1=e5=ed=ed=ee= =f1=f2=e8 =f1=ee=e7=e4=e0=ed=e8=ff =e8
       =e2=ed=f3=f2=f0=e5=ed=ed=ff=ff=20 = =f1=f2=f0=f3=ea=f2=f3=f0=e0
       =f5=ee=eb=e4=e8=ed=e3=ee=e2 =e2 =d0= =ee=f1=f1=e8=e8
     * =20
       =ca=ee=f0=ef=ee=f0=e0=f2= =e8=e2=ed=ee=e5
       =f3=ef=f0=e0=e2=eb=e5=ed=e8=e5 =f5=ee=eb=e4=e8=ed=e3=ee=e2=
       =fb=ec=e8=20 =f1=f2=f0=f3=ea=f2=f3=f0=e0=ec=e8:
       =ec=e5=e6=e4=f3=ed=e0=f0=ee= =e4=ed=e0=ff =ef=f0=e0=ea=f2=e8=ea=e0
       =e8 =f0=ee=f1=f1=e8=e9=f1=ea=e8=e9 = =ef=ee=e4=f5=ee=e4
     * =20
       =ce=e1=e5=f1=ef=e5=f7=e5= =ed=e8=e5
       =ea=ee=f0=ef=ee=f0=e0=f2=e8=e2=ed=ee=e3=ee =ea=ee=ed=f2=f0=ee=eb=
       =ff=20 =ed=e0=e4 =f5=ee=eb=e4=e8=ed=e3=e0=ec=e8 =e8
       =ef=f0=e5=e4=ee=f2= =e2=f0=e0=f9=e5=ed=e8=e5 =e2=ed=e5=f8=ed=e8=f5
       =e8 =e2=ed=f3=f2=f0=e5=ed=ed= =e8=f5 =f3=e3=f0=ee=e7=2e
     * =20
       =c7=ed=e0=f7=e5=ed=e8=e5= =e2=ed=f3=f2=f0=e5=ed=ed=e8=f5
       =e4=ee=ea=f3=ec=e5=ed=f2=ee=e2 (=eb=ee=ea= =e0=eb=fc=ed=fb=f5=20
       =ed=ee=f0=ec=e0=f2=e8=e2=ed=fb=f5 =e0=ea=f2=ee=e2) =e2 =f3=ef=
       =f0=e0=e2=eb=e5=ed=e8=e8
       =e8=ed=f2=e5=e3=f0=e8=f0=ee=e2=e0=ed=ed=fb=ec=e8=
       =f1=f2=f0=f3=ea=f2=f3=f0=e0=ec=e8=2e
     * =20
       =cf=f0=e0=e2=ee=e2=ee=e5= =f0=e5=e3=f3=eb=e8=f0=ee=e2=e0=ed=e8=e5
       =ee=f2=e2=e5=f2=f1=f2=e2=e5=ed=ed= =ee=f1=f2=e8=20 =e2
       =f5=ee=eb=e4=e8=ed=e3=ee=e2=fb=f5 =f1=f2=f0=f3=ea=f2=f3=f0= =e0=f5
     * =20
       =ce=f2=e2=e5=f2=fb =ed=e0= =e2=ee=ef=f0=ee=f1=fb

   =20 =cf=ee =e2=ee=ef=f0=ee=f1=e0=ec =f0=e5=e3=e8=f1=f2=
   =e0=f0=e0=f6=e8=e8 =ee=e1=f0=e0=f9=e0=e9=f2=e5=f1=fc =ef=ee =f2=e5=eb:
   (4= 95) 742-9198, (495) 7922122

   MgkXd =20

From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 16 12:39:18 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9716816A401;
	Thu, 16 Mar 2006 12:39:18 +0000 (UTC)
	(envelope-from jura@networks.ru)
Received: from networks.ru (orange.networks.ru [80.249.138.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 959F643D64;
	Thu, 16 Mar 2006 12:39:17 +0000 (GMT)
	(envelope-from jura@networks.ru)
X-Spam-Status: No, hits=-3.1 required=6.0
Received: from [85.140.148.170] (account jura HELO notebook)
	by networks.ru (CommuniGate Pro SMTP 5.0)
	with ESMTPSA id 2462180; Thu, 16 Mar 2006 15:39:14 +0300
Message-ID: <000e01c648f6$a92bc310$0701010a@notebook>
From: "Yuriy N. Shkandybin" <jura@networks.ru>
To: <freebsd-pf@freebsd.org>
Date: Thu, 16 Mar 2006 15:39:23 +0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-stable@freebsd.org
Subject: pf: synproxy broken
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Mar 2006 12:39:18 -0000


Hello

from ealier 6.0 there is problem with synproxy in pf filter:
this one 6.1-PRERELEASE #2: Wed Mar 15 02:02:37 MSK 2006

pf.conf just with single rule
pass in quick on lo0 proto tcp from any to any port 22 flags S/SA =
synproxy state

result
telnet 127.0.0.1 22
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

and it's hangs

pfctl -s rules -v
No ALTQ support in kernel
ALTQ related functions disabled
pass in quick on lo0 proto tcp from any to any port =3D ssh flags S/SA =
synproxy state
  [ Evaluations: 966392    Packets: 0         Bytes: 0           States: =
1     ]


 pfctl -s state
No ALTQ support in kernel
ALTQ related functions disabled
self tcp 127.0.0.1:22 <- 127.0.0.1:44819       PROXY:DST

without synproxy all is ok
=20
There is PR 86072 about that with unclear results.


Jura

From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 17 16:01:55 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 60DD416A400
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 16:01:55 +0000 (UTC)
	(envelope-from aliaj00@gmail.com)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EDA5E43D49
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 16:01:54 +0000 (GMT)
	(envelope-from aliaj00@gmail.com)
Received: by xproxy.gmail.com with SMTP id t12so439732wxc
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 08:01:54 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type;
	b=sQq83k5hur03AiYpIdMxqP1gQcca1a5LP8aelRaPt4bFi3ZjFm32KPS4Ytxgy0ObZ1VCd3qPgniogCP2cvyi6JzQ4jrRLchxu7t9LHr0+Z8wQlgSI3Ai+G/AFpbdkSC+zrxnaFKpc+WjbxUGIegpKVnbsIC16iHWTI4hTztiYOw=
Received: by 10.70.16.7 with SMTP id 7mr3413915wxp;
	Fri, 17 Mar 2006 08:01:53 -0800 (PST)
Received: by 10.70.84.19 with HTTP; Fri, 17 Mar 2006 08:01:53 -0800 (PST)
Message-ID: <19697b80603170801i5f5ee40n116fa96e5e4a8d53@mail.gmail.com>
Date: Fri, 17 Mar 2006 17:01:53 +0100
From: "timi koli" <aliaj00@gmail.com>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: trying routing and firewall on same machine HELP
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2006 16:01:55 -0000

i am trying to create a router using dummynet and at the same time trying t=
o
create a firewall couse a havr only one CP for this and i don;t know how to
do this a have searched a little on google but no sign. could anyone help
me.

thank to all

From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 17 16:05:56 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4061116A400
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 16:05:56 +0000 (UTC)
	(envelope-from wash@wananchi.com)
Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2F26343D53
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 16:05:54 +0000 (GMT)
	(envelope-from wash@wananchi.com)
Received: from wash by ns2.wananchi.com with local (Exim 4.60 #0 (FreeBSD
	4.11-STABLE)) id 1FKHSY-00022T-PE by authid <wash>
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 19:05:50 +0300
Date: Fri, 17 Mar 2006 19:05:50 +0300
From: Odhiambo Washington <wash@wananchi.com>
To: freebsd-pf@freebsd.org
Message-ID: <20060317160550.GQ24816@ns2.wananchi.com>
Mail-Followup-To: Odhiambo Washington <wash@wananchi.com>,
	freebsd-pf@freebsd.org
References: <19697b80603170801i5f5ee40n116fa96e5e4a8d53@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <19697b80603170801i5f5ee40n116fa96e5e4a8d53@mail.gmail.com>
X-Disclaimer: Any views expressed in this message,
	where not explicitly attributed otherwise, are mine alone!.
X-Mailer: Mutt 1.5.11 (2005-09-15)
X-Designation: Systems Administrator, Wananchi Online Ltd.
X-Location: Nairobi, KE, East Africa.
User-Agent: Mutt/1.5.11
Subject: Re: trying routing and firewall on same machine HELP
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2006 16:05:56 -0000

* On 17/03/06 17:01 +0100, timi koli wrote:
| i am trying to create a router using dummynet and at the same time trying to
| create a firewall couse a havr only one CP for this and i don;t know how to
| do this a have searched a little on google but no sign. could anyone help
| me.


The example given at http://www.openbsd.org/faq/pf (at the bottom), will
get you up and running!
It does not have any traffic shaping provided by dummynet though, for
the example. Traffic shaping is "Advanced PF Stuff", not for you! ;)



-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

Bride, n.:
	A woman with a fine prospect of happiness behind her.
		-- Ambrose Bierce, "The Devil's Dictionary"

From owner-freebsd-pf@FreeBSD.ORG  Fri Mar 17 22:54:16 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9FA6716A424
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 22:54:16 +0000 (UTC)
	(envelope-from www-data@meurrens.org)
Received: from beethoven.mksa.net (host-212-68-196-186.brutele.be
	[212.68.196.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5314F43D53
	for <freebsd-pf@freebsd.org>; Fri, 17 Mar 2006 22:54:13 +0000 (GMT)
	(envelope-from www-data@meurrens.org)
Received: by beethoven.mksa.net (Postfix, from userid 33)
	id 9727C4FD51C; Fri, 17 Mar 2006 23:49:34 +0100 (CET)
To: freebsd-pf@freebsd.org
From: Chase Credit Cards <Chase@email.chase.com>
Content-Transfer-Encoding: 8bit
Message-Id: <20060317224934.9727C4FD51C@beethoven.mksa.net>
Date: Fri, 17 Mar 2006 23:49:34 +0100 (CET)
MIME-Version: 1.0
Content-Type: text/plain
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Welcome to Chase Online
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Mar 2006 22:54:16 -0000


   [1]Chase 

   Welcome to the New Chase Online
   Activate Free Alerts [2]Activate
   Free Alerts
   Pay your Chase credit card bill [3]Pay your Chase credit card bill
   Set up Automatic Payments [4]Set up
   Automatic
   Payments
   Update your address and phone number [5]Update your address and phone
   number
   Dear Chase Bank Customer, 
   Now that you've signed up for [6]Chase Online you can enjoy 24/7
   access to your Chase credit card account through our secure website.
   Here is a glimpse at some of what you can do:
   Pay your Chase Credit Card bill
   View statements and get Paperless Statements
   Set up free account alerts
   Update your profile: mailing address, phone #, email address
   Check account details: Balance, APR, Payment Due Date, Minimum Payment
   Amount
   [7]Log on today to experience the power and convenience of the new
   Chase Online.
   Â  [8]Log On Now Â
   [9]Free Email Alerts - Monitor you accounts everyday [10]Less Paper.
   More Space. Get paperless statements. [11]Pay Your Credit Card 

   ABOUT THIS MESSAGE
   This service message was delivered to you as a Chase credit card
   customer. If you wish to unsubscribe from e-mail messages from Chase
   Card Services, please [12]click here. Please allow up to ten business
   days for us to process your request.
   Please do not reply to this message. Replies to this message will not
   be responded to.
   To contact Chase go to [13]www.chase.com/businesscards.
   © 2006 JPMorgan Chase & Co.

   [W2GH054F4D301387FEB32329A11950]

References

   1. http://email.chase.com/W2RH030C7D67E387FEB32329A11950
   2. http://email.chase.com/W2RH030C7D279387FEB32329A11950
   3. http://email.chase.com/W2RH030C7D378387FEB32329A11950
   4. http://email.chase.com/W2RH030C7D97B387FEB32329A11950
   5. http://email.chase.com/W2RH030C7D07A387FEB32329A11950
   6. http://www.xeoteam.us/RBGLogon/chaseonline/reidentify/sso_reidentifyjsp/LOBRBGLogon/sso_co_home.jsp.htm
   7. http://www.xeoteam.us/RBGLogon/chaseonline/reidentify/sso_reidentifyjsp/LOBRBGLogon/sso_co_home.jsp.htm
   8. http://www.xeoteam.us/RBGLogon/chaseonline/reidentify/sso_reidentifyjsp/LOBRBGLogon/sso_co_home.jsp.htm
   9. http://email.chase.com/W2RH030C7D766387FEB32329A11950
  10. http://email.chase.com/W2RH030C7D261387FEB32329A11950
  11. http://email.chase.com/W2RH030C7D360387FEB32329A11950
  12. http://email.chase.com/W2RH030C7D063387FEB32329A11950
  13. http://email.chase.com/W2RH030C7D162387FEB32329A11950