From owner-freebsd-pf@FreeBSD.ORG Sun Nov 23 13:09:30 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 01B47E1A for ; Sun, 23 Nov 2014 13:09:30 +0000 (UTC) Received: from mail.kulturflatrate.net (mail.kulturflatrate.net [46.163.119.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 883E929F for ; Sun, 23 Nov 2014 13:09:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.kulturflatrate.net (Postfix) with ESMTP id BE9CFF5AC0E2; Sun, 23 Nov 2014 14:09:20 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at kulturflatrate.net X-Spam-Flag: NO X-Spam-Score: -1.414 X-Spam-Level: X-Spam-Status: No, score=-1.414 required=6.31 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, FAKE_REPLY_C=1.486] autolearn=ham Received: from mail.kulturflatrate.net ([127.0.0.1]) by localhost (mail.kulturflatrate.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClSliMI77WVu; Sun, 23 Nov 2014 14:09:19 +0100 (CET) Received: from len-x61s.klaas (15.210.broadband18.iol.cz [109.81.210.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kulturflatrate.net (Postfix) with ESMTPSA id 32CCCF5AC0DA; Sun, 23 Nov 2014 14:09:19 +0100 (CET) Received: by len-x61s.klaas (Postfix, from userid 1000) id 410DAE608B; Sun, 23 Nov 2014 14:10:24 +0100 (CET) Date: Sun, 23 Nov 2014 14:10:24 +0100 From: Niklaas Baudet von Gersdorff To: Robin Geuze , "freebsd-pf@freebsd.org" Subject: Re: Configuring PF with Jails only having IPv6 Message-ID: <20141123131024.GC2833@len-x61s.klaas> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <54709CEE.2090800@bluerosetech.com> X-PGP-Key: http://www.kulturflatrate.net/niklaas/niklaas-baudet-von-gersdorff.asc User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2014 13:09:30 -0000 Robin Geuze [2014-11-22 12:55 +0000] : > IPv6 uses icmp6 to trqnsmit ndp packets. Ndp is basically the ipv6 > version of arp. Based on your packet dump it seems your server is > trying to figure out the mac address for the router for ipv6 but is > disallowed by your pf rules. "pass in quick icmp6 from any to any" and > "pass out quick icmp6 from any to any" should fix your problem. Thank you for the explanation. Darren Pilgrim [2014-11-22 06:25 -0800] : > Or just "pass quick icmp6 from any to any". Yes what I finally use is pass quick proto icmp6 all which should be the same. > You should limit the types, though. See RFC 4890. In short, allow > types 1, 2, 3, 4, 128, 129, 135, and 136 universally. If you use > router advertisements, add types 133 and 134. OK, thank you very much. I'll update above line to only allow passing these. After applying this I could connect to the jail without any problem. So, thank you very much. Nonetheless there was no outbound connection from the jail possible. Luckily, I just solved this. It was the following entry that caused problems: pass out on $ext_if proto tcp all modulate state Because it looks like that it's not possible to use modulate state with IPv6, as shortly stated here: https://forums.freebsd.org/threads/9-1-and-outgoing-tcp6-operation-timed-out.36595/#post-202506 Thanks again and best, -- Niklaas Baudet von Gersdorff niklaas@kulturflatrate.net http://www.twitter.com/NBvGersdorff http://www.kulturflatrate.net/niklaas From owner-freebsd-pf@FreeBSD.ORG Sun Nov 23 13:29:59 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5F1302C0 for ; Sun, 23 Nov 2014 13:29:59 +0000 (UTC) Received: from mail.kulturflatrate.net (mail.kulturflatrate.net [46.163.119.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 16EB9679 for ; Sun, 23 Nov 2014 13:29:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.kulturflatrate.net (Postfix) with ESMTP id 0142AF5AC0E2; Sun, 23 Nov 2014 14:29:57 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at kulturflatrate.net X-Spam-Flag: NO X-Spam-Score: -2.9 X-Spam-Level: X-Spam-Status: No, score=-2.9 required=6.31 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9] autolearn=ham Received: from mail.kulturflatrate.net ([127.0.0.1]) by localhost (mail.kulturflatrate.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Avhtw66sPDJb; Sun, 23 Nov 2014 14:29:56 +0100 (CET) Received: from len-x61s.klaas (15.210.broadband18.iol.cz [109.81.210.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kulturflatrate.net (Postfix) with ESMTPSA id EE512F5AC0DA; Sun, 23 Nov 2014 14:29:55 +0100 (CET) Received: by len-x61s.klaas (Postfix, from userid 1000) id 073FEE059F; Sun, 23 Nov 2014 14:31:01 +0100 (CET) Date: Sun, 23 Nov 2014 14:31:01 +0100 From: Niklaas Baudet von Gersdorff To: Robin Geuze , "freebsd-pf@freebsd.org" Subject: Re: Configuring PF with Jails only having IPv6 Message-ID: <20141123133100.GE2833@len-x61s.klaas> References: <54709CEE.2090800@bluerosetech.com> <20141123131024.GC2833@len-x61s.klaas> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20141123131024.GC2833@len-x61s.klaas> X-PGP-Key: http://www.kulturflatrate.net/niklaas/niklaas-baudet-von-gersdorff.asc User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2014 13:29:59 -0000 Niklaas Baudet von Gersdorff [2014-11-23 14:10 +0100] : > After applying this I could connect to the jail without any problem. So, > thank you very much. Nonetheless there was no outbound connection from > the jail possible. Luckily, I just solved this. It was the following > entry that caused problems: > > pass out on $ext_if proto tcp all modulate state > > Because it looks like that it's not possible to use modulate state with > IPv6, as shortly stated here: > > https://forums.freebsd.org/threads/9-1-and-outgoing-tcp6-operation-timed-out.36595/#post-202506 Just to give you an update about this. My solution is now pass out on $ext_if inet proto tcp all modulate state pass out on $ext_if inet6 proto tcp all keep state which does modulate state for IPv4 traffic and keep state for IPv6. In case this might be helpful for someone in future. -- Niklaas Baudet von Gersdorff niklaas@kulturflatrate.net http://www.twitter.com/NBvGersdorff http://www.kulturflatrate.net/niklaas From owner-freebsd-pf@FreeBSD.ORG Mon Nov 24 08:00:15 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A4A58298 for ; Mon, 24 Nov 2014 08:00:15 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8F324B6C for ; Mon, 24 Nov 2014 08:00:15 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id sAO80Fr4018694 for ; Mon, 24 Nov 2014 08:00:15 GMT (envelope-from bugzilla-noreply@freebsd.org) Message-Id: <201411240800.sAO80Fr4018694@kenobi.freebsd.org> From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [FreeBSD Bugzilla] Commit Needs MFC MIME-Version: 1.0 X-Bugzilla-Type: whine X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated Date: Mon, 24 Nov 2014 08:00:15 +0000 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Nov 2014 08:00:15 -0000 Hi, You have a bug in the "Needs MFC" state which has not been touched in 7 or more days. This email serves as a reminder that you may want to MFC this bug or marked it as completed. In the event you have a longer MFC timeout you may update this bug with a comment and I won't remind you again for 7 days. This reminder is only sent on Mondays. Please file a bug about concerns you may have. This search was scheduled by eadler@FreeBSD.org. (57 bugs) Bug 191916: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191916 Severity: Affects Only Me Priority: --- Hardware: i386 Assignee: freebsd-pf@FreeBSD.org Status: New Resolution: Summary: pflogd(8) eats cpu and hangs with net.bpf.zerocopy_enable=0 Bug 82271: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=82271 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] cbq scheduler cause bad latency Bug 86635: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86635 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [patch] pfctl(8): allow new page character (^L) in pf.conf Bug 86752: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=86752 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf does not use default timeouts when reloading config file Bug 87074: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=87074 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf does not log dropped packets when max-* stateful tracking options watermark are reached Bug 92949: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=92949 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] PF + ALTQ problems with latency Bug 93530: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=93530 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Incorrect checksums when using pf's route-to on sparc64 Bug 93825: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=93825 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf reply-to doesn't work Bug 103283: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=103283 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: pfsync fails to sucessfully transfer some sessions Bug 114567: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=114567 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [lor] pf_ioctl.c + if.c Bug 118355: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=118355 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] pfctl(8) help message options order false -t must before -T Bug 120057: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=120057 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] Allow proper settings of ALTQ_HFSC. The check i wrong since even with the values forbidden from this check you get a concave curve. Bug 120281: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=120281 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [request] lost returning packets to PF for a rdr rule Bug 122014: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122014 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [panic] FreeBSD 6.2 panic in pf Bug 122773: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=122773 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf doesn't log uid or pid when configured to Bug 124933: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=124933 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [ip6] pf does not support (drops) IPv6 fragmented packets Bug 125467: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=125467 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf keep state bug while handling sessions between vlan trunk Bug 127042: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127042 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] pf recursion panic if interface group is the same as the new interface name Bug 127121: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127121 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] pf incorrect log priority Bug 127814: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=127814 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] The flush in pf_reload in /etc/rc.d/pf does not work as intended Bug 130381: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=130381 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [rc.d] [pf] [ip6] ipv6 not fully configured when pf startup script is run Bug 133732: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=133732 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] max-src-conn issue Bug 134996: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=134996 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Anchor tables not included when pfctl(8) is run with -o Bug 135948: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=135948 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [gre] pf not natting gre protocol Bug 136781: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=136781 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Packets appear to drop with pf scrub and if_bridge Bug 137982: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=137982 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] when pf can hit state limits, random IP failures and no debugging info is provided Bug 140697: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=140697 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf behaviour changes - must be documented Bug 141905: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=141905 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [panic] pf kernel panic on 7.2-RELEASE with empty pf.conf Bug 142961: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=142961 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] No way to adjust pidfile in pflogd Bug 143504: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=143504 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [patch] outgoing states are not killed by authpf(8) Bug 143543: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=143543 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [panic] PF route-to causes kernel panic Bug 147789: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=147789 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Firewall PF no longer drops connections by sending TCP RST packets Bug 148260: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148260 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] pf rdr incompatible with dummynet Bug 148290: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=148290 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] "sticky-address" option of Packet Filter (PF) blocks connection Bug 153307: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=153307 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Bug with PF firewall Bug 155736: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=155736 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [altq] borrow from parent queue does not work with cbq Bug 160370: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160370 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] Incorrect pfctl check of pf.conf Bug 163208: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=163208 Severity: Affects Some People Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] PF state key linking mismatch Bug 164271: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=164271 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] not working pf nat on FreeBSD 9.0 [regression] Bug 164402: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=164402 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf crashes with a particular set of rules when first matching packet arrives Bug 165315: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165315 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] States never cleared in PF with DEVICE_POLLING Bug 166336: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=166336 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] kern.securelevel 3 +pf reload Bug 168190: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168190 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] panic when using pf and route-to (maybe: bad fragment handling?) Bug 168952: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=168952 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] direction scrub rules don't work Bug 169620: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169620 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [ng] [pf] ng_l2tp incoming packet bypass pf firewall Bug 169630: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=169630 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] pf fragment reassembly of padded (undersized) fragments Bug 171733: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=171733 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] PF problem with modulate state in [regression] Bug 172888: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=172888 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [patch] authpf(8) feature enhancement Bug 176268: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176268 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] synproxy not working with route-to Bug 177810: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=177810 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] traffic dropped by accepting rules is not counted Bug 182819: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182819 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: pfctl(8) interprets "# .... \" as multi-line comment Bug 183198: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=183198 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf tables not loaded if only used inside anchor Bug 185617: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185617 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: pfctl(8): 10.0-RC1, armv6: "pfctl -s state" crashes on BeagleBone Black due to unaligned access Bug 187566: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=187566 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] incoming ng_l2tp/ipsec packet bypass PF firewall Bug 188188: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188188 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [panic] pfsync0 mtu 9000 results in 10-STABLE reboot Bug 188511: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188511 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] [patch] divert-reply implementation for pf Bug 189060: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=189060 Severity: Affects Only Me Priority: Normal Hardware: Any Assignee: freebsd-pf@FreeBSD.org Status: In Progress Resolution: Summary: [pf] pf + altq doesn't work on octe (Edgerouter Lite) [regression] From owner-freebsd-pf@FreeBSD.ORG Thu Nov 27 10:34:25 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B5737181 for ; Thu, 27 Nov 2014 10:34:25 +0000 (UTC) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 8FE0AD66 for ; Thu, 27 Nov 2014 10:34:25 +0000 (UTC) Received: from [10.0.1.2] (static-71-177-216-148.lsanca.fios.verizon.net [71.177.216.148]) (authenticated bits=0) by zoom.lafn.org (8.14.7/8.14.7) with ESMTP id sARA9tKl031943 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 27 Nov 2014 02:09:56 -0800 (PST) (envelope-from bc979@lafn.org) From: Doug Hardie Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Swap Issue Message-Id: <4009E30B-FC0C-4BE0-A318-CD2ED5E28281@lafn.org> Date: Thu, 27 Nov 2014 02:09:55 -0800 To: "freebsd-pf@freebsd.org" Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) X-Mailer: Apple Mail (2.1993) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 10:34:25 -0000 I have a most interesting situation that just manifested itself this = morning in a way I could begin to diagnose. The system runs 8.2-P3 and = has no users, just one process that runs 24x7. Its been running since = 8.2 was first released. Every now and then the process becomes = non-responsive. Today it managed to spit out an error that the system = had run out of swap space before it hung. This is quite interesting in that there are 5.5GB of free memory. The = only time that changes is at 3 am when the various periodic processes = run. However, I don=E2=80=99t suspect those as I have numerous other = systems that have considerably less memory and higher usage that do not = experience this issue. I have increased the swap space to prevent this = issue, but something must be going bonkers to cause the swap space to = get used. Usually there are only 15MB used. Every time the system = notifies me that it has the problem, by the time I can look at it, swap = is back to normal. I have never been able to catch the system with more = than 15 MB used. Is there any way after the fact to figure out what was = using the swap? I suspect not, but thought I=E2=80=99d ask just in case = I have overlooked something. From owner-freebsd-pf@FreeBSD.ORG Thu Nov 27 13:42:18 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7C7F8E2C for ; Thu, 27 Nov 2014 13:42:18 +0000 (UTC) Received: from mail1.arrishq.net (static.215.103.63.178.clients.your-server.de [178.63.103.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 390F0690 for ; Thu, 27 Nov 2014 13:42:17 +0000 (UTC) Received: from mail.arrishq.net (mail.arrishq.net [127.0.0.1]) (Authenticated sender: local) by mail1.arrishq.net (qmail) with ESMTPSA id ED963CB ; Thu, 27 Nov 2014 14:33:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=arrishq.net; s=default; t=1417095212; bh=kj9FMZqhO2FHYo4PRYPC/5dInrD0sKIF9HJIyT+FuXY=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=iV5GQBbtYUpNcBaTC6xlNnbRxTEdT8Hyw03c8uRtCvTD1VxIO9dGj91+yoM0H/64C pg1Mot1JCcEClvrwIChiGO/JTAOSXw5uTDafCCw6LdcAWwKwadb9m4rT+xyOC7heHi FopifUusfK8wLmOYkXd0227P6L2uCY+NYBxTNWjE= Date: Thu, 27 Nov 2014 14:33:40 +0100 (CET) From: Tommy Scheunemann To: Doug Hardie Subject: Re: Swap Issue In-Reply-To: <4009E30B-FC0C-4BE0-A318-CD2ED5E28281@lafn.org> Message-ID: References: <4009E30B-FC0C-4BE0-A318-CD2ED5E28281@lafn.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 13:42:18 -0000 Hi, was running into a similar issue after an upgrade from 9.1-RELEASE to 10.0 and the system was swapping out for no obvious reason (enough free memory, same software installed etc.). Maybe using Monit or a similar monitoring tool helps here - I used Monit. Basically let it keep an eye (or two) on swap usage and once the system freaks out swapping dumping the process table. A monit job like: check system knockmobile if swap usage > 10% then exec "/some/thing/some/where/dump_processes.sh" should help to find what the problem might be. Additionally SNMP and graphing in Cricket / Cacti might help to collect the number of processes and general memory usage to see if the system has some strange load problems. Kind regards On Thu, 27 Nov 2014, Doug Hardie wrote: > I have a most interesting situation that just manifested itself this morning in a way I could begin to diagnose. The system runs 8.2-P3 and has no users, just one process that runs 24x7. Its been running since 8.2 was first released. Every now and then the process becomes non-responsive. Today it managed to spit out an error that the system had run out of swap space before it hung. > > This is quite interesting in that there are 5.5GB of free memory. The only time that changes is at 3 am when the various periodic processes run. However, I don’t suspect those as I have numerous other systems that have considerably less memory and higher usage that do not experience this issue. I have increased the swap space to prevent this issue, but something must be going bonkers to cause the swap space to get used. Usually there are only 15MB used. Every time the system notifies me that it has the problem, by the time I can look at it, swap is back to normal. I have never been able to catch the system with more than 15 MB used. Is there any way after the fact to figure out what was using the swap? I suspect not, but thought I’d ask just in case I have overlooked something. > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Thu Nov 27 17:27:58 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9DD7EA4B for ; Thu, 27 Nov 2014 17:27:58 +0000 (UTC) Received: from nschwmtas02p.mx.bigpond.com (nschwmtas02p.mx.bigpond.com [61.9.189.140]) by mx1.freebsd.org (Postfix) with ESMTP id 32353124 for ; Thu, 27 Nov 2014 17:27:57 +0000 (UTC) Received: from nschwcmgw08p ([61.9.190.168]) by nschwmtas02p.mx.bigpond.com with ESMTP id <20141127172755.VXPB12338.nschwmtas02p.mx.bigpond.com@nschwcmgw08p> for ; Thu, 27 Nov 2014 17:27:55 +0000 Received: from aneurin.horsfall.org ([120.146.8.15]) by nschwcmgw08p with BigPond Outbound id LhTv1p0080KTh7401hTvrM; Thu, 27 Nov 2014 17:27:55 +0000 X-Authority-Analysis: v=2.0 cv=F6HVh9dN c=1 sm=1 a=4q38a75ucWZEoAuqF1Taiw==:17 a=IPki1kwjZaUA:10 a=wPDyFdB5xvgA:10 a=kj9zAlcOel0A:10 a=jl1WCCbAAAAA:8 a=5y4faFyK3SkA:10 a=00OBBqWnAXfLZL6noDsA:9 a=CjuIK1q_8ugA:10 a=KFK8I1LBBy0A:10 a=oRGrlLRogwYA:10 a=4Dp4XwPd5EMA:10 a=qy9QOXgOBccA:10 a=4q38a75ucWZEoAuqF1Taiw==:117 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.9/8.14.9) with ESMTP id sARHRrjl095231 for ; Fri, 28 Nov 2014 04:27:55 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.9/8.14.9/Submit) with ESMTP id sARHRqbM095228 for ; Fri, 28 Nov 2014 04:27:53 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Fri, 28 Nov 2014 04:27:52 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Re: Swap Issue In-Reply-To: Message-ID: References: <4009E30B-FC0C-4BE0-A318-CD2ED5E28281@lafn.org> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 17:27:58 -0000 I'm having difficulty in understanding just what this has to do with PF... Or is every FreeBSD list getting spammed? -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) From owner-freebsd-pf@FreeBSD.ORG Thu Nov 27 19:27:33 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6BC0F535 for ; Thu, 27 Nov 2014 19:27:33 +0000 (UTC) Received: from nschwmtas03p.mx.bigpond.com (nschwmtas03p.mx.bigpond.com [61.9.189.143]) by mx1.freebsd.org (Postfix) with ESMTP id F26BB178 for ; Thu, 27 Nov 2014 19:27:32 +0000 (UTC) Received: from nschwcmgw07p ([61.9.190.167]) by nschwmtas03p.mx.bigpond.com with ESMTP id <20141127192731.RWWK23397.nschwmtas03p.mx.bigpond.com@nschwcmgw07p> for ; Thu, 27 Nov 2014 19:27:31 +0000 Received: from aneurin.horsfall.org ([120.146.8.15]) by nschwcmgw07p with BigPond Outbound id LjTX1p0080KTh7401jTXrU; Thu, 27 Nov 2014 19:27:31 +0000 X-Authority-Analysis: v=2.0 cv=Os7NOlDt c=1 sm=1 a=4q38a75ucWZEoAuqF1Taiw==:17 a=IPki1kwjZaUA:10 a=rbMcwbyzzsAA:10 a=wPDyFdB5xvgA:10 a=kj9zAlcOel0A:10 a=jl1WCCbAAAAA:8 a=5y4faFyK3SkA:10 a=6I5d2MoRAAAA:8 a=k7Y1D9JTiQkiKI-0bEcA:9 a=CjuIK1q_8ugA:10 a=oRGrlLRogwYA:10 a=EMvNslRywjgA:10 a=63EKXiWfI5T3Wu0x:21 a=lRDTX1JFgc3wIwYP:21 a=4q38a75ucWZEoAuqF1Taiw==:117 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.14.9/8.14.9) with ESMTP id sARJRTJm095626 for ; Fri, 28 Nov 2014 06:27:30 +1100 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.14.9/8.14.9/Submit) with ESMTP id sARJRTJV095623 for ; Fri, 28 Nov 2014 06:27:29 +1100 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Fri, 28 Nov 2014 06:27:28 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: /etc/periodic/security/520.pfdenied (fwd) Message-ID: User-Agent: Alpine 2.11 (BSF 23 2013-08-11) X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 19:27:33 -0000 Any nibbles on this? I'd offer to fix it as I said, but only if I knew just what it was supposed to be doing in the first place. Seems that it could also use an option in /etc/rc.conf to reset the stats after printing them, otherwise they'll just keep accumulating; on the whole, it looks very much like a work in progress. On the same (related) subject, I'm using (manually added), and (automatically added). I would very much like to expire these, say 24 hours after they were last added and/or triggered, but there seems to be no direct way of doing this. The closest that I can find would be the description under "-T expire": Delete addresses which had their statistics cleared cleared more than /number/ seconds ago. For entries which have never had their statistics cleared, /number/ refers to the time they were added to the table. Judicious use of "-v" would appear to be indicated here, along with the aforementioned optional clearing. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) ---------- Forwarded message ---------- Date: Sat, 15 Nov 2014 06:31:46 +1100 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: /etc/periodic/security/520.pfdenied Not quite sure if this belongs here or elsewhere; it is PF-related, after all, so please refer me somewhere else if necessary. What is the actual intent of this script? It seems to be showing every rule that *could* have triggered, regardless of whether it *did* trigger. I'm happy to submit a patch if necessary, but I'll need to know what the script is supposed to be doing. (Yes, it's a basic firewall, but it's protected by a more vicious one upstream; PF merely fine-tunes what gets through to the exposed server.) ----- aneurin.horsfall.org pf denied packets: +++ /tmp/security.8uFzJ1HL 2014-11-15 03:09:11.000000000 +1100 +block drop all [ Evaluations: 27332 Packets: 10696 Bytes: 471264 States: 0 ] +block drop in log quick on fxp0 from to any [ Evaluations: 22598 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick on fxp0 from to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick on ! fxp0 inet from 10.0.0.0/8 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 10.0.0.3 to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick from no-route to any [ Evaluations: 22583 Packets: 0 Bytes: 0 States: 0 ] +block drop in quick on fxp0 inet from any to 255.255.255.255 [ Evaluations: 22583 Packets: 7 Bytes: 2296 States: 0 ] +block drop in log quick inet from any to 0.0.0.0 [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 224.0.0.0/4 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in log quick inet from 255.255.255.255 to any [ Evaluations: 22576 Packets: 0 Bytes: 0 States: 0 ] +block drop in quick on fxp0 inet from any to 224.0.0.1 [ Evaluations: 22576 Packets: 11246 Bytes: 489992 States: 0 ] ----- Thanks. -- Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD server." http://www.horsfall.org/spam.html (and check the home page whilst you're there) From owner-freebsd-pf@FreeBSD.ORG Thu Nov 27 19:56:06 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0BA9F9CA for ; Thu, 27 Nov 2014 19:56:06 +0000 (UTC) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id D78CF60C for ; Thu, 27 Nov 2014 19:56:05 +0000 (UTC) Received: from [10.0.1.2] (static-71-177-216-148.lsanca.fios.verizon.net [71.177.216.148]) (authenticated bits=0) by zoom.lafn.org (8.14.7/8.14.7) with ESMTP id sARJu2VZ045026 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 27 Nov 2014 11:56:03 -0800 (PST) (envelope-from bc979@lafn.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: Swap Issue From: Doug Hardie In-Reply-To: Date: Thu, 27 Nov 2014 11:56:02 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <91FAA671-F1D0-457B-A8EA-08F024797068@lafn.org> References: <4009E30B-FC0C-4BE0-A318-CD2ED5E28281@lafn.org> To: Dave Horsfall X-Mailer: Apple Mail (2.1993) X-Virus-Scanned: clamav-milter 0.98 at zoom.lafn.org X-Virus-Status: Clean Cc: FreeBSD PF List X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Nov 2014 19:56:06 -0000 Oops. Sent to wrong list by mistake. > On 27 November 2014, at 09:27, Dave Horsfall = wrote: >=20 > I'm having difficulty in understanding just what this has to do with = PF... =20 > Or is every FreeBSD list getting spammed? >=20 > --=20 > Dave Horsfall DTM (VK2KFU) "Bliss is a MacBook with a FreeBSD = server." > http://www.horsfall.org/spam.html (and check the home page whilst = you're there) > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >=20