From owner-freebsd-pf@freebsd.org Sun Aug 27 01:42:33 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65C20DE10F6 for ; Sun, 27 Aug 2017 01:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 52F588475B for ; Sun, 27 Aug 2017 01:42:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7R1gXXj090326 for ; Sun, 27 Aug 2017 01:42:33 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 120057] [pf] [patch] Allow proper settings of ALTQ_HFSC. The check i wrong since even with the values forbidden from this check you get a concave curve. Date: Sun, 27 Aug 2017 01:42:33 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jpaetzel@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc resolution bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 01:42:33 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D120057 Josh Paetzel changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jpaetzel@FreeBSD.org Resolution|--- |Overcome By Events Status|In Progress |Closed --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sun Aug 27 01:43:31 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44424DE11BA for ; Sun, 27 Aug 2017 01:43:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 325FC847BA for ; Sun, 27 Aug 2017 01:43:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7R1hUrm091663 for ; Sun, 27 Aug 2017 01:43:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 120281] [pf] [request] lost returning packets to PF for a rdr rule Date: Sun, 27 Aug 2017 01:43:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 6.3-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: jpaetzel@FreeBSD.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Overcome By Events X-Bugzilla-Priority: Normal X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: resolution bug_status cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Aug 2017 01:43:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D120281 Josh Paetzel changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |Overcome By Events Status|In Progress |Closed CC| |jpaetzel@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Mon Aug 28 11:29:24 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 923A3E0B74E for ; Mon, 28 Aug 2017 11:29:24 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6498E72F0B for ; Mon, 28 Aug 2017 11:29:23 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from mr185083 (mr185083.univ-rennes1.fr [129.20.185.83]) by mx.zohomail.com with SMTPS id 1503919756164204.0233139578304; Mon, 28 Aug 2017 04:29:16 -0700 (PDT) Date: Mon, 28 Aug 2017 13:29:12 +0200 From: Patrick Lamaiziere To: Miroslav Lachman <000.fbsd@quip.cz> Cc: freebsd-pf@FreeBSD.org Subject: Re: PF cannot allocate memory on reload Message-ID: <20170828132912.70959ac5@mr185083> In-Reply-To: <59A01B0A.6050407@quip.cz> References: <59A01B0A.6050407@quip.cz> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.29; amd64-portbld-freebsd10.3) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-ZohoMailClient: External X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 11:29:24 -0000 Le Fri, 25 Aug 2017 14:41:46 +0200, Miroslav Lachman <000.fbsd@quip.cz> a écrit : > I have PF rules with some large tables. The biggest one is with Tor > IPs > - 198239 entries in table tor_net. ... > When I try to reload PF I get error like these: > > /etc/pf.conf.tmp:37: cannot define table reserved: Cannot allocate > memory table persist file "/etc/pf.czech_net.table" > /etc/pf.conf.tmp:38: cannot define table czech_net: Cannot allocate > memory table persist file "/etc/pf.goodguys.table" > /etc/pf.conf.tmp:39: cannot define table goodguys: Cannot allocate > memory table persist file "/etc/pf.badguys.table" > /etc/pf.conf.tmp:40: cannot define table badguys: Cannot allocate > memory table persist file "/etc/pf.tor_net.table" > table persist > table persist > set limit table-entries 300000 > The possible workaround is to flush table tor_net, reload PF and then > add IPs to the table tor_net. > > Is there something I can tune to prevent these errors? I think that on reload, the old table is deleted after the loading of the new ruleset. So your limit (300000) is too low (198000 * 2 = 396000) Or may be this is because you are using a "persist" table : "persist: The persist flag forces the kernel to keep the table even when no rules refer to it. If the flag is not set, the kernel will automatically remove the table when the last rule referring to it is flushed." Did you try to augment the limit or to remove the persist keyword? Regards, From owner-freebsd-pf@freebsd.org Wed Aug 30 01:32:44 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98AEEDEB1DD for ; Wed, 30 Aug 2017 01:32:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76B667D7E5 for ; Wed, 30 Aug 2017 01:32:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v7U1WhZg070299 for ; Wed, 30 Aug 2017 01:32:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 221201] [pf] Prevent possible endless loop when searching for an unused nat port Date: Wed, 30 Aug 2017 01:32:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: patch, security X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: kp@freebsd.org X-Bugzilla-Flags: mfc-stable10? mfc-stable11+ X-Bugzilla-Changed-Fields: flagtypes.name assigned_to bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Aug 2017 01:32:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221201 Ed Maste changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|mfc-stable11? |mfc-stable11+ Assignee|freebsd-pf@FreeBSD.org |kp@freebsd.org Status|Open |In Progress --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-pf@freebsd.org Sat Sep 2 05:55:31 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15EFEE02149 for ; Sat, 2 Sep 2017 05:55:31 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from viclamta22p.bpe.bigpond.com (viclamta22p.bpe.bigpond.com [203.38.21.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Openwave Messaging Inc." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E938D75D07 for ; Sat, 2 Sep 2017 05:55:28 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep24p-svc.bpe.nexus.telstra.com.au with ESMTP id <20170902051909.SDVD8681.viclafep24p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Sat, 2 Sep 2017 15:19:09 +1000 X-RG-Spam: Unknown X-Junkmail-Premium-Raw: score=7/83, refid=2.7.2:2017.9.2.45115:17:7.944, ip=, rules=__HAS_FROM, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __HAS_MSGID, __SANE_MSGID, __USER_AGENT, __MIME_VERSION, __CT, __CT_TEXT_PLAIN, __ANY_URI, __URI_NO_WWW, __NO_HTML_TAG_RAW, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_900_999, __MIME_TEXT_P1, __MIME_TEXT_ONLY, __URI_NS, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, __TO_REAL_NAMES, BODY_SIZE_1000_LESS, BODY_SIZE_2000_LESS, __MIME_TEXT_P, NO_URI_HTTPS, BODY_SIZE_7000_LESS Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (9.0.019.16-1) id 59A3CC7B00E35CF0 for freebsd-pf@freebsd.org; Sat, 2 Sep 2017 15:19:09 +1000 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id v7VMLA5J040562 for ; Fri, 1 Sep 2017 08:21:10 +1000 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id v7VMLAhD040559 for ; Fri, 1 Sep 2017 08:21:10 +1000 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Fri, 1 Sep 2017 08:21:10 +1000 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Help with woodpecker config (fwd) Message-ID: User-Agent: Alpine 2.21 (BSF 202 2017-01-01) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Sep 2017 05:55:31 -0000 Hmmm, no replies. Does this mean that no-one is using this useful feature, is using it but is not willing to share, or it's known not to work at all and are too embarrassed to say so? -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." ---------- Forwarded message ---------- Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Help with woodpecker config I get a lot of woodpecker attempts on my mailserver i.e. a connection gets rejected for a variety of reasons (I have some fairly savage anti-spam measures) and they retry straight away. I've played with the "N connects in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3). Does anyone have a working config that they can share, to give me a leg up? Thanks. -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer." From owner-freebsd-pf@freebsd.org Sat Sep 2 06:34:07 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 121F8E03475 for ; Sat, 2 Sep 2017 06:34:07 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E6F1176B79 for ; Sat, 2 Sep 2017 06:34:06 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id v826OHE4004347 for ; Fri, 1 Sep 2017 23:24:23 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: References: From: "Chris H" Subject: Re: Help with woodpecker config (fwd) Date: Fri, 01 Sep 2017 23:24:23 -0700 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Sep 2017 06:34:07 -0000 On Fri, 1 Sep 2017 08:21:10 +1000 (EST) Dave Horsfall wrote > Hmmm, no replies. Does this mean that no-one is using this useful > feature, is using it but is not willing to share, or it's known not to > work at all and are too embarrassed to say so? Hello, Dave. I'm not going to pretend that one size fits all, and neither should you. But You asked, so I'll throw you something that you can experiment with that can work, in the right pf.conf(5) arrangement. ----------------------------------------------------------------- # Cleanse every so often with "pfctl -t woodpeckers -T seconds. # table persist block in log quick on $ext_if from # No more than 10/IP, or 5/minute should be plenty. pass inet proto tcp from any port smtp \ flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 5/60, \ overload flush global) ----------------------------------------------------------------- I've seen other clever, or exotic arrangements as well. A search on the net for pf woodpecker, and similar should return them. HTH --Chris > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will > suffer." > > ---------- Forwarded message ---------- > Date: Wed, 16 Aug 2017 07:37:36 +1000 (EST) > From: Dave Horsfall > To: FreeBSD PF List > Subject: Help with woodpecker config > > I get a lot of woodpecker attempts on my mailserver i.e. a connection gets > rejected for a variety of reasons (I have some fairly savage anti-spam > measures) and they retry straight away. I've played with the "N connects > in M seconds" stuff but cannot seem to get it to work (FreeBSD 10.3). > > Does anyone have a working config that they can share, to give me a leg up? > > Thanks. > > -- > Dave Horsfall DTM (VK2KFU) "Those who don't understand security will > suffer." _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@freebsd.org Sat Sep 2 08:57:18 2017 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D4F6E08148 for ; Sat, 2 Sep 2017 08:57:18 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from viclamta35p.bpe.bigpond.com (viclamta35p.bpe.bigpond.com [203.38.21.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "", Issuer "Openwave Messaging Inc." (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B3617E0E4 for ; Sat, 2 Sep 2017 08:57:14 +0000 (UTC) (envelope-from dave@horsfall.org) Received: from smtp.telstra.com ([10.10.26.4]) by viclafep35p-svc.bpe.nexus.telstra.com.au with ESMTP id <20170902074247.NRCJ22053.viclafep35p-svc.bpe.nexus.telstra.com.au@smtp.telstra.com> for ; Sat, 2 Sep 2017 17:42:47 +1000 X-RG-Spam: Unknown X-Junkmail-Premium-Raw: score=7/83, refid=2.7.2:2017.9.2.65415:17:7.944, ip=, rules=__HAS_FROM, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __IN_REP_TO, __HAS_MSGID, __SANE_MSGID, __REFERENCES, __USER_AGENT, __MIME_VERSION, __CT, __CT_TEXT_PLAIN, __SUBJ_ALPHA_NEGATE, __NO_HTML_TAG_RAW, BODYTEXTP_SIZE_3000_LESS, BODY_SIZE_500_599, __MIME_TEXT_P1, __MIME_TEXT_ONLY, HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, IN_REP_TO, MSG_THREAD, __TO_REAL_NAMES, LEGITIMATE_SIGNS, NO_URI_FOUND, NO_CTA_URI_FOUND, BODY_SIZE_1000_LESS, BODY_SIZE_2000_LESS, __MIME_TEXT_P, REFERENCES, NO_URI_HTTPS, BODY_SIZE_7000_LESS Received: from aneurin.horsfall.org (110.141.193.233) by smtp.telstra.com (9.0.019.16-1) id 5959E9B30B397512 for freebsd-pf@freebsd.org; Sat, 2 Sep 2017 17:42:47 +1000 Received: from aneurin.horsfall.org (localhost [127.0.0.1]) by aneurin.horsfall.org (8.15.2/8.15.2) with ESMTP id v827gkuk049261 for ; Sat, 2 Sep 2017 17:42:46 +1000 (EST) (envelope-from dave@horsfall.org) Received: from localhost (dave@localhost) by aneurin.horsfall.org (8.15.2/8.15.2/Submit) with ESMTP id v827gi9G049258 for ; Sat, 2 Sep 2017 17:42:46 +1000 (EST) (envelope-from dave@horsfall.org) X-Authentication-Warning: aneurin.horsfall.org: dave owned process doing -bs Date: Sat, 2 Sep 2017 17:42:44 +1000 (EST) From: Dave Horsfall To: FreeBSD PF List Subject: Re: Help with woodpecker config (fwd) In-Reply-To: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> Message-ID: References: <4bd300df6764324185e9a95df6d6f7a2@ultimatedns.net> User-Agent: Alpine 2.21 (BSF 202 2017-01-01) X-GPG-Public-Key: http://www.horsfall.org/gpgkey.pub X-GPG-Fingerprint: 05B4 FFBC 0218 B438 66E0 587B EF46 7357 EF5E F58B X-Home-Page: http://www.horsfall.org/ X-Witty-Saying: "chmod 666 the_mode_of_the_beast" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Sep 2017 08:57:18 -0000 On Fri, 1 Sep 2017, Chris H wrote: > But You asked, so I'll throw you something that you can experiment with > that can work, in the right pf.conf(5) arrangement. Many thanks! At least I now have a config that works for at least one person, so any further problems are mine alone :-) Quite likely I've been doing something fundamentally wrong, but it's too late in the day now for me to be playing with firewalls... -- Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."