From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:49:41 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 81DEF16A4CF; Thu, 16 Sep 2004 03:49:41 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 54228 invoked by uid 1005); 2 Sep 2003 13:09:19 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 54225 invoked from network); 2 Sep 2003 13:09:19 -0000 Received: from moutng.kundenserver.de (212.227.126.186) by pd953010a.dip.t-dialin.net with SMTP; 2 Sep 2003 13:09:19 -0000 Received: from [212.227.126.214] (helo=mxng18.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 19uBnV-0008Nh-00 for max@vampire.homelinux.org; Tue, 02 Sep 2003 16:06:17 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng18.kundenserver.de with esmtp (Exim 3.35 #1) id 19uBnT-0004T1-00 for max@love2party.net; Tue, 02 Sep 2003 16:06:16 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 4EAB5390855; Tue, 2 Sep 2003 09:06:11 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Tue, 02 Sep 2003 09:06:06 -0500 (EST) Delivered-To: pf4freebsd@freelists.org Received: from smtp.netcabo.pt (smtp.netcabo.pt [212.113.174.9]) ESMTP id 58ACA39086A for ; Tue, 2 Sep 2003 09:06:06 -0500 (EST) Received: from dequim.ist.utl.pt ([213.22.171.17]) by smtp.netcabo.pt with Microsoft SMTPSVC(5.0.2195.5329); Tue, 2 Sep 2003 15:03:44 +0100 Message-ID: <3F54A3F9.3010101@dequim.ist.utl.pt> From: Bruno Afonso User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030625 Thunderbird/0.1a X-Accept-Language: en-us, en MIME-Version: 1.0 To: pf4freebsd@freelists.org Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 02 Sep 2003 14:03:44.0452 (UTC) FILETIME=[057C9840:01C3715B] X-archive-position: 136 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: brunomiguel@dequim.ist.utl.pt Precedence: normal X-list: pf4freebsd X-UID: 251 X-Length: 4159 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:52 +0000 Subject: [pf4freebsd] pfaltq-5.1.0.4 problem using fingerprinting X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:49:41 -0000 X-Original-Date: Tue, 02 Sep 2003 15:06:49 +0100 X-List-Received-Date: Thu, 16 Sep 2004 03:49:41 -0000 All seems to be working fine including AltQ integration. Only a minor glitch when I do ifconfig. (box reboots... works perfectly fine on another 5.1 box. Probably a kernel option. Will do some more research on this...) Anyway, passive fingerprinting may have a bug, This is the important rule in question: #ssh pass in on $ext_if proto tcp from any os Windows to $main_ip port 22 modulate state queue(interact_bulk,interact_ack) Without the "os Windows" everything works fine. And I am coming in from a Windows box as tcpdump shows: my.ip.14338 > public.ip.22: S (src OS: Windows 2000 SP3, Windows XP) 709831067:709831067(0) win 64240 (DF) This was a mere test. :-) Now, the interesting part is that, if I use a FreeBSD box to ssh in, it works... FreeBSd.box.ip.57050 > public.ip.22: S (src OS: FreeBSD 5.0, FreeBSD 4.8-4.9) 632746775:632746775(0) win 65535 (DF) But even more interesting is that, if I change the rule to: #ssh pass in on $ext_if proto tcp from any os Cisco to $main_ip port 22 modulate state queue(interact_bulk,interact_ack) I can ssh in using FreeBSD but not using windows box... My FreeBSD box is on the local network and the windows on a remote one. But, there's a clear problem in always allowing FreeBSD. pf.os is from obsd cvs with some entries remove due to pfctl complaining about them: #16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 #16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 #32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 #32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 #65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2 #65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2 Thanks, take care