From owner-freebsd-pf@FreeBSD.ORG Sun Apr 3 20:50:32 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25BBB16A4CE; Sun, 3 Apr 2005 20:50:32 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 570E143D1F; Sun, 3 Apr 2005 20:50:31 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DIC31-0000iE-00; Sun, 03 Apr 2005 22:50:19 +0200 Received: from [217.83.11.66] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DIC30-0001TX-00; Sun, 03 Apr 2005 22:50:19 +0200 From: Max Laier To: Sean Chittenden Date: Sun, 3 Apr 2005 22:49:28 +0200 User-Agent: KMail/1.8 References: <20050403193405.GA41736@sean.gigave.com> In-Reply-To: <20050403193405.GA41736@sean.gigave.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1513066.4W56h1X9st"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200504032249.37115.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: rc@FreeBSD.org cc: freebsd-pf@freebsd.org Subject: Re: rc.d/pf reload behavior odity... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Apr 2005 20:50:32 -0000 --nextPart1513066.4W56h1X9st Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 03 April 2005 21:34, Sean Chittenden wrote: > Howdy. I'd like to wager that `rc.d/pf's reload` has an unintended > behavior that I'd like to correct. > > Right now `rc.d/pf reload` does a -Fa which clears everything > (tables, rules, queues, and pf's state table). I'd like to propose > that rc.d/pf flush everything but the state tables, ie: > > Index: pf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > RCS file: /home/ncvs/src/etc/rc.d/pf,v > retrieving revision 1.6 > diff -u -r1.6 pf > --- pf 25 Oct 2004 08:12:28 -0000 1.6 > +++ pf 3 Apr 2005 19:22:51 -0000 > @@ -75,7 +75,7 @@ > echo "Reloading pf rules." > > ${pf_program:-/sbin/pfctl} -n -f "${pf_rules}" || return 1 > - ${pf_program:-/sbin/pfctl} -Fa > /dev/null 2>&1 > + ${pf_program:-/sbin/pfctl} -Fnat -Fqueue -Frules -FSources -Finfo > -FTables -Fosfp > /dev/null 2>&1 ${pf_program:-/sbin/pfctl} -f > "${pf_rules}" ${pf_flags} > } > > Which I believe is the intended behavior. The rationale being that if > you've got a system and are making changes to the firewall, you want > to keep existing state entries to prevent resetting everyone's > existing TCP connections, but do want to load a new set of rules, > queues, tables, filters, etc. If you're local to the machine and want > to clear the state tables, people should use `rc.d/pf restart` > instead. > > Is it okay for me to apply the above patch and MFC it after 5.4 is > released? -sc Good catch, please go ahead. Unless somebody else has strong feelings agai= nst=20 this (CC'ing freebsd-pf). Please make sure it gets documented, though. [I am not on rc@, please keep the CC, thanks.] =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1513066.4W56h1X9st Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCUFbhXyyEoT62BG0RAlEAAJ934kzAYWXaKLa8CpYzurfKv4nLrACeMWVB VvmakVtfsCudXwep4mV1R4I= =m1QB -----END PGP SIGNATURE----- --nextPart1513066.4W56h1X9st-- From owner-freebsd-pf@FreeBSD.ORG Mon Apr 4 20:03:33 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1C4816A4CE for ; Mon, 4 Apr 2005 20:03:33 +0000 (GMT) Received: from fosho.putnamville.com (adsl-69-104-98-165.dsl.snfc21.pacbell.net [69.104.98.165]) by mx1.FreeBSD.org (Postfix) with ESMTP id D299243D4C for ; Mon, 4 Apr 2005 20:03:32 +0000 (GMT) (envelope-from filter@fosho.putnamville.com) Received: from localhost (localhost [127.0.0.1]) (uid 503) by fosho.putnamville.com with local; Mon, 04 Apr 2005 13:03:55 -0700 id 000F05FA.42519DAB.000017AD To: freebsd-pf@freebsd.org From: "aw-confirm@ebay.com" Message-ID: Date: Mon, 04 Apr 2005 13:03:55 -0700 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=_boundary-0001-6061" Subject: Your Final Warning From eBay X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Apr 2005 20:03:34 -0000 This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_boundary-0001-6061 Content-Type: text/plain; format=flowed; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Comment: The following content can be customized provided that: Comment: 1) These MIME headers are preserved (you may change the charset Comment: or drop format=flowed). Comment: 2) This content is manually quoted-printable encoded, it MUST NOT Comment: contain 8-bit text. Comment: 'fosho.putnamville.com' below is replaced by server name. CORRUPTED MESSAGE This is the Courier Mail Server 0.48 on fosho.putnamville.com. I received the following message for delivery to your address. This message contains several internal formatting errors. This is often caused by viruses that attempt to infect remote systems. Instead of blocking this message, it has been converted as a safe, text-only attachment that can be safely read with a text editor. This sometimes also happens when the sender's mail software has a bug that creates improperly-formatted messages. Although these kinds of formatting errors may often be ignored by other mail servers, this server detects and intercepts improperly-coded messages in order to prevent viruses from taking advantage of bugs in E-mail programs: ----------------------------------------------------------------------------- This message contains improperly-formatted binary content, or attachment. See for more information. ----------------------------------------------------------------------------- --=_boundary-0001-6061 Content-Type: text/plain; charset=iso-8859-1 X-Original-Content-Type: message/rfc822 Content-Disposition: attachment; filename="message.txt" Content-Transfer-Encoding: 8bit Received: from localhost (localhost [127.0.0.1]) (uid 503) by fosho.putnamville.com with local; Mon, 04 Apr 2005 13:03:55 -0700 id 000F05FA.42519DAB.000017AD To: freebsd-pf@freebsd.org Subject: Your Final Warning From eBay From: "aw-confirm@ebay.com" Content-Type: text/html Message-ID: Date: Mon, 04 Apr 2005 13:03:55 -0700
Place or Update Credit Card on File 

Dear eBay,

During our regulary schedule account maintenance and verification we have detected a slight error in your billing information on file with eBay. This might be due to either following reasons:

             - A recent change in your personal information (i.e. change of address)
             - Submiting invalid information during the initial sign up process.
             - An inability to accurately verify your selected option of payment due an internal error within
               our processors.

Your credit card on file with eBay    
Card number: XXXX-XXXX-XXXX-4322 (Not shown for security purposes)  Expiration date: 11/05

Please sign in to your eBay account and update your billing information:

http://signin.ebay.com/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US" >

If your account information is not update, your ability to sell or bid on eBay will become restricted.

Thank you,
eBay Billing Department

eBay treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information. eBay will never ask their users for personal information, such as bank account numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your eBay password and your account, please visit User Account Protection.
This eBay notice was sent to you based on your eBay account preferences and in accordance with our Privacy Policy. To change your notification preferences, click here. If you would like to receive this email in text format, click here.

Copyright © 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.

--=_boundary-0001-6061-- From owner-freebsd-pf@FreeBSD.ORG Tue Apr 5 16:20:49 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A28E16A4CE for ; Tue, 5 Apr 2005 16:20:49 +0000 (GMT) Received: from mail.3gne.com (ded191-fbsd-174-39.netsonic.net [66.180.174.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C8BF43D58 for ; Tue, 5 Apr 2005 16:20:48 +0000 (GMT) (envelope-from nick@buraglio.com) Received: from localhost (localhost.3gne.com [127.0.0.1]) by mail.3gne.com (Postfix) with ESMTP id 8708ED5A03 for ; Tue, 5 Apr 2005 11:27:36 -0500 (CDT) Received: from [141.142.101.67] (precious.ncsa.uiuc.edu [141.142.101.67]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.3gne.com (Postfix) with ESMTP id 8C40BD42ED for ; Tue, 5 Apr 2005 11:27:30 -0500 (CDT) Mime-Version: 1.0 (Apple Message framework v619.2) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; format=flowed To: freebsd-pf@freebsd.org From: Nick Buraglio Date: Tue, 5 Apr 2005 11:20:47 -0500 X-Mailer: Apple Mail (2.619.2) X-Virus-Scanned: by amavisd-new at 3gne.com Subject: wicap-php X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 16:20:49 -0000 Has anyone gotten wicap-php to work correctly under freebsd/pf? I can't seem to get it to create the entries in the tables with the python version. From owner-freebsd-pf@FreeBSD.ORG Tue Apr 5 22:41:01 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B576016A4D1 for ; Tue, 5 Apr 2005 22:40:58 +0000 (GMT) Received: from mail.prolexic.com (mail.prolexic.com [209.200.133.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81F2E43D39 for ; Tue, 5 Apr 2005 22:40:58 +0000 (GMT) (envelope-from glenngl@prolexic.com) Received: from [8.10.2.4] (helo=[192.168.193.52]) by mail.prolexic.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.43 (FreeBSD)) id 1DIwjC-0008Fq-0G for freebsd-pf@freebsd.org; Tue, 05 Apr 2005 18:40:58 -0400 Message-ID: <425313F8.5030406@prolexic.com> Date: Tue, 05 Apr 2005 18:40:56 -0400 From: Glenn Lebumfacil User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org X-Enigmail-Version: 0.90.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: RELENG_5, CARP, and carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Apr 2005 22:41:01 -0000 Hi All, I've been testing the release of CARP that's included in 5.4-PRERELEASE running on top of a vlan interface, and I realized that carpdev is not an option for ifconfig when bringing up the CARP interface. Just wondering... If you don't have a place to specify the carp device (like vlandev for vlan interfaces), how does it choose which interface to bind to? Does it always choose the first interface? So... em0 in my case. Glenn -- Glenn Lebumfacil Network Engineer Prolexic Technologies From owner-freebsd-pf@FreeBSD.ORG Wed Apr 6 00:48:10 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43AD116A4CE for ; Wed, 6 Apr 2005 00:48:10 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBB4A43D5D for ; Wed, 6 Apr 2005 00:48:09 +0000 (GMT) (envelope-from jsimola@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so35625wri for ; Tue, 05 Apr 2005 17:48:08 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=T1qA135Klu2VHsaMU0iP5HB6ZZDhQ7F2N5RMuAOoyk5W2dWSe+sD58wWsBYENA8Omlyg7iu+GFSBNQetsm3qsPr42UnoahF/vdo9L2KK3/jlIcDlPDo90dDoVLBnL+KKyiUM6vd3DS4y8LUDEU0aHQbL1e+nYE3GzjjRTNx1RO0= Received: by 10.54.28.8 with SMTP id b8mr138492wrb; Tue, 05 Apr 2005 17:48:08 -0700 (PDT) Received: by 10.54.39.6 with HTTP; Tue, 5 Apr 2005 17:48:07 -0700 (PDT) Message-ID: <8eea040805040517486ff96c0d@mail.gmail.com> Date: Tue, 5 Apr 2005 16:48:07 -0800 From: Jon Simola To: Glenn Lebumfacil , freebsd-pf@freebsd.org In-Reply-To: <425313F8.5030406@prolexic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <425313F8.5030406@prolexic.com> Subject: Re: RELENG_5, CARP, and carpdev X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jon@abccomm.com List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Apr 2005 00:48:10 -0000 On Apr 5, 2005 2:40 PM, Glenn Lebumfacil wrote: > If you don't have a place to specify the carp device (like > vlandev for vlan interfaces), how does it choose which interface to bind > to? Does it always choose the first interface? So... em0 in my case. The interface is chosen based on existing configured networks. So if you have 10.1.1.1/24 configured on em0, then configuring carp0 as 10.1.1.254 will have it running on em0. This does seem a bit odd, but it's how it works. http://marc.theaimsgroup.com/?l=openbsd-tech&m=110229937028512&w=2 Is a pach against OpenBSD-current that might be appearing in OpenBSD 3.7 that adds the carpdev keyword and binding to a physical interface. -- Jon Simola Systems Administrator ABC Communications From owner-freebsd-pf@FreeBSD.ORG Thu Apr 7 14:11:16 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8CD216A4CE; Thu, 7 Apr 2005 14:11:16 +0000 (GMT) Received: from mailgate2.zdv.Uni-Mainz.DE (mailgate2.zdv.Uni-Mainz.DE [134.93.178.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 757CD43D41; Thu, 7 Apr 2005 14:11:16 +0000 (GMT) (envelope-from ohartman@mail.uni-mainz.de) Received: from [213.6.69.68] (A4544.a.pppool.de [213.6.69.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailgate2.zdv.Uni-Mainz.DE (Postfix) with ESMTP id E2E923000ADD; Thu, 7 Apr 2005 16:11:14 +0200 (CEST) Message-ID: <42553F80.50503@mail.uni-mainz.de> Date: Thu, 07 Apr 2005 16:11:12 +0200 From: "O. Hartmann" Organization: Institut =?ISO-8859-15?Q?f=FCr_Geophysik?= User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; de-AT; rv:1.7.6) Gecko/20050328 X-Accept-Language: de-de, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at uni-mainz.de Subject: Using ppp/tun0 manually, how to trigger 'pf' automaticaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 14:11:16 -0000 Hello. I use the ppp utility to configure and setup a line (at the moment no other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf' after the line has been setup to make pf working with the tun0 assigned IP? Or are there other way doing so? Thanks, Oliver From owner-freebsd-pf@FreeBSD.ORG Thu Apr 7 14:23:27 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E1D816A4CE for ; Thu, 7 Apr 2005 14:23:27 +0000 (GMT) Received: from mail.bosquedeniebla.com (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5F4143D3F for ; Thu, 7 Apr 2005 14:23:22 +0000 (GMT) (envelope-from eculp@encontacto.net) Received: from dsl-200-78-46-123.prod-infinitum.com.mx (dsl-200-78-46-123.prod-infinitum.com.mx [200.78.46.123]) by mail.bosquedeniebla.com with esmtp; Thu, 07 Apr 2005 09:23:20 -0500 id 00095CA3.42554259.00016A4C Received: from localhost (localhost [127.0.0.1]) (uid 80) by dsl-200-78-46-123.prod-infinitum.com.mx with local; Thu, 07 Apr 2005 09:23:20 -0500 Received: from localhost.encontacto.net (localhost.encontacto.net [127.0.0.1]) by mail.encontacto.net (Horde MIME library) with HTTP for ; Thu, 07 Apr 2005 09:23:19 -0500 Message-ID: <20050407092319.xda2onpe68gw0040@mail.encontacto.net> Date: Thu, 07 Apr 2005 09:23:19 -0500 From: "Edwin L. Culp" To: freebsd-pf@freebsd.org References: <42553F80.50503@mail.uni-mainz.de> In-Reply-To: <42553F80.50503@mail.uni-mainz.de> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: Re: Using ppp/tun0 manually, how to trigger 'pf' automaticaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 14:23:27 -0000 Quoting "O. Hartmann" : > Hello. > > I use the ppp utility to configure and setup a line (at the moment no > other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf' > after the line has been setup to make pf working with the tun0 assigned IP? Me Too. Amazing, I was just going to ask that question. I finally have a "working" pf on another machine as of 30 minutes ago and want to install it in place of ppp -nat on another server to have a similar configuration between home and work machines. Somewhere in my reading about pf configurations, I saw a howto or an email that was basically a simple howto use it with pf but I still haven't found it.:( I'm going to keep searching and will let you know if I am able to find it. thanks, ed > > Or are there other way doing so? > > Thanks, > Oliver > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Thu Apr 7 14:27:12 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5700316A4CE; Thu, 7 Apr 2005 14:27:12 +0000 (GMT) Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5280443D3F; Thu, 7 Apr 2005 14:27:11 +0000 (GMT) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) j37ERACs004605 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Thu, 7 Apr 2005 16:27:10 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.13.3/8.12.10/Submit) id j37ERAgx010647; Thu, 7 Apr 2005 16:27:10 +0200 (MEST) Date: Thu, 7 Apr 2005 16:27:09 +0200 From: Daniel Hartmeier To: "O. Hartmann" Message-ID: <20050407142709.GA32520@insomnia.benzedrine.cx> References: <42553F80.50503@mail.uni-mainz.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42553F80.50503@mail.uni-mainz.de> User-Agent: Mutt/1.5.6i cc: freebsd-questions@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: Using ppp/tun0 manually, how to trigger 'pf' automaticaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 14:27:12 -0000 On Thu, Apr 07, 2005 at 04:11:12PM +0200, O. Hartmann wrote: > I use the ppp utility to configure and setup a line (at the moment no > other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf' > after the line has been setup to make pf working with the tun0 assigned IP? > > Or are there other way doing so? You can use 'from (tun0)', where the interface name is put in parentheses, and pf will automatically note when that interface changes its IP address, without the need to reload the ruleset. Daniel From owner-freebsd-pf@FreeBSD.ORG Thu Apr 7 15:33:15 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C937E16A4CE for ; Thu, 7 Apr 2005 15:33:15 +0000 (GMT) Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de [217.115.142.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id F305643D46 for ; Thu, 7 Apr 2005 15:33:14 +0000 (GMT) (envelope-from me@hexren.net) Received: by helium.webpack.hosteurope.de running Exim 4.34 using asmtp from pd9552984.dip.t-dialin.net ([217.85.41.132] helo=192.168.0.2) id 1DJZ0L-0000dr-H0; Thu, 07 Apr 2005 17:33:13 +0200 Date: Thu, 7 Apr 2005 17:33:12 +0200 From: Hexren X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <514227428.20050407173312@hexren.net> To: freebsd-pf@freebsd.org In-Reply-To: <20050407092319.xda2onpe68gw0040@mail.encontacto.net> References: <42553F80.50503@mail.uni-mainz.de> <20050407092319.xda2onpe68gw0040@mail.encontacto.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re[2]: Using ppp/tun0 manually, how to trigger 'pf' automaticaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Hexren List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 15:33:15 -0000 > Quoting "O. Hartmann" : >> Hello. >> >> I use the ppp utility to configure and setup a line (at the moment no >> other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf' >> after the line has been setup to make pf working with the tun0 assigned IP? > Me Too. Amazing, I was just going to ask that question. I finally have > a "working" pf on another machine as of 30 minutes ago and want to > install it in place of ppp -nat on another server to have a similar > configuration between home and work machines. Somewhere in my reading > about pf configurations, I saw a howto or an email that was basically a > simple howto use it with pf but I still haven't found it.:( I'm going > to keep searching and will let you know if I am able to find it. > thanks, > ed >> >> Or are there other way doing so? >> >> Thanks, >> Oliver --------------------------------------------- See man ppp under files: /etc/ppp/ppp.linkup Most basicly the contents of this file are executed after a connection has been established. I dont know what kind of firewall you're using but maybe this is helpfull to: Have you thought about using something like "( tun0 )". To my understanding this means "packets that come in through a IP address associated with the interface tun0". Hexren From owner-freebsd-pf@FreeBSD.ORG Thu Apr 7 17:21:43 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17DFE16A4CE for ; Thu, 7 Apr 2005 17:21:43 +0000 (GMT) Received: from mail.bosquedeniebla.com (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EDC743D53 for ; Thu, 7 Apr 2005 17:21:42 +0000 (GMT) (envelope-from eculp@encontacto.net) Received: from dsl-200-78-46-123.prod-infinitum.com.mx (dsl-200-78-46-123.prod-infinitum.com.mx [200.78.46.123]) by mail.bosquedeniebla.com with esmtp; Thu, 07 Apr 2005 12:21:40 -0500 id 00095CA3.42556C24.00016C6B Received: from localhost (localhost [127.0.0.1]) (uid 80) by dsl-200-78-46-123.prod-infinitum.com.mx with local; Thu, 07 Apr 2005 12:21:39 -0500 Received: from localhost.encontacto.net (localhost.encontacto.net [127.0.0.1]) by mail.encontacto.net (Horde MIME library) with HTTP for ; Thu, 07 Apr 2005 12:21:39 -0500 Message-ID: <20050407122139.qv4xzedarkwwooow@mail.encontacto.net> Date: Thu, 07 Apr 2005 12:21:39 -0500 From: "Edwin L. Culp" To: freebsd-pf@freebsd.org References: <42553F80.50503@mail.uni-mainz.de> <20050407142709.GA32520@insomnia.benzedrine.cx> In-Reply-To: <20050407142709.GA32520@insomnia.benzedrine.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: Re: Using ppp/tun0 manually, how to trigger 'pf' automaticaly X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Apr 2005 17:21:43 -0000 Quoting Daniel Hartmeier : > On Thu, Apr 07, 2005 at 04:11:12PM +0200, O. Hartmann wrote: > >> I use the ppp utility to configure and setup a line (at the moment no >> other way possible). How can I trigger 'pfctl -F all -f /etc/pf.conf' >> after the line has been setup to make pf working with the tun0 assigned IP? >> >> Or are there other way doing so? > > You can use 'from (tun0)', where the interface name is put in > parentheses, and pf will automatically note when that interface changes > its IP address, without the need to reload the ruleset. Thanks, Daniel. I'm going to try it this afternoon. ed > > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >