From owner-freebsd-pf@FreeBSD.ORG Sun Jul 6 00:52:59 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E1161065671 for ; Sun, 6 Jul 2008 00:52:59 +0000 (UTC) (envelope-from torsten@cnc-london.net) Received: from mailhost.cnc-london.net (mailhost.cnc-london.net [209.44.113.194]) by mx1.freebsd.org (Postfix) with ESMTP id 1FAF58FC19 for ; Sun, 6 Jul 2008 00:52:58 +0000 (UTC) (envelope-from torsten@cnc-london.net) Received: (qmail 92053 invoked by uid 90); 6 Jul 2008 01:26:10 +0100 Received: from 78.105.9.127 (postmaster@78.105.9.127) by mailhost.cnc-london.net (envelope-from , uid 89) with qmail-scanner-2.01st (clamdscan: 0.91.2/5269. spamassassin: 3.2.3. perlscan: 2.01st. Clear:RC:1(78.105.9.127):. Processed in 0.015495 secs); 06 Jul 2008 00:26:10 -0000 Received: from 78-105-9-127.zone3.bethere.co.uk (HELO torstenpc) (postmaster@78.105.9.127) by mailhost.cnc-london.net with SMTP; 6 Jul 2008 01:26:10 +0100 From: "Torsten" To: References: <951843799.20080626164431@rcfd.spb.ru> In-Reply-To: <951843799.20080626164431@rcfd.spb.ru> Date: Sun, 6 Jul 2008 01:25:48 +0100 Message-ID: <016e01c8defe$d92773c0$8b765b40$@net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcjXimy/apuDV9UFTb2Esg2900YLmwHcWV5w Content-Language: en-gb x-cr-hashedpuzzle: BLz2 CLMG Daz8 D9Cs E54q Fmnf Fpb7 GLQh GLRH HGUK IQlW JqvA J3iH KYWe KkxR Lnoq; 1; ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA=; Sosha1_v1; 7; {B447FC0F-3831-4748-ACFC-BAE9C194148F}; dABvAHIAcwB0AGUAbgBAAGMAbgBjAC0AbABvAG4AZABvAG4ALgBuAGUAdAA=; Sun, 06 Jul 2008 00:25:45 GMT; UwBlAHIAdgBlAHIAIABmAG8AcgAgAEYAcgBlAGUAQgBTAEQALQBQAEYAIABwAHIAbwBqAGUAYwB0ACAAcwBwAG8AbgBzAG8AcgBzAGgAaQBwAA== x-cr-puzzleid: {B447FC0F-3831-4748-ACFC-BAE9C194148F} Subject: Server for FreeBSD-PF project sponsorship X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jul 2008 00:52:59 -0000 HI Everyone This is intended only for the developers/maintainers of FreeBSD and there projects. I have just made a deal on eBay for 7 servers very cheap and I would like to donate on or two to your efforts on maintaining and developing FreeBSD. I'm a lover and heavy user of FreeBSD in corporate environments of FreeBSD an since 2003 and have scavenged/leeched of your efforts Because of this I'm very keen on giving something back. The machines are 2U rack mount servers with the following each: 2 x 2.4 Xeon processors, 512MB cache, 533 MHz bus 2 x 1 gig memory DDR 266 ECC 2 x 100 MHz pcix slots 2 x 32 bit pci slots 2 x Intel Gigabit NIS (pre em6.6.3 drivers) ATI rage pro Graphs 400 watt eps 12.1 power supplies 4 x 3.5 drives 2 x 5-1/4 drive bays basically they are super micro motherboards X5DEI-GG and Dual Xeons and the best HW-config for FreeBSD I'm definitely able to give one but if convinced by good reasons I will give two. My priority to sponsor is kernel, network, *PF* and they will only be handed over to the FreeBSD Foundation for any use the foundation sees fit. I will pay the shipping if I can afford it , :-) Please write back to me directly or over the mailing list Regards Torsten PS.: I have 3 pretty fast DLS links (ADSL 24+) with fixed IP's here in the UK , if you want me to keep them here and make available to what ever is required, let me know From owner-freebsd-pf@FreeBSD.ORG Mon Jul 7 11:07:04 2008 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29E6610656F3 for ; Mon, 7 Jul 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 158B98FC0C for ; Mon, 7 Jul 2008 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m67B737L062127 for ; Mon, 7 Jul 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m67B737i062123 for freebsd-pf@FreeBSD.org; Mon, 7 Jul 2008 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 7 Jul 2008 11:07:03 GMT Message-Id: <200807071107.m67B737i062123@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 11:07:04 -0000 Current FreeBSD problem reports Critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/111220 pf [pf] repeatable hangs while manipulating pf tables 1 problem total. Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/82271 pf [pf] cbq scheduler cause bad latency o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented 6 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/93825 pf [pf] pf reply-to doesn't work s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/114095 pf [carp] carp+pf delay with high state limit o kern/114567 pf [pf] LOR pf_ioctl.c + if.c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o kern/121704 pf [pf] PF mangles loopback packets o kern/122773 pf [pf] pf doesn't log uid or pid when configured to 9 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 07:15:12 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C1DF1065670 for ; Wed, 9 Jul 2008 07:15:12 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from mailhost.auckland.ac.nz (moe.its.auckland.ac.nz [130.216.12.35]) by mx1.freebsd.org (Postfix) with ESMTP id BBDE48FC2B for ; Wed, 9 Jul 2008 07:15:11 +0000 (UTC) (envelope-from m.pagulayan@auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 2FCC14803F6 for ; Wed, 9 Jul 2008 19:15:09 +1200 (NZST) X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Received: from mailhost.auckland.ac.nz ([127.0.0.1]) by localhost (moe.its.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5PYEmpC3n9H for ; Wed, 9 Jul 2008 19:15:09 +1200 (NZST) Received: from UXCHANGE2.UoA.auckland.ac.nz (uxcn2.itss.auckland.ac.nz [130.216.190.119]) by mailhost.auckland.ac.nz (Postfix) with ESMTP id 075984803A1 for ; Wed, 9 Jul 2008 19:15:08 +1200 (NZST) Received: from uxchange7-fe1.UoA.auckland.ac.nz ([130.216.190.107]) by UXCHANGE2.UoA.auckland.ac.nz with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jul 2008 19:14:03 +1200 Received: from UXCHANGE7-2.UoA.auckland.ac.nz ([130.216.190.91]) by uxchange7-fe1.UoA.auckland.ac.nz ([130.216.190.107]) with mapi; Wed, 9 Jul 2008 19:14:03 +1200 From: Mark Pagulayan To: "freebsd-pf@freebsd.org" Date: Wed, 9 Jul 2008 19:14:02 +1200 Thread-Topic: Suggestions on how to do Layer 2 load balacing with PF Thread-Index: Acjhk11AALqc1N5kTpCefuMGWJNN/g== Message-ID: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> Accept-Language: en-US, en-NZ Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-NZ MIME-Version: 1.0 X-OriginalArrivalTime: 09 Jul 2008 07:14:03.0572 (UTC) FILETIME=[5E20F740:01C8E193] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Suggestions on how to do Layer 2 load balacing with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 07:15:12 -0000 Hi Guys, I was just wondering if anyone of you have done layer 2 load balancing with= PF. We tried to load balance traffic between two bridge firewall through OSPF, = by putting equal weights on the router ports. But the problem we encountere= d is that when packet exits FW1 ( a state is created) it returns to FW2, th= e packet gets drop because the state created on FW1 has not yet synced on F= W2. We did this experiment because the firewall starts to drop packets when pac= ket rates reach 30Kp/s hoping that we load balance it, we can distribute tr= affic to the firewalls. And just for information where a using a Gig interf= ace (em) I wanted to ask if anyone of you have done load balancing on layer2 and ho= w they have done it. Your help guys would be mostly appreciated. Best Regards, Mark From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 10:06:24 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C1F6106566B for ; Wed, 9 Jul 2008 10:06:24 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by mx1.freebsd.org (Postfix) with ESMTP id 0098D8FC0A for ; Wed, 9 Jul 2008 10:06:23 +0000 (UTC) (envelope-from leccine@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so1595055fgb.35 for ; Wed, 09 Jul 2008 03:06:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=v7lnKPcaeXjLPvwmZc1Qb+ErwSsUDwxhaz8rFB0tpg0=; b=H67+M02FNd22BnmEPDBsLDgTrGUIoV3w8w+te5C2l8r/HEHUKVMyyp9A6pw/64NjJI Kht7SyiX1U9z//Qo38tWMNPiXQ4kK4+2nJpT+tgIURhubkk0FAOIKCnRprt3bX1yOLMv XA/0WNJwu3rjRe51spC/Gi0mj0Am8d+RbKZtg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=NW6H4ZStISlj67TyuKQUUb1el0xCcvl98QEqlAOONKIqL38hgO2fyLmx+DFhrORaTA oZ+OSZ2WzOfm8/Kwr06Qrct/4U4wAjphdTWBA8Dx+s1nEqCgEhajA+AoXs/RvSsqshmb FMkbbHIRVfcg+YK3PTQjPG/zbBnrgSF6VqXXs= Received: by 10.86.83.2 with SMTP id g2mr6679927fgb.54.1215596417738; Wed, 09 Jul 2008 02:40:17 -0700 (PDT) Received: by 10.86.86.10 with HTTP; Wed, 9 Jul 2008 02:40:17 -0700 (PDT) Message-ID: Date: Wed, 9 Jul 2008 10:40:17 +0100 From: "=?ISO-8859-1?Q?Istv=E1n_Szuk=E1cs?=" To: freebsd-pf@freebsd.org In-Reply-To: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> MIME-Version: 1.0 References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Suggestions on how to do Layer 2 load balacing with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 10:06:24 -0000 hi! http://people.freebsd.org/~mlaier/sucon.pdf CARP Supports layer 2 load balancing (ARP based) cheers On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan wrote: > Hi Guys, > > I was just wondering if anyone of you have done layer 2 load balancing with > PF. > > We tried to load balance traffic between two bridge firewall through OSPF, > by putting equal weights on the router ports. But the problem we encountered > is that when packet exits FW1 ( a state is created) it returns to FW2, the > packet gets drop because the state created on FW1 has not yet synced on FW2. > > We did this experiment because the firewall starts to drop packets when > packet rates reach 30Kp/s hoping that we load balance it, we can distribute > traffic to the firewalls. And just for information where a using a Gig > interface (em) > > I wanted to ask if anyone of you have done load balancing on layer2 and > how they have done it. > > Your help guys would be mostly appreciated. > > Best Regards, > > Mark > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- the sun shines for all From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 10:43:05 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4A6EA1065675 for ; Wed, 9 Jul 2008 10:43:05 +0000 (UTC) (envelope-from jd@ods.org) Received: from update.ods.org (update.ods.org [66.246.72.188]) by mx1.freebsd.org (Postfix) with ESMTP id 251B88FC0A for ; Wed, 9 Jul 2008 10:43:05 +0000 (UTC) (envelope-from jd@ods.org) Received: from [192.168.5.50] (76-191-157-59.dsl.dynamic.sonic.net [76.191.157.59]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by update.ods.org (Postfix) with ESMTPSA id BFFA817E6C; Wed, 9 Jul 2008 06:26:37 -0400 (EDT) Message-ID: <4874925D.4020306@ods.org> Date: Wed, 09 Jul 2008 03:26:37 -0700 From: Jason DiCioccio User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Mark Pagulayan References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> In-Reply-To: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "freebsd-pf@freebsd.org" Subject: Re: Suggestions on how to do Layer 2 load balacing with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 10:43:05 -0000 Hey Mark, Mark Pagulayan wrote: > Hi Guys, > > I was just wondering if anyone of you have done layer 2 load balancing with PF. > > We tried to load balance traffic between two bridge firewall through OSPF, by putting equal weights on the router ports. But the problem we encountered is that when packet exits FW1 ( a state is created) it returns to FW2, the packet gets drop because the state created on FW1 has not yet synced on FW2. > The first thing that comes to my mind is changing the behavior on the router. Many routers allow you to choose how they forward in a situation with equal-cost paths. See below for the Juniper version of this. http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/html/policy-actions-config11.html Regards, -JD- From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 12:06:27 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E0EC1065679 for ; Wed, 9 Jul 2008 12:06:27 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150]) by mx1.freebsd.org (Postfix) with ESMTP id C36968FC21 for ; Wed, 9 Jul 2008 12:06:26 +0000 (UTC) (envelope-from stefan.lambrev@moneybookers.com) Received: by blah.sun-fish.com (Postfix, from userid 1002) id 85D131B10EA4; Wed, 9 Jul 2008 13:50:57 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on malcho.cmotd.com X-Spam-Level: X-Spam-Status: No, score=-10.3 required=5.0 tests=ALL_TRUSTED,BAYES_00, MIME_8BIT_HEADER autolearn=no version=3.2.4 Received: from hater.haters.org (hater.cmotd.com [192.168.3.125]) by blah.sun-fish.com (Postfix) with ESMTP id 38DE71B10CAA; Wed, 9 Jul 2008 13:50:55 +0200 (CEST) Message-ID: <4874A61E.1040508@moneybookers.com> Date: Wed, 09 Jul 2008 14:50:54 +0300 From: Stefan Lambrev User-Agent: Thunderbird 2.0.0.14 (X11/20080616) MIME-Version: 1.0 To: =?UTF-8?B?SXN0dsOhbiBTenVrw6Fjcw==?= References: <6E7521247AB3F04685C35F382AADE1B123932C7967@UXCHANGE7-2.UoA.auckland.ac.nz> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on blah.cmotd.com X-Virus-Status: Clean Cc: freebsd-pf@freebsd.org Subject: Re: Suggestions on how to do Layer 2 load balacing with PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 12:06:27 -0000 Hi, It's a very interesting question - at least for me. :) Istv=C3=A1n Szuk=C3=A1cs wrote: > hi! > > http://people.freebsd.org/~mlaier/sucon.pdf > > CARP > > Supports layer 2 load balancing (ARP based) > =20 But the OP claims that pfsync is not fast enough to sync all states? How = will balancing work then? Also I can't imagine the combination of bridge and carp (on same=20 firewall).. after all CARP needs IP and bridge is transparent? > cheers > > On Wed, Jul 9, 2008 at 8:14 AM, Mark Pagulayan > wrote: > > =20 >> Hi Guys, >> >> I was just wondering if anyone of you have done layer 2 load balancing= with >> PF. >> >> We tried to load balance traffic between two bridge firewall through O= SPF, >> by putting equal weights on the router ports. But the problem we encou= ntered >> is that when packet exits FW1 ( a state is created) it returns to FW2,= the >> packet gets drop because the state created on FW1 has not yet synced o= n FW2. >> =20 I guess you have two external uplinks - one for every firewall. Can you=20 draw simple schema of the network topology? >> We did this experiment because the firewall starts to drop packets whe= n >> packet rates reach 30Kp/s hoping that we load balance it, we can distr= ibute >> traffic to the firewalls. And just for information where a using a Gig= >> interface (em) >> =20 30kpps is very low. Bridge with stateful PF should handle at least=20 100-150kpps, probably your hardware is not up to the task? You may want to look at "Freebsd IP Forwarding performance (question,=20 and some info) [7-stable, current, em, smp]" thread in freebsd-net archiv= es for how to tune your router/firewall. >> I wanted to ask if anyone of you have done load balancing on layer2 a= nd >> how they have done it. >> >> Your help guys would be mostly appreciated. >> >> Best Regards, >> >> Mark >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> >> =20 > > > > =20 --=20 Best Wishes, Stefan Lambrev ICQ# 24134177 From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 18:55:38 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 619411065670 for ; Wed, 9 Jul 2008 18:55:38 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB788FC21 for ; Wed, 9 Jul 2008 18:55:38 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 59A121EE84A for ; Wed, 9 Jul 2008 20:29:22 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.288 X-Spam-Level: ** X-Spam-Status: No, score=2.288 tagged_above=-999 required=4.2 tests=[AWL=-0.881, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQeRlaOl01VA for ; Wed, 9 Jul 2008 20:29:13 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 9E3381EE865 for ; Wed, 9 Jul 2008 20:29:13 +0200 (CEST) Message-ID: <48750381.1030004@eskk.nu> Date: Wed, 09 Jul 2008 20:29:21 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 18:55:38 -0000 Hello When I boot the machine where pf is installed, every thing I can see looks ok. It's hard to read the text scrolling on the screen and the information concerning pf is not to be found in /var/log/messages. Anyway I have one PC on the inside and it takes some time before it's able to reach the outside world. I can speed up the process by making a change to pf.conf and then use the command pfctl -f /etc/pf.conf. Another thing I see is that for example I add log (all) to one of my filters and do pfctl -f /etc/pf.conf, then later I remove it again and do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0 still shows packages as if it had not refreshed and still have the "log (all)" active. I know my problems is a little bit unclear but I hope someone will help my solving this behaviour in the right way. Thanks /Leslie ----------- My pf.conf -------------------- # macros int_if="xl0" ext_if="bfe0" tcp_services="{ 22 }" tcp_priv_services="{ 389, 443 }" icmp_types="echoreq" # tables table { something.somewhere.com, somethingelse.somewhere.com, xxx.yyy.zzz.qqq } # options set block-policy return set loginterface $ext_if set skip on lo0 # scrub scrub in # ext_if IP address could be dynamic, hence ($ext_if) nat on $ext_if from !($ext_if) to any -> ($ext_if) # filter rules block in log (all) on $ext_if pass out keep state # Let the goodguys access the machine from the outside pass in on $ext_if inet proto tcp from to ($ext_if) \ port $tcp_services flags S/SA keep state # ICMP traffic needs to be passed: pass inet proto icmp all icmp-type $icmp_types keep state # traffic must be passed to and from the internal network pass in quick on $int_if -------------------------------------------- From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 23:25:39 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9C371065670 for ; Wed, 9 Jul 2008 23:25:39 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay1-bcrtfl2.verio.net (relay1-bcrtfl2.verio.net [131.103.218.142]) by mx1.freebsd.org (Postfix) with ESMTP id 5EB468FC15 for ; Wed, 9 Jul 2008 23:25:39 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (iad-wprd-xchw01.corp.verio.net [198.87.7.164]) by relay1-bcrtfl2.verio.net (Postfix) with ESMTP id 4EAA7B038094 for ; Wed, 9 Jul 2008 18:54:25 -0400 (EDT) thread-index: AcjiFrvl8SCtCzbfQ4yCXR8fdgpO+w== Received: from limbo.int.dllstx01.us.it.verio.net ([10.10.10.11]) by iad-wprd-xchw01.corp.verio.net with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jul 2008 18:54:24 -0400 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 771CC8E29B; Wed, 9 Jul 2008 17:54:24 -0500 (CDT) Date: Wed, 9 Jul 2008 17:54:24 -0500 From: "David DeSimone" Content-Transfer-Encoding: 7bit To: Message-ID: <20080709225423.GB1011@verio.net> Mail-Followup-To: freebsd-pf@freebsd.org Content-Class: urn:content-classes:message Importance: normal Priority: normal References: <48750381.1030004@eskk.nu> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992 MIME-Version: 1.0 Content-Type: text/plain; x-action=pgp-signed; charset="us-ascii" Content-Disposition: inline In-Reply-To: <48750381.1030004@eskk.nu> Precedence: bulk User-Agent: Mutt/1.5.9i X-OriginalArrivalTime: 09 Jul 2008 22:54:24.0884 (UTC) FILETIME=[BBD9F340:01C8E216] Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 23:25:39 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leslie Jensen wrote: > > # tables > table { something.somewhere.com, somethingelse.somewhere.com, > xxx.yyy.zzz.qqq } This looks like the problem. You have put hostnames in your pf.conf. While this is supported, hostname lookups at boot time are problematic because the network is just getting started. Nameservers are not always immediately reachable, so these name lookups will stall out. I recommend you put IP addresses in your pf.conf so that it can be loaded without waiting for a nameserver. Alternatively, put these hostnames (and IP's) in your /etc/hosts file. - -- David DeSimone == Network Admin == fox@verio.net "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFIdUGfFSrKRjX5eCoRAjZBAKCVjmLXTht41z8OVtUIAdjxEbhmyACgpSkr kpKtjfEnBwMxdDhe30pVxpI= =hFXu -----END PGP SIGNATURE----- This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you. From owner-freebsd-pf@FreeBSD.ORG Wed Jul 9 23:48:13 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C72FB106566C for ; Wed, 9 Jul 2008 23:48:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.174]) by mx1.freebsd.org (Postfix) with ESMTP id 506ED8FC19 for ; Wed, 9 Jul 2008 23:48:13 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-002-082.pools.arcor-ip.net [88.66.2.82]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1KGjON3XLG-0007Wf; Thu, 10 Jul 2008 01:48:12 +0200 Received: (qmail 24265 invoked from network); 9 Jul 2008 23:48:10 -0000 Received: from myhost.laiers.local (192.168.4.151) by router.laiers.local with SMTP; 9 Jul 2008 23:48:10 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Thu, 10 Jul 2008 01:45:26 +0200 User-Agent: KMail/1.9.9 References: <48750381.1030004@eskk.nu> In-Reply-To: <48750381.1030004@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807100145.26576.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18ns9oHVreTLXKOy9oSNrkenk4IT2vs1a2mF2c YMn15VaZfl0fBtWXQo3BgjIDE19glGe7NRf/kwLQz62+iv+Qed NXBgizAB161lCff1V2Lhg== Cc: Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2008 23:48:13 -0000 On Wednesday 09 July 2008 20:29:21 Leslie Jensen wrote: > Anyway I have one PC on the inside and it takes some time before it's > able to reach the outside world. What David said. > Another thing I see is that for example I add log (all) to one of my > filters and do pfctl -f /etc/pf.conf, then later I remove it again and > do pfctl -f /etc/pf.conf. The output from tcpdump -n -e -ttt -i pflog0 > still shows packages as if it had not refreshed and still have the "log > (all)" active. That's expected. The rule will create a state with the "log (all)" flag set. When you reload the ruleset no more new states will be created with that flag, but the existing states stick around and keep logging all packets. You can either "pfctl -Fstates" or simply wait until they die off on their own. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 09:15:50 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28104106567B for ; Thu, 10 Jul 2008 09:15:50 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id DABA38FC27 for ; Thu, 10 Jul 2008 09:15:49 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id C9C331EE91E for ; Thu, 10 Jul 2008 11:15:45 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: YES X-Spam-Score: 5.375 X-Spam-Level: ***** X-Spam-Status: Yes, score=5.375 tagged_above=-999 required=4.2 tests=[AWL=-3.965, HELO_LH_HOME=3.169, URIBL_AB_SURBL=1.613, URIBL_PH_SURBL=2.035, URIBL_SC_SURBL=2.523] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A9lmeprEtwxX for ; Thu, 10 Jul 2008 11:15:37 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 8EE7B1EE8AB for ; Thu, 10 Jul 2008 11:15:37 +0200 (CEST) Message-ID: <4875D33C.2010506@eskk.nu> Date: Thu, 10 Jul 2008 11:15:40 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> In-Reply-To: <20080709225423.GB1011@verio.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: ***SPAM*** Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 09:15:50 -0000 David DeSimone skrev: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Leslie Jensen wrote: >> # tables >> table { something.somewhere.com, somethingelse.somewhere.com, >> xxx.yyy.zzz.qqq } > > This looks like the problem. You have put hostnames in your pf.conf. > While this is supported, hostname lookups at boot time are problematic > because the network is just getting started. Nameservers are not always > immediately reachable, so these name lookups will stall out. > > I recommend you put IP addresses in your pf.conf so that it can be > loaded without waiting for a nameserver. > > Alternatively, put these hostnames (and IP's) in your /etc/hosts file. Oh, I didn't know that! Can you tell me how to handle this? The problem is these hosts are not fixed IP's so they use no-ip (http://www.no-ip.com/) to provide a fixed address. Thanks /Leslie From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 09:23:27 2008 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B1181065678; Thu, 10 Jul 2008 09:23:27 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6FA0F8FC0C; Thu, 10 Jul 2008 09:23:27 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m6A9NRDh072696; Thu, 10 Jul 2008 09:23:27 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m6A9NRqC072692; Thu, 10 Jul 2008 09:23:27 GMT (envelope-from linimon) Date: Thu, 10 Jul 2008 09:23:27 GMT Message-Id: <200807100923.m6A9NRqC072692@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-pf@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/125467: [pf] pf keep state bug while handling sessions between vlan trunk X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 09:23:28 -0000 Old Synopsis: pf keep state bug while handling sessions between vlan trunk New Synopsis: [pf] pf keep state bug while handling sessions between vlan trunk Responsible-Changed-From-To: freebsd-bugs->freebsd-pf Responsible-Changed-By: linimon Responsible-Changed-When: Thu Jul 10 09:22:47 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=125467 From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 10:15:36 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 069051065674 for ; Thu, 10 Jul 2008 10:15:36 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from eta.smtp.skif.com.ua (eta.smtp.skif.com.ua [91.90.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id B8FAB8FC28 for ; Thu, 10 Jul 2008 10:15:35 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from den.unicom (shota20b-unicom.skif.com.ua [91.90.21.238]) by smtp.skif.com.ua (Postfix) with ESMTP id 02CF23F97A for ; Thu, 10 Jul 2008 12:57:58 +0300 (EEST) Date: Thu, 10 Jul 2008 12:55:42 +0300 From: "Dennis" X-Priority: 3 (Normal) Message-ID: <3910389261.20080710125542@mail.ru> To: freebsd-pf@freebsd.org In-Reply-To: <4875D33C.2010506@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: ***SPAM*** Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Nobody A. Unknown" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 10:15:36 -0000 LJ> David DeSimone skrev: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Leslie Jensen wrote: >>> # tables >>> table { something.somewhere.com, somethingelse.somewhere.com, >>> xxx.yyy.zzz.qqq } >> >> This looks like the problem. You have put hostnames in your pf.conf. >> While this is supported, hostname lookups at boot time are problematic >> because the network is just getting started. Nameservers are not always >> immediately reachable, so these name lookups will stall out. >> >> I recommend you put IP addresses in your pf.conf so that it can be >> loaded without waiting for a nameserver. >> >> Alternatively, put these hostnames (and IP's) in your /etc/hosts file. LJ> Oh, I didn't know that! Can you tell me how to handle this? LJ> The problem is these hosts are not fixed IP's so they use no-ip LJ> (http://www.no-ip.com/) to provide a fixed address. It's possible to populate the table after network initialized and all other cervices are up. Just place empty table table persist in your pf.conf and pfctl -t goodguys -T add \ something.somewhere.com \ somethingelse.somewhere.com \ xxx.yyy.zzz.qqq & into your /etc/rc.local, so pf will start up without delays. Regards, Dennis From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 12:15:23 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AE041065679 for ; Thu, 10 Jul 2008 12:15:23 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 62E378FC0C for ; Thu, 10 Jul 2008 12:15:23 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 62F921EE875; Thu, 10 Jul 2008 14:15:18 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.293 X-Spam-Level: ** X-Spam-Status: No, score=2.293 tagged_above=-999 required=4.2 tests=[AWL=-0.876, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GB-07NXG3IiQ; Thu, 10 Jul 2008 14:15:10 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 3C1061EE8EB; Thu, 10 Jul 2008 14:15:10 +0200 (CEST) Message-ID: <4875FD52.1090201@eskk.nu> Date: Thu, 10 Jul 2008 14:15:14 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: "Nobody A. Unknown" References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> In-Reply-To: <3910389261.20080710125542@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 12:15:23 -0000 Dennis skrev: > LJ> Oh, I didn't know that! Can you tell me how to handle this? > > LJ> The problem is these hosts are not fixed IP's so they use no-ip > LJ> (http://www.no-ip.com/) to provide a fixed address. > > It's possible to populate the table after network initialized and all > other cervices are up. Just place empty table > > table persist > > in your pf.conf and > > pfctl -t goodguys -T add \ > something.somewhere.com \ > somethingelse.somewhere.com \ > xxx.yyy.zzz.qqq & > > into your /etc/rc.local, so pf will start up without delays. > > Regards, > Dennis > Thanks Dennis. I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing must go somewhere else, do you know where? /Leslie From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 12:24:39 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 401691065671 for ; Thu, 10 Jul 2008 12:24:39 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 07D798FC15 for ; Thu, 10 Jul 2008 12:24:39 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 145CE1EE964; Thu, 10 Jul 2008 14:24:34 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.293 X-Spam-Level: ** X-Spam-Status: No, score=2.293 tagged_above=-999 required=4.2 tests=[AWL=-0.876, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6xz04W7aRS0; Thu, 10 Jul 2008 14:24:25 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 00B481EE96B; Thu, 10 Jul 2008 14:24:24 +0200 (CEST) Message-ID: <4875FF7D.8050304@eskk.nu> Date: Thu, 10 Jul 2008 14:24:29 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: "Nobody A. Unknown" References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> In-Reply-To: <4875FD52.1090201@eskk.nu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 12:24:39 -0000 Leslie Jensen skrev: > > Dennis skrev: > >> LJ> Oh, I didn't know that! Can you tell me how to handle this? >> >> LJ> The problem is these hosts are not fixed IP's so they use no-ip >> LJ> (http://www.no-ip.com/) to provide a fixed address. >> >> It's possible to populate the table after network initialized and all >> other cervices are up. Just place empty table >> >> table persist >> >> in your pf.conf and >> >> pfctl -t goodguys -T add \ >> something.somewhere.com \ >> somethingelse.somewhere.com \ >> xxx.yyy.zzz.qqq & >> >> into your /etc/rc.local, so pf will start up without delays. >> >> Regards, >> Dennis >> > > > Thanks Dennis. > > I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing > must go somewhere else, do you know where? > > /Leslie Sorry!!!! I had to create the file. If I've understood this right this will only be right at the time the machine starts. How do I get to know if the hosts changes their addresses. Should I invoke a cron job that does the same as you suggested? Thanks /Leslie From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 12:46:31 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C99C106568F for ; Thu, 10 Jul 2008 12:46:31 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.184]) by mx1.freebsd.org (Postfix) with ESMTP id C1D388FC14 for ; Thu, 10 Jul 2008 12:46:30 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by gv-out-0910.google.com with SMTP id n8so512283gve.39 for ; Thu, 10 Jul 2008 05:46:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer; bh=Rq7nPNpgZitZ8TUV5KHJmphqEDpBZMBSE7gqxIV6HAc=; b=kuPnR8ltnfZ0QsoBWUTpNV8Kne2V9SJgiRZmLPX/f0KanJyUBIr50lQ8g+q5lBO5lG +tsftaxNGDqw9+G2IZh88H+0XIe4zreY9AzrruFr3ZFFCDU/K1/Bhqc3ZO3ZJHxO3x/a WNsNalvkFLShiqARQ1rKObh+4a1MELaydc6nc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer; b=mmxS+0+hswCkkK0lMIfMoZS6ELnJmpxO52DtkkeWQ7m9UpPSm+0AFN6ZNXASByPl+v bsoimLKgeeoJvoly7RTLDy5Hj5ZOdUQdSJwmRIUbY/pDnhl/axOOpDQhU11tasJP+tCA aeip9xJIocBFuRzpV7Mc48PO6NI9EhjdtKuvg= Received: by 10.125.142.5 with SMTP id u5mr2535731mkn.105.1215692429121; Thu, 10 Jul 2008 05:20:29 -0700 (PDT) Received: from ?127.0.0.1? ( [217.206.187.80]) by mx.google.com with ESMTPS id 38sm6693805hua.42.2008.07.10.05.20.26 (version=SSLv3 cipher=RC4-MD5); Thu, 10 Jul 2008 05:20:28 -0700 (PDT) From: Tom Evans To: Leslie Jensen In-Reply-To: <4875FD52.1090201@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-IhCyyuuDY9OZvsPZJWpt" Date: Thu, 10 Jul 2008 13:20:23 +0100 Message-Id: <1215692423.35536.73.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 FreeBSD GNOME Team Port Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 12:46:31 -0000 --=-IhCyyuuDY9OZvsPZJWpt Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2008-07-10 at 14:15 +0200, Leslie Jensen wrote: > Thanks Dennis. >=20 > I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing=20 > must go somewhere else, do you know where? >=20 > /Leslie >=20 It still applies to FreeBSD 7. Create /etc/rc.local if it doesn't exist. It is started (well, sourced) by /etc/rc.d/local Tom --=-IhCyyuuDY9OZvsPZJWpt Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkh1/oQACgkQlcRvFfyds/fmvgCfYaPU0/wk2+eyhpXJ551z90uO vVwAn0xSTgU7n8MZNNerG9Aq1GYuan/w =CPqD -----END PGP SIGNATURE----- --=-IhCyyuuDY9OZvsPZJWpt-- From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 13:01:34 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67A84106566B for ; Thu, 10 Jul 2008 13:01:34 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from eta.smtp.skif.com.ua (eta.smtp.skif.com.ua [91.90.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id 2A8C38FC0C for ; Thu, 10 Jul 2008 13:01:33 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from den.unicom (shota20b-unicom.skif.com.ua [91.90.21.238]) by smtp.skif.com.ua (Postfix) with ESMTP id 5B4FE3F7B9; Thu, 10 Jul 2008 16:03:48 +0300 (EEST) Date: Thu, 10 Jul 2008 16:01:32 +0300 From: Dennis X-Priority: 3 (Normal) Message-ID: <101002322.20080710160132@mail.ru> To: Leslie Jensen In-Reply-To: <4875FF7D.8050304@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re[2]: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Nobody A. Unknown" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 13:01:34 -0000 LJ> Leslie Jensen skrev: >> >> Dennis skrev: >> >>> LJ> Oh, I didn't know that! Can you tell me how to handle this? >>> >>> LJ> The problem is these hosts are not fixed IP's so they use no-ip >>> LJ> (http://www.no-ip.com/) to provide a fixed address. >>> >>> It's possible to populate the table after network initialized and all >>> other cervices are up. Just place empty table >>> >>> table persist >>> >>> in your pf.conf and >>> >>> pfctl -t goodguys -T add \ >>> something.somewhere.com \ >>> somethingelse.somewhere.com \ >>> xxx.yyy.zzz.qqq & >>> >>> into your /etc/rc.local, so pf will start up without delays. >>> >> >> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >> must go somewhere else, do you know where? >> LJ> If I've understood this right this will only be right at the time the LJ> machine starts. How do I get to know if the hosts changes their LJ> addresses. Should I invoke a cron job that does the same as you suggested? LJ> Thanks Yes. Also you would have to clear the table before loading new IP addresses into it. Querying authoritative server with, for example `nslookup`, instead of relying on local resolver would make this thing more robust. Regards, Dennis. From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 13:52:41 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFFE51065693 for ; Thu, 10 Jul 2008 13:52:41 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 97A228FC16 for ; Thu, 10 Jul 2008 13:52:41 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id D0A611EE86C; Thu, 10 Jul 2008 15:52:35 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.294 X-Spam-Level: ** X-Spam-Status: No, score=2.294 tagged_above=-999 required=4.2 tests=[AWL=-0.875, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtHjbp37SMAs; Thu, 10 Jul 2008 15:52:27 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 33A711EE8E5; Thu, 10 Jul 2008 15:52:27 +0200 (CEST) Message-ID: <4876141F.6060202@eskk.nu> Date: Thu, 10 Jul 2008 15:52:31 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: "Nobody A. Unknown" References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> <101002322.20080710160132@mail.ru> In-Reply-To: <101002322.20080710160132@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 13:52:41 -0000 >>>> in your pf.conf and >>>> >>>> pfctl -t goodguys -T add \ >>>> something.somewhere.com \ >>>> somethingelse.somewhere.com \ >>>> xxx.yyy.zzz.qqq & >>>> >>>> into your /etc/rc.local, so pf will start up without delays. >>>> >>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >>> must go somewhere else, do you know where? >>> > LJ> If I've understood this right this will only be right at the time the > LJ> machine starts. How do I get to know if the hosts changes their > LJ> addresses. Should I invoke a cron job that does the same as you suggested? > LJ> Thanks > > Yes. Also you would have to clear the table before loading new IP > addresses into it. Querying authoritative server with, for example > `nslookup`, instead of relying on local resolver would make this thing > more robust. > > Regards, > Dennis. Thank you Dennis. I've started on a script to run as root fron cron. I need a little help to invoke the nslookup function and make it go into the goodguys table. The flushing part I've got ;-) But then what do I do? ---------------------------- #!/bin/sh pfctl -F Tables ---------------------------- Thanks /Leslie From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 14:04:55 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F15F1065672 for ; Thu, 10 Jul 2008 14:04:55 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 46C518FC20 for ; Thu, 10 Jul 2008 14:04:55 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id A1AF71EE98E; Thu, 10 Jul 2008 16:04:49 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.294 X-Spam-Level: ** X-Spam-Status: No, score=2.294 tagged_above=-999 required=4.2 tests=[AWL=-0.875, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTvtb4tmAlds; Thu, 10 Jul 2008 16:04:40 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id C8FB71EE997; Thu, 10 Jul 2008 16:04:40 +0200 (CEST) Message-ID: <487616FD.7010905@eskk.nu> Date: Thu, 10 Jul 2008 16:04:45 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: Tom Evans References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <1215692423.35536.73.camel@localhost> In-Reply-To: <1215692423.35536.73.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 14:04:55 -0000 > > It still applies to FreeBSD 7. Create /etc/rc.local if it doesn't exist. > It is started (well, sourced) by /etc/rc.d/local > > Tom After some Googling I found this article http://www.freebsddiary.org/startup.php I suggests that one should not use /etc/rc.local ! /Leslie From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 14:51:08 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A6561065689 for ; Thu, 10 Jul 2008 14:51:08 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from eta.smtp.skif.com.ua (eta.smtp.skif.com.ua [91.90.18.1]) by mx1.freebsd.org (Postfix) with ESMTP id 1C3838FC15 for ; Thu, 10 Jul 2008 14:51:07 +0000 (UTC) (envelope-from hideous@mail.ru) Received: from den.unicom (shota20b-unicom.skif.com.ua [91.90.21.238]) by smtp.skif.com.ua (Postfix) with ESMTP id 41BAE3F89A; Thu, 10 Jul 2008 17:53:23 +0300 (EEST) Date: Thu, 10 Jul 2008 17:51:06 +0300 From: Dennis X-Priority: 3 (Normal) Message-ID: <1188419671.20080710175106@mail.ru> To: Leslie Jensen In-Reply-To: <4876141F.6060202@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <4875FF7D.8050304@eskk.nu> <101002322.20080710160132@mail.ru> <4876141F.6060202@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re[2]: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Nobody A. Unknown" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 14:51:08 -0000 >>>>> in your pf.conf and >>>>> >>>>> pfctl -t goodguys -T add \ >>>>> something.somewhere.com \ >>>>> somethingelse.somewhere.com \ >>>>> xxx.yyy.zzz.qqq & >>>>> >>>>> into your /etc/rc.local, so pf will start up without delays. >>>>> >>>> I forgot to mention that I'm on a FreeBSD 7 system so the rc.local thing >>>> must go somewhere else, do you know where? >>>> >> LJ> If I've understood this right this will only be right at the time the >> LJ> machine starts. How do I get to know if the hosts changes their >> LJ> addresses. Should I invoke a cron job that does the same as you suggested? >> LJ> Thanks >> >> Yes. Also you would have to clear the table before loading new IP >> addresses into it. Querying authoritative server with, for example >> `nslookup`, instead of relying on local resolver would make this thing >> more robust. >> >> Regards, >> Dennis. LJ> Thank you Dennis. LJ> I've started on a script to run as root fron cron. LJ> I need a little help to invoke the nslookup function and make it go into LJ> the goodguys table. LJ> The flushing part I've got ;-) LJ> But then what do I do? LJ> ---------------------------- LJ> #!/bin/sh LJ> pfctl -F Tables LJ> ---------------------------- LJ> Thanks LJ> /Leslie ( cat goodguys.names | ( xargs -n1 -J% nslookup % nf2.no-ip.com ) | egrep -o '(([[:digit:]])+\.){3}[[:digit:]]+$' | xargs -J% pfctl -t aaa -T add % ) & of course, utilities and files should have full paths in their names for a script. Regards, Dennis. From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 15:01:50 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD6211065672 for ; Thu, 10 Jul 2008 15:01:50 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.186]) by mx1.freebsd.org (Postfix) with ESMTP id 6C8808FC2A for ; Thu, 10 Jul 2008 15:01:50 +0000 (UTC) (envelope-from tevans.uk@googlemail.com) Received: by fk-out-0910.google.com with SMTP id k31so1769280fkk.11 for ; Thu, 10 Jul 2008 08:01:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer; bh=BAhTt5G3kNkSX9HzghOrWWsnH2cabnaW/OzaZ0BY4uM=; b=Hhbf/L+SRzyaXGHx99Yt+Tz8GKNKexdVdTrIuv4P40huc49hL8lsVskpRX51DuHLF7 5NhyluoWPLbCFmFm9jrYADm2KrHBgiA4r+3ie2GPpxguXUGL0a2BID9bdVtNWVafh5Rt gWB4VXtE54uaWcvDlgdBe4iPzrY9vRl9+56Io= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer; b=pGxjsAE79VRyeu1AX4ZV1Ktjp0OEak4R+Rxvq1oNx9bwtE1fJFlxyeQc2aqOJtUyO6 r3OGSfqAOTeCBXFR12UJLZNbxllI0HZlTwDbM0KsxA8FCEQAokwDG/DJ810ofZ5ZbNMj ZTe/H+/tNKNlVw4bnjN5bfzNV5RezXEFawrA4= Received: by 10.78.143.13 with SMTP id q13mr884125hud.0.1215702108645; Thu, 10 Jul 2008 08:01:48 -0700 (PDT) Received: from ?127.0.0.1? ( [217.206.187.80]) by mx.google.com with ESMTPS id 38sm296305hua.42.2008.07.10.08.01.46 (version=SSLv3 cipher=RC4-MD5); Thu, 10 Jul 2008 08:01:47 -0700 (PDT) From: Tom Evans To: Leslie Jensen In-Reply-To: <487616FD.7010905@eskk.nu> References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <1215692423.35536.73.camel@localhost> <487616FD.7010905@eskk.nu> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-v9TRbDJ0ai+ODsfBNRzW" Date: Thu, 10 Jul 2008 16:01:43 +0100 Message-Id: <1215702103.35536.77.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 FreeBSD GNOME Team Port Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 15:01:51 -0000 --=-v9TRbDJ0ai+ODsfBNRzW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2008-07-10 at 16:04 +0200, Leslie Jensen wrote: > >=20 > > It still applies to FreeBSD 7. Create /etc/rc.local if it doesn't exist= . > > It is started (well, sourced) by /etc/rc.d/local > >=20 > > Tom >=20 > After some Googling I found this article >=20 > http://www.freebsddiary.org/startup.php >=20 > I suggests that one should not use /etc/rc.local ! >=20 > /Leslie >=20 In this case, I'd still use rc.local, regardless of what that says. A full fledged rc script is unnecessary for something this trivial and transient. IMHO :) Tom --=-v9TRbDJ0ai+ODsfBNRzW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkh2JFQACgkQlcRvFfyds/ddJACghCL6FhrD4nCRhXGI0+BFWLEF EcgAn1nZ8YjpZO+FHp3vkNi/mb9345lK =5qDw -----END PGP SIGNATURE----- --=-v9TRbDJ0ai+ODsfBNRzW-- From owner-freebsd-pf@FreeBSD.ORG Thu Jul 10 15:16:12 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45A911065679 for ; Thu, 10 Jul 2008 15:16:12 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id 0C8558FC24 for ; Thu, 10 Jul 2008 15:16:11 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 9B31D1EE8E5; Thu, 10 Jul 2008 17:16:05 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.295 X-Spam-Level: ** X-Spam-Status: No, score=2.295 tagged_above=-999 required=4.2 tests=[AWL=-0.874, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MoObPE64KB4p; Thu, 10 Jul 2008 17:15:51 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 2D1451EE82A; Thu, 10 Jul 2008 17:15:51 +0200 (CEST) Message-ID: <487627AC.9050000@eskk.nu> Date: Thu, 10 Jul 2008 17:15:56 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: Tom Evans References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> <4875FD52.1090201@eskk.nu> <1215692423.35536.73.camel@localhost> <487616FD.7010905@eskk.nu> <1215702103.35536.77.camel@localhost> In-Reply-To: <1215702103.35536.77.camel@localhost> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2008 15:16:12 -0000 Tom Evans skrev: > On Thu, 2008-07-10 at 16:04 +0200, Leslie Jensen wrote: >>> It still applies to FreeBSD 7. Create /etc/rc.local if it doesn't exist. >>> It is started (well, sourced) by /etc/rc.d/local >>> >>> Tom >> After some Googling I found this article >> >> http://www.freebsddiary.org/startup.php >> >> I suggests that one should not use /etc/rc.local ! >> >> /Leslie >> > > In this case, I'd still use rc.local, regardless of what that says. A > full fledged rc script is unnecessary for something this trivial and > transient. IMHO :) > > > Tom OK. I'm a newbie here so I listen to all the advise I can get. At times I find conflicting information when googling so I need to verify it. I'm thankful for your time and effort :-) /Leslie From owner-freebsd-pf@FreeBSD.ORG Fri Jul 11 07:16:41 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1673A106566C for ; Fri, 11 Jul 2008 07:16:41 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from hawk.thalamus.net (hawk.thalamus.net [212.31.160.3]) by mx1.freebsd.org (Postfix) with ESMTP id D4FAF8FC20 for ; Fri, 11 Jul 2008 07:16:40 +0000 (UTC) (envelope-from leslie@eskk.nu) Received: from localhost (localhost.thalamus.net [127.0.0.1]) by hawk.thalamus.net (Postfix) with ESMTP id 53D8B1EE852; Fri, 11 Jul 2008 09:16:37 +0200 (CEST) X-Virus-Scanned: by amavisd-new at thalamus.net X-Spam-Flag: NO X-Spam-Score: 2.296 X-Spam-Level: ** X-Spam-Status: No, score=2.296 tagged_above=-999 required=4.2 tests=[AWL=-0.873, HELO_LH_HOME=3.169] Received: from hawk.thalamus.net ([127.0.0.1]) by localhost (hawk.thalamus.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhmoJf8xjW-Q; Fri, 11 Jul 2008 09:16:28 +0200 (CEST) Received: from lesbsdpc.homenet.home (c-195-216-040-164.static.bjare.net [195.216.40.164]) by hawk.thalamus.net (Postfix) with ESMTP id 427951EE84A; Fri, 11 Jul 2008 09:16:28 +0200 (CEST) Message-ID: <487708CE.2020302@eskk.nu> Date: Fri, 11 Jul 2008 09:16:30 +0200 From: Leslie Jensen User-Agent: Thunderbird 2.0.0.14 (X11/20080610) MIME-Version: 1.0 To: "Nobody A. Unknown" References: <48750381.1030004@eskk.nu> <20080709225423.GB1011@verio.net> <4875D33C.2010506@eskk.nu> <3910389261.20080710125542@mail.ru> In-Reply-To: <3910389261.20080710125542@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: New pf install on Freebsd7 seem to be a slow starter. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jul 2008 07:16:41 -0000 Dennis skrev: > It's possible to populate the table after network initialized and all > other cervices are up. Just place empty table > > table persist > > in your pf.conf and > > pfctl -t goodguys -T add \ > something.somewhere.com \ > somethingelse.somewhere.com \ > xxx.yyy.zzz.qqq & > > into your /etc/rc.local, so pf will start up without delays. > > Regards, > Dennis I tried this but I get no output other than what you can see below pfctl -T show -t goodguys No ALTQ support in kernel ALTQ related functions disabled Should there be something else in rc.local? /Leslie