From owner-freebsd-pf@FreeBSD.ORG Mon Sep 20 04:49:12 2010 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57B011065670; Mon, 20 Sep 2010 04:49:12 +0000 (UTC) (envelope-from jpaetzel@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EC3598FC08; Mon, 20 Sep 2010 04:49:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8K4nBNS082928; Mon, 20 Sep 2010 04:49:11 GMT (envelope-from jpaetzel@freefall.freebsd.org) Received: (from jpaetzel@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8K4nBLN082924; Mon, 20 Sep 2010 04:49:11 GMT (envelope-from jpaetzel) Date: Mon, 20 Sep 2010 04:49:11 GMT Message-Id: <201009200449.o8K4nBLN082924@freefall.freebsd.org> To: josh@tcbug.org, jpaetzel@FreeBSD.org, freebsd-pf@FreeBSD.org From: jpaetzel@FreeBSD.org Cc: Subject: Re: kern/121704: [pf] PF mangles loopback packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2010 04:49:12 -0000 Synopsis: [pf] PF mangles loopback packets State-Changed-From-To: open->closed State-Changed-By: jpaetzel State-Changed-When: Mon Sep 20 04:47:28 UTC 2010 State-Changed-Why: This hardware and FreeBSD version are long gone. http://www.freebsd.org/cgi/query-pr.cgi?pr=121704 From owner-freebsd-pf@FreeBSD.ORG Mon Sep 20 11:07:01 2010 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 86951106566B for ; Mon, 20 Sep 2010 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 747188FC1D for ; Mon, 20 Sep 2010 11:07:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o8KB71hH015031 for ; Mon, 20 Sep 2010 11:07:01 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o8KB70Dp015029 for freebsd-pf@FreeBSD.org; Mon, 20 Sep 2010 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 20 Sep 2010 11:07:00 GMT Message-Id: <201009201107.o8KB70Dp015029@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2010 11:07:01 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. From owner-freebsd-pf@FreeBSD.ORG Tue Sep 21 12:37:38 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F381E106567A for ; Tue, 21 Sep 2010 12:37:37 +0000 (UTC) (envelope-from nico@elico-it.be) Received: from zimbra-mx1.xenco.net (zimbra-mx1.xenco.net [79.132.229.23]) by mx1.freebsd.org (Postfix) with ESMTP id 74BB58FC21 for ; Tue, 21 Sep 2010 12:37:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zimbra-mx1.xenco.net (Postfix) with ESMTP id 6989C47803E for ; Tue, 21 Sep 2010 14:19:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at xenco.net Received: from zimbra-mx1.xenco.net ([127.0.0.1]) by localhost (zimbra-mx1.xenco.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5+aQc9lag0sY for ; Tue, 21 Sep 2010 14:19:41 +0200 (CEST) Received: from zimbra-store.xenco.net (unknown [172.28.70.27]) by zimbra-mx1.xenco.net (Postfix) with ESMTP id DD5F347821B for ; Tue, 21 Sep 2010 14:19:39 +0200 (CEST) Date: Tue, 21 Sep 2010 14:19:38 +0200 (CEST) From: Nico De Dobbeleer To: freebsd-pf@freebsd.org Message-ID: <26751802.33152.1285071578862.JavaMail.root@zimbra-store> In-Reply-To: <1448129.33143.1285071303927.JavaMail.root@zimbra-store> MIME-Version: 1.0 X-Originating-IP: [195.13.1.169] X-Mailer: Zimbra 6.0.7_GA_2473.DEBIAN5 (ZimbraWebClient - FF3.0 ([unknown])/6.0.7_GA_2473.DEBIAN5) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: spamd + pf but with bridging X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 12:37:38 -0000 Hello, I've a question. I'm using a freebsd with pf firewall as an shared firewall (customers need pubip's) so there's a bridge between the external and internal interface with no ip's defined. There's also an management interface mng_if for me to log on to the firewall. I want now to setup spamd on the firewall but when I'm redirecting to the external interface: # redirect to spamd rdr pass inet proto tcp from to $ext_if port \ smtp -> 127.0.0.1 port smtp rdr pass inet proto tcp from to $ext_if port \ smtp -> 127.0.0.1 port spamd rdr pass inet proto tcp from ! to $ext_if port \ smtp -> 127.0.0.1 port spamd # mail! pass in log inet proto tcp from any to $ext_if port smtp flags S/SA \ synproxy state pass out log inet proto tcp from $ext_if to any port smtp flags S/SA \ synproxy state He gives me the following errors: firewall# pfctl -f /etc/pf-bridge.conf no IP address found for em0 /etc/pf-bridge.conf:119: could not parse host specification no IP address found for em0 /etc/pf-bridge.conf:120: could not parse host specification no IP address found for em0 /etc/pf-bridge.conf:121: could not parse host specification no IP address found for em0 /etc/pf-bridge.conf:124: could not parse host specification no IP address found for em0 /etc/pf-bridge.conf:125: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded When I'm setting it to the mng_if (which has an ip but is not used to bridge traffic, it's ok but seems there's no traffic going over mng_if it useless. Anyone an Idea? With kind regards, Nico De Dobbeleer