From owner-freebsd-pf@FreeBSD.ORG Mon Apr 18 11:07:05 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A03A51065746 for ; Mon, 18 Apr 2011 11:07:05 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 81A6C8FC17 for ; Mon, 18 Apr 2011 11:07:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p3IB75la019570 for ; Mon, 18 Apr 2011 11:07:05 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p3IB74Uj019568 for freebsd-pf@FreeBSD.org; Mon, 18 Apr 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Apr 2011 11:07:04 GMT Message-Id: <201104181107.p3IB74Uj019568@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Apr 2011 11:07:06 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 46 problems total. From owner-freebsd-pf@FreeBSD.ORG Fri Apr 22 01:55:59 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AD99106566C for ; Fri, 22 Apr 2011 01:55:59 +0000 (UTC) (envelope-from fluxboxtremist@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id DC3928FC13 for ; Fri, 22 Apr 2011 01:55:58 +0000 (UTC) Received: by bwz12 with SMTP id 12so342659bwz.13 for ; Thu, 21 Apr 2011 18:55:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=6oqKVgXVOjit7/70cHhQFtTEToGF7wVV/lLjYXr+U6s=; b=gFZF0iU8nHue3IaIhdq0OLdeyGdn3AwSOYoJI0QNoSamXuZugWdmFGmdA5WD3OM1wi LpjyFRFjEOt8u46sxh6qJBcsNqoMSFTfZ3ITGTX+P093yT6e1SnqWDOKNBCe/muLqqJQ Xx9GKMpiR3cCBvJO1XYae+shtkKdoe8i1hE1A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=R2CWGFFwSEyqEz8WwADAyuPLRP5ZVI1BFCiRbwZnzn9R8RrEiP+O3orK33X3sFk4tA 9xctYAWKWxklCFFPVoVVXFwCeXr4upSn4QTQr2qNf226G/yJE2QjbOi+IbU2HFc0QYe0 ebLMC29is2RldF6zAk8+mAVVIU6xVJvLvjPBg= MIME-Version: 1.0 Received: by 10.204.118.211 with SMTP id w19mr514323bkq.83.1303435765470; Thu, 21 Apr 2011 18:29:25 -0700 (PDT) Received: by 10.204.68.19 with HTTP; Thu, 21 Apr 2011 18:29:25 -0700 (PDT) Date: Fri, 22 Apr 2011 01:29:25 +0000 Message-ID: From: Andres Chavez To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Killing states X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2011 01:55:59 -0000 hey guys, I'm wondering if there is any way to kill states with pfctl based on port numbers or mask (/etc/services) rather than with labels or hosts specification ? -- * * From owner-freebsd-pf@FreeBSD.ORG Fri Apr 22 03:27:29 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C469106564A for ; Fri, 22 Apr 2011 03:27:28 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7F9838FC13 for ; Fri, 22 Apr 2011 03:27:28 +0000 (UTC) Received: by iwn33 with SMTP id 33so340464iwn.13 for ; Thu, 21 Apr 2011 20:27:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:x-openpgp-key-id:x-openpgp-key-fingerprint :x-openpgp-key-url; bh=tulHf4R33Le+TpLzgfaN2hZIG1j480iRMj3KMzYzVP8=; b=MgBOJFS7CUbGG7uFSNYwy8zNH1+YgmnmqLDjSQiCmflZuIS6ePSeV8ZAaSPzpx/Mr8 xJUaWAGp2CPNenr+BYdGFbMJ7+qzf9U9bNEly0pTHP5vHmEwMdrDd+qnQXfna/QS7ToA 76N8Xd+CiZx8cUsHwT9su4YISw0VxMx4gNDsM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-openpgp-key-id :x-openpgp-key-fingerprint:x-openpgp-key-url; b=BFPG827bKjrpHByOs8W4FFlJoS6M1i7g2JfhJv1kpR+g4XZbKMq1aEEbxF9xq4Kt46 ODuSycBdUSbcxY47WOIl4gsXNCI6xuSnfOIx8lzjEC8Z2Y6Ns14f6iuGuBGDbiOYjlSC Tz8PsZoJWiomE/sPJo+UFJvQGUsqlxNQTZAaU= Received: by 10.42.76.73 with SMTP id d9mr809771ick.206.1303442847792; Thu, 21 Apr 2011 20:27:27 -0700 (PDT) Received: from DataIX.net ([99.190.84.116]) by mx.google.com with ESMTPS id y10sm990875iba.12.2011.04.21.20.27.25 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 21 Apr 2011 20:27:26 -0700 (PDT) Sender: "J. Hellenthal" Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.4/8.14.4) with ESMTP id p3M3RNat064703 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Apr 2011 23:27:23 -0400 (EDT) (envelope-from jhell@DataIX.net) Received: (from jhell@localhost) by DataIX.net (8.14.4/8.14.4/Submit) id p3M3RMcP064700; Thu, 21 Apr 2011 23:27:22 -0400 (EDT) (envelope-from jhell@DataIX.net) Date: Thu, 21 Apr 2011 23:27:22 -0400 From: "J. Hellenthal" To: Andres Chavez Message-ID: <20110422032722.GA60523@DataIX.net> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E X-OpenPGP-Key-URL: http://bit.ly/0x89D8547E Cc: freebsd-pf@freebsd.org Subject: Re: Killing states X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Apr 2011 03:27:29 -0000 --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable No pfctl(8) is pretty much correct on what it allows you to do. On Fri, Apr 22, 2011 at 01:29:25AM +0000, Andres Chavez wrote: >hey guys, I'm wondering if there is any way to kill states with pfctl bas= ed >on port numbers or mask (/etc/services) rather than with labels or hosts >specification ? > --=20 Regards, J. Hellenthal WWJD --9amGYk9869ThD9tj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) Comment: http://bit.ly/0x89D8547E iQEcBAEBAgAGBQJNsPWZAAoJEJBXh4mJ2FR+secIAJ1BNmpjxUH+s41jamy9oLJy oKpMTcFjXHHMUyR07UGD3HZHjsiMMRfjPcULutwLBgn8ywFRhSzc2c/e7MS3drmj cObslwSfVWf4YBuzp0jSZuSGtK9MTXoWlBG1/0Yg6IX9kq7MF1jLKVuCnfMORmDE YRcWjM6Nxg4CU2oX9Fhvk9jOuaNYk6MCLZ6kZmLIhqQDXBR/aNDQycvf0HrPAXsW +fljqW4owbCeq66ezRxvShb/SQblkLCkQfSSUk67Y1CghxlbkwGmtZZWCnuzuTiP IuQvxfLsPTDC6MU6HPcvtOhxXwtgegwE3EPPgsLkto5JDyQRHx4I0lFXeukXeh4= =bnx2 -----END PGP SIGNATURE----- --9amGYk9869ThD9tj--