From owner-freebsd-pf@FreeBSD.ORG Wed Jan 1 19:16:36 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7513162C; Wed, 1 Jan 2014 19:16:36 +0000 (UTC) Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by mx1.freebsd.org (Postfix) with ESMTP id 2A7C71DA0; Wed, 1 Jan 2014 19:16:35 +0000 (UTC) Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 29D01ECFF; Wed, 1 Jan 2014 14:16:29 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date :message-id:from:to:cc:subject:in-reply-to:references :mime-version:content-type:content-transfer-encoding; s=sasl; bh=XK2V2WKa+AhmN1Jw6V1jX/7Pq8M=; b=Kt16B2KgEtRdRRMvxIIMLxVYR+er RiLEs1r8PVKSugEnC+u5Xv/j83mdkJeIHVrSEtykGVlm5Gmgx1VET1QZjIpVKqlD k1S5gw2DNq4BZ5kS7osrOxfoQFr0z/flN4HoOzoMvvefwDWDPPqhArr/cbMNcJLB zjePVU4e8AJXWXA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:message-id :from:to:cc:subject:in-reply-to:references:mime-version :content-type:content-transfer-encoding; q=dns; s=sasl; b=OBHfWN 9RdGqfpmwqhz1Ze1TXmmWx7uJ59D5FYr5/TTY2wooGyadN6Qtqw/W1SiWoez4Lzh LkN7QFM+HInavhrevQemNr2TWAVDf93PcQRBFeWX1eFzEhiH9eS0i6rBqxW/AHpS fm2VBPhFO2xBMKYx/8r2sMv360iC44aWUvQCg= Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 21D34ECFE; Wed, 1 Jan 2014 14:16:29 -0500 (EST) Received: from bmach.nederware.nl (unknown [27.252.227.148]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPA id 947E5ECFD; Wed, 1 Jan 2014 14:16:28 -0500 (EST) Received: from quadrio.nederware.nl (quadrio.nederware.nl [192.168.33.13]) by bmach.nederware.nl (Postfix) with ESMTP id 52C403100E; Thu, 2 Jan 2014 08:16:26 +1300 (NZDT) Received: from quadrio.nederware.nl (quadrio.nederware.nl [127.0.0.1]) by quadrio.nederware.nl (Postfix) with ESMTP id 1032D4A15EA7; Thu, 2 Jan 2014 08:16:26 +1300 (NZDT) Date: Thu, 02 Jan 2014 08:16:21 +1300 Message-ID: <87a9ffcy2i.wl%berend@pobox.com> From: Berend de Boer To: Gleb Smirnoff Subject: Re: Network severely unstable 10.0-PRERELEASE In-Reply-To: <20131230191327.GC71033@glebius.int.ru> References: <87sitku33x.wl%berend@pobox.com> <20131225132752.GK71033@FreeBSD.org> <877gasu3oa.wl%berend@pobox.com> <20131226153155.GS71033@glebius.int.ru> <87ob3zcavs.wl%berend@pobox.com> <20131230191327.GC71033@glebius.int.ru> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.3 (i686-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Xplain Technology Ltd MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: multipart/signed; boundary="pgp-sign-Multipart_Thu_Jan__2_08:16:20_2014-1"; micalg=pgp-sha256; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit X-Pobox-Relay-ID: 370BDD14-7319-11E3-8613-873F0E5B5709-48001098!a-pb-sasl-quonix.pobox.com Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jan 2014 19:16:36 -0000 --pgp-sign-Multipart_Thu_Jan__2_08:16:20_2014-1 Content-Type: text/plain; charset=US-ASCII >>>>> "Gleb" == Gleb Smirnoff writes: Gleb> Can you please try attached patch? I hope it'll fix the Gleb> panic. Have been running this without the rule change, to see if it doesn't introduce any adverse effects. So far so good. When I'm back from holiday (this Saturday), I'll enable the bad keyword. Gleb> No idea on how good will your rule work, however. I have no idea either! A bit harder to test, the goal was to make games/voip udp work a bit better without having to allocate ports. I think I could just write: nat on egress from any to any -> (egress) round-robin sticky-address instead of what I have now: nat pass on egress proto udp from any port $voip_ports to any -> (egress) static-port nat pass on egress from any to any -> (egress) sticky-address -- All the best, Berend de Boer --pgp-sign-Multipart_Thu_Jan__2_08:16:20_2014-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit Content-Description: OpenPGP Digital Signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABCAAGBQJSxGmEAAoJEKOfeD48G3g52UYP/1eiejLLHh1f10TG8WZi2v+l bhjbdgarV9PR5lMmHi6rkthB+RXuG2ogBZKVX4XAQ/zC4ezu/e83SwvfP44d7ymh /bepDCnKuo2i7NV28XfpI9TDBO84+MMNyMeHYX5oAjF1RN58qh31WvwfxVyJrqbM HmVh/ZUWS/XDDNWrobwG8Ko1GUMJYUFga5T0bHajT+fLVgn/woJbDfMshQEv6x0H P+sUkcAfJ1Dxu74xxBIG/4fzqw1F2dFn6drg1poUy5nU/GyYlNojpwkfQmip3LPc CY+6AVYq0gGsdJfu4ixkIYCNWj0UVmkPaMT+GrevlQ8thJEG+CjY3jyJeSLJS+/h /gz7wCBjAuv8t5Ikr54BX6Y6izH5E997yRkOIbp87DUCjwgo/Hy7L35tuLPnIeOz 0G9h1u8oDGErkeKppq46FQDf4cntWtsrR7IGi4vTZICGsDSbvtPmIkgD7yCSN1zS rToTCr4NzSuiyWfhjvNDu0caIFhntnquhMzhXaBdczU1W3s2DtDPqxTcXOSNMT/W wbpg1qY0FyExSbFlH6zC/X6LfP0qfd4C2mahM15umJC3yNFFvBSNuH6lw88ZgQFM oiGsAMiiBIUg46Jjro+a9NPctlegNdXY/A4Fpfrr2gfj+g4mIvg8P+NW0BbPgRdo z49I0+WU9XCYQ7sCzAMp =35ki -----END PGP SIGNATURE----- --pgp-sign-Multipart_Thu_Jan__2_08:16:20_2014-1-- From owner-freebsd-pf@FreeBSD.ORG Wed Jan 1 21:50:03 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E324823 for ; Wed, 1 Jan 2014 21:50:03 +0000 (UTC) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CA4D01806 for ; Wed, 1 Jan 2014 21:50:01 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.7/8.14.7) with ESMTP id s01LnsXx048850 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 2 Jan 2014 01:49:54 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.7/8.14.7/Submit) id s01LnqSd048849; Thu, 2 Jan 2014 01:49:52 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 2 Jan 2014 01:49:52 +0400 From: Gleb Smirnoff To: Berend de Boer Subject: Re: Network severely unstable 10.0-PRERELEASE Message-ID: <20140101214952.GH71033@glebius.int.ru> References: <87sitku33x.wl%berend@pobox.com> <20131225132752.GK71033@FreeBSD.org> <877gasu3oa.wl%berend@pobox.com> <20131226153155.GS71033@glebius.int.ru> <87ob3zcavs.wl%berend@pobox.com> <20131230191327.GC71033@glebius.int.ru> <87a9ffcy2i.wl%berend@pobox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87a9ffcy2i.wl%berend@pobox.com> User-Agent: Mutt/1.5.22 (2013-10-16) Cc: freebsd-pf@freebsd.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jan 2014 21:50:03 -0000 On Thu, Jan 02, 2014 at 08:16:21AM +1300, Berend de Boer wrote: B> Gleb> Can you please try attached patch? I hope it'll fix the B> Gleb> panic. B> B> Have been running this without the rule change, to see if it doesn't B> introduce any adverse effects. So far so good. When I'm back from B> holiday (this Saturday), I'll enable the bad keyword. Good! Waiting for your feedback. Thanks! -- Totus tuus, Glebius. From owner-freebsd-pf@FreeBSD.ORG Fri Jan 3 09:43:57 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1CCB537E for ; Fri, 3 Jan 2014 09:43:57 +0000 (UTC) Received: from smtp07.bis7.eu.blackberry.com (smtp07.bis7.eu.blackberry.com [178.239.85.12]) by mx1.freebsd.org (Postfix) with ESMTP id AB7C61AFA for ; Fri, 3 Jan 2014 09:43:56 +0000 (UTC) Received: from b11.c2.bise7.blackberry ([192.168.0.111]) by srs.bis7.eu.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id s039QXO6007407 for freebsd-pf@freebsd.org; Fri, 3 Jan 2014 09:42:48 GMT X-rim-org-msg-ref-id: 410094010 Message-ID: <410094010-1388742168-cardhu_decombobulator_blackberry.rim.net-990805028-@b11.c2.bise7.blackberry> Content-Transfer-Encoding: base64 X-Priority: Normal Sensitivity: Normal Importance: Normal Subject: FREEBSD PF, Securing a R150, 000 Personal Loan in 1 Hour is that Easy - Super-Loan.co.za To: freebsd-pf@freebsd.org From: ray5@mtn.blackberry.com Date: Fri, 3 Jan 2014 09:42:48 +0000 Content-Type: text/plain; charset="Windows-1252" MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: ray5@mtn.blackberry.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jan 2014 09:43:57 -0000 V2lsbCB5b3UgcGxlYXNlIGhlbHAgbWUgd2l0aCBhIGxvYW4gb2YgUjEyMCAwMDAgDQpTZW50IGZy b20gbXkgQmxhY2tCZXJyea4gd2lyZWxlc3MgZGV2aWNl