From owner-freebsd-ipfw@freebsd.org  Sun Feb 10 08:02:29 2019
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A82D14E41AB
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Sun, 10 Feb 2019 08:02:29 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from mail.tilda.center (srv02.tilda.center [199.247.21.11])
 by mx1.freebsd.org (Postfix) with ESMTP id 589C86BCA2
 for <freebsd-ipfw@freebsd.org>; Sun, 10 Feb 2019 08:02:28 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from hal9000.home.meka.rs (109-93-224-120.dynamic.isp.telekom.rs
 [109.93.224.120])
 by mail.tilda.center (Postfix) with ESMTPSA id 0C0E01C389;
 Sun, 10 Feb 2019 09:02:26 +0100 (CET)
Date: Sun, 10 Feb 2019 09:02:26 +0100
From: Goran =?utf-8?B?TWVracSH?= <meka@tilda.center>
To: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Dummynet + PF
Message-ID: <20190210080226.nemx3riaa53ohsjl@hal9000.home.meka.rs>
References: <20190209102222.iaoj4a532nfpuuee@hal9000.home.meka.rs>
 <7473e45b-0471-a6e5-f292-c0a90b5ae41d@yandex.ru>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="d3zrsujac477d6uq"
Content-Disposition: inline
In-Reply-To: <7473e45b-0471-a6e5-f292-c0a90b5ae41d@yandex.ru>
User-Agent: NeoMutt/20180716
X-Rspamd-Queue-Id: 589C86BCA2
X-Spamd-Bar: -------
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates
 199.247.21.11 as permitted sender) smtp.mailfrom=meka@tilda.center
X-Spamd-Result: default: False [-7.79 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 DMARC_NA(0.00)[tilda.center]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: mail.tilda.center];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.87)[-0.867,0];
 SIGNED_PGP(-2.00)[]; FREEMAIL_TO(0.00)[yandex.ru];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+];
 ASN(0.00)[asn:20473, ipnet:199.247.16.0/21, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(-2.62)[ip: (-9.43), ipnet: 199.247.16.0/21(-4.54), asn: 20473(0.96),
 country: US(-0.07)]; 
 RECEIVED_SPAMHAUS_PBL(0.00)[120.224.93.109.zen.spamhaus.org : 127.0.0.11]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2019 08:02:29 -0000


--d3zrsujac477d6uq
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

On Sat, Feb 09, 2019 at 02:17:04PM +0300, Andrey V. Elsukov wrote:
> Hi,
>
> I think it doesn't really depend from ipfw, you can just remove this
> dependency from ip_dummynet.c.
>
> --
> WBR, Andrey V. Elsukov
>


My laptop is only 2-core machine so it took a lot of time for a simple
experiment:

- compiled WITHOUT_IPFW and dummynet loads
- compiled with WITHOUT_IPFW removed and dummynet loads

Now, what would be the quickest and dirtiest example of using dummynet?
Let's say I want one pipe of 300kB/s and put all TCP throught it for
the sake of a really quick PoC? By now I'm sure we have the right spot
to place that PoC in PF code.

What would be proof enough that dummynet can work without module
depending on ipfw? I'd love to submit this patch soonish. I assume tests
need to pass?

Regards,
meka

--d3zrsujac477d6uq
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAlxf2o8ACgkQWj1Tknov
rLY8Bw//VQLFYPTK9Y9Vyu6v+n6NWaQcAXUmlBVMiateSPjPiKKVqo+W8caPlb8v
JZhfy+T2og+FKYCbwGAMoYHNc4aZME/DkAzS2wcCBZgPykWwqLpjvTn9QUrX9Zua
cSjMX0lfdUNdp9LZfG7OOfMbGSrJ/5ct1xef9vjdT+nFAMZh55wwTLAbbvRCPZKU
AnQ77Da3xtwtwD3P6P7Wh/3PdiDus5l1ZhCDQQwMPEEBBPrQ6G+EemU8CsM51mWb
tmWEoE/u58mBietpbe9NU8HznIo8DDX0fvTEiyQA9MgPjS52ccPxqfZ7/LM7DyJs
gYvQybiYxQ2ll2IhVaASQDTtcA0o7Vf0i568Bj6YzpL3zOfrsu+6d341H2qTQrj1
9GmbGwzgfWduL1HNq4jXEUrqvnNP2/D+8QaHbUP8QxGNbx2xvNL6gBqaYW924njB
+8JZaVm7QA2R8D/HvFdhLPgI5K+NgD3+AewUgYQLhzpcFEQZcwbFIabkACUxVNWz
3qxMxMzd74A6TR18ISnHzFfkZ/7sCk1GSb2lGyIlb4nZNg3HEkCcLu16OwaHWctD
NxK8Z84baFBhMezAr4i7d7/CJW8sv35BPU1qRbiG8K4Dm2OyT0AswaIf3PYJDy5r
RPEuRYw47hOimOamUoID38paumnmHbFRhKqhbiMzvcwumj1nYwE=
=Mwpw
-----END PGP SIGNATURE-----

--d3zrsujac477d6uq--

From owner-freebsd-ipfw@freebsd.org  Sun Feb 10 21:00:55 2019
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79BB514DBCB2
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Sun, 10 Feb 2019 21:00:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 0E2C26AD3A
 for <freebsd-ipfw@freebsd.org>; Sun, 10 Feb 2019 21:00:55 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id C1AA814DBCA7; Sun, 10 Feb 2019 21:00:54 +0000 (UTC)
Delivered-To: ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF2D514DBCA2
 for <ipfw@mailman.ysv.freebsd.org>; Sun, 10 Feb 2019 21:00:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 491A86AD31
 for <ipfw@FreeBSD.org>; Sun, 10 Feb 2019 21:00:54 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8B4F715FB7
 for <ipfw@FreeBSD.org>; Sun, 10 Feb 2019 21:00:53 +0000 (UTC)
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x1AL0rhp061257
 for <ipfw@FreeBSD.org>; Sun, 10 Feb 2019 21:00:53 GMT
 (envelope-from bugzilla-noreply@FreeBSD.org)
Received: (from bugzilla@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x1AL0rHi061244
 for ipfw@FreeBSD.org; Sun, 10 Feb 2019 21:00:53 GMT
 (envelope-from bugzilla-noreply@FreeBSD.org)
Message-Id: <201902102100.x1AL0rHi061244@kenobi.freebsd.org>
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to
 bugzilla-noreply@FreeBSD.org using -f
From: bugzilla-noreply@FreeBSD.org
To: ipfw@FreeBSD.org
Subject: Problem reports for ipfw@FreeBSD.org that need special attention
Date: Sun, 10 Feb 2019 21:00:53 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Feb 2019 21:00:55 -0000

To view an individual PR, use:
  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).

The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and obsolete releases.

Status      |    Bug Id | Description
------------+-----------+---------------------------------------------------
New         |    215875 | [ipfw] ipfw lookup tables do not support mbuf_tag 
New         |    232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 

2 problems total for which you should take action.

From owner-freebsd-ipfw@freebsd.org  Tue Feb 12 07:24:20 2019
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B18D14D9BA7
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Tue, 12 Feb 2019 07:24:20 +0000 (UTC)
 (envelope-from crapsh@monkeybrains.net)
Received: from sfo.monkeybrains.net (mail.monkeybrains.net [208.69.40.19])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.monkeybrains.net",
 Issuer "AlphaSSL CA - SHA256 - G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 14A5B75DD3
 for <freebsd-ipfw@freebsd.org>; Tue, 12 Feb 2019 07:24:18 +0000 (UTC)
 (envelope-from crapsh@monkeybrains.net)
Received: from mail.monkeybrains.net (mail.monkeybrains.net [208.69.40.19])
 by sfo.monkeybrains.net (8.15.2/8.15.2) with ESMTP id x1C7OHit075622
 for <freebsd-ipfw@freebsd.org>; Mon, 11 Feb 2019 23:24:17 -0800 (PST)
 (envelope-from crapsh@monkeybrains.net)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=monkeybrains.net;
 s=dkim; t=1549956257;
 bh=DLpva2yEKNB/460ie84UbcbXMaqFXc/qHvFD7Dsrqkw=;
 h=In-Reply-To:References:Date:Subject:From:To;
 b=LpbtQWahhvnXdWMjDD5c4DCeEDaoL4h6t9YXSRcY1GoD1oRpE/7QE0QY6TeWPwyRV
 9mKiTJADSRHbg7o+sUYrE/6pQZ2v7Lw6HcUy5lqbazbS7Quz5ITjhY7hp7WwyuTtaq
 3opivhu7cfxe93BI2pa1x4QCGUUs1sw4JLUAphWY=
Received: from 148.64.99.20
 (SquirrelMail authenticated user rudy-ftp@monkeybrains.net)
 by mail.monkeybrains.net with HTTP; Mon, 11 Feb 2019 23:24:17 -0800
Message-ID: <ebd26c5a84b465183de8f8066f884136.squirrel@mail.monkeybrains.net>
In-Reply-To: <mailman.47.1549886401.19526.freebsd-current@freebsd.org>
References: <mailman.47.1549886401.19526.freebsd-current@freebsd.org>
Date: Mon, 11 Feb 2019 23:24:17 -0800
Subject: Patch to have ipfw0 work properly in jails
From: "Rudy (bulk address)" <crapsh@monkeybrains.net>
To: freebsd-ipfw@freebsd.org
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Virus-Scanned: clamav-milter 0.100.2 at mail.monkeybrains.net
X-Virus-Status: Clean
X-Rspamd-Queue-Id: 14A5B75DD3
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=monkeybrains.net header.s=dkim header.b=LpbtQWah;
 dmarc=pass (policy=none) header.from=monkeybrains.net;
 spf=pass (mx1.freebsd.org: domain of crapsh@monkeybrains.net designates
 208.69.40.19 as permitted sender) smtp.mailfrom=crapsh@monkeybrains.net
X-Spamd-Result: default: False [-3.35 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.98)[-0.975,0];
 R_DKIM_ALLOW(-0.20)[monkeybrains.net:s=dkim];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-ipfw@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 IP_SCORE(-0.01)[country: US(-0.07)];
 DKIM_TRACE(0.00)[monkeybrains.net:+];
 MX_GOOD(-0.01)[cached: mx1.harsh.monkeybrains.net];
 HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.35)[-0.353,0];
 DMARC_POLICY_ALLOW(-0.50)[monkeybrains.net,none];
 RCVD_NO_TLS_LAST(0.10)[];
 RCVD_IN_DNSWL_LOW(-0.10)[19.40.69.208.list.dnswl.org : 127.0.5.1];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:32329, ipnet:208.69.40.0/22, country:US];
 RCVD_COUNT_TWO(0.00)[2];
 DWL_DNSWL_NONE(0.00)[monkeybrains.net.dwl.dnswl.org : 127.0.5.0]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 07:24:20 -0000


Never submitted a patch... is this good enough?

Problem: ipfw logs in a way that is confusing in jails (it logs to the
host syslogd)
Solution: use ipfw0 and make sure to fix up syslog and launch tcpdump if
firewall_logif is set in rc.conf

Thanks,
Rudy


--- /etc/rc.d/ipfw.orig 2019-02-11 23:19:09.074313000 -0800
+++ /etc/rc.d/ipfw      2019-02-11 23:17:37.675032000 -0800
@@ -65,8 +65,23 @@
                ${SYSCTL} net.inet.ip.fw.verbose=1 >/dev/null
        fi
        if checkyesno firewall_logif; then
-               ifconfig ipfw0 create
-               echo 'Firewall logging pseudo-interface (ipfw0) created.'
+    if ! ifconfig ipfw0 > /dev/null 2> /dev/null; then
+      ifconfig ipfw0 create
+                 echo 'Firewall logging pseudo-interface (ipfw0) created.'
+      # have tcpdump listen to ipfw and send info to logger
+      /usr/sbin/tcpdump -lnti ipfw0 2> /dev/null | /usr/bin/logger -t www
-p security.info &
+      echo "ipfw0 redirecting to syslog"
+    elif ! killall -0 tcpdump 2> /dev/null; then
+      # no tcpdump running... launch it!
+      /usr/sbin/tcpdump -lnti ipfw0 2> /dev/null | /usr/bin/logger -t www
-p security.info &
+      echo "ipfw0 redirecting to syslog"
+    fi
+    fwverbose=`sysctl -n net.inet.ip.fw.verbose`
+    if [ $fwverbose == 1 ]; then
+      # turn down for what ... I mean, turn off verbose so ipfw0 is used.
+      sysctl net.inet.ip.fw.verbose=0 > /dev/null
+      echo "verbose logging off and redirecting to ipfw0"
+    fi
        fi
 }


From owner-freebsd-ipfw@freebsd.org  Tue Feb 12 11:14:05 2019
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C544C14E2E68
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Tue, 12 Feb 2019 11:14:05 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from forward100j.mail.yandex.net (forward100j.mail.yandex.net
 [IPv6:2a02:6b8:0:801:2::100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 54F0887362
 for <freebsd-ipfw@freebsd.org>; Tue, 12 Feb 2019 11:14:03 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from mxback13j.mail.yandex.net (mxback13j.mail.yandex.net
 [IPv6:2a02:6b8:0:1619::88])
 by forward100j.mail.yandex.net (Yandex) with ESMTP id DF13750E052F;
 Tue, 12 Feb 2019 14:13:59 +0300 (MSK)
Received: from smtp3o.mail.yandex.net (smtp3o.mail.yandex.net
 [2a02:6b8:0:1a2d::27])
 by mxback13j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id GS2ywbBwn9-DxOu8A4L;
 Tue, 12 Feb 2019 14:13:59 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1549970039; bh=udl9zidHezvZk4V8chv0uOqKWjgaNfGaA5d8PSnwrs0=;
 h=Subject:To:References:From:Message-ID:Date:In-Reply-To;
 b=L0zTMACrg7T2y981T83oguT4PAFq80FBpinVryZzMhGSrjcmgkkkH4qB9cahCstGP
 tDdEGqFauAwCRvENJSJV003C2oRZeCoXlorTGbRxFH4Apw7DBAIfqMDeeiJEinTgFe
 i2N2BJVVtliGYQczQ/7NI8bJ4l6cWse8cT/Gt+14=
Received: by smtp3o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 2g9SUtUyGE-Dwtac3oM; Tue, 12 Feb 2019 14:13:58 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
Subject: Re: Patch to have ipfw0 work properly in jails
To: "Rudy (bulk address)" <crapsh@monkeybrains.net>, freebsd-ipfw@freebsd.org
References: <mailman.47.1549886401.19526.freebsd-current@freebsd.org>
 <ebd26c5a84b465183de8f8066f884136.squirrel@mail.monkeybrains.net>
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A
Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata=
 mQENBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5
 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF
 ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B
 bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N
 CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB
 AAG0JUFuZHJleSBWLiBFbHN1a292IDxidTdjaGVyQHlhbmRleC5ydT6JATgEEwECACIFAkwB
 F1kCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEAHF6gQQyKF6qmYIAI6ekfm1VA4T
 vqankI1ISE6ku4jV7UlpIQlEbE7/8n3Zd6teJ+pGOQhN5qk8QE7utdPdbktAzi+x7LIJVzUw
 4TywZLXGrkP7VKYkfg6oyCGyzITghefQeJtr2TN4hYCkzPWpylkue8MtmqfZv/6royqwTbN+
 +E09FQNvTgRUYJYTeQ1qOsxNRycwvw3dr2rOfuxShbzaHBB1pBIjGrMg8fC5pd65ACH5zuFV
 A0CoTNGMDrEZSfBkTW604UUHFFXeCoC3dwDZRKOWJ3GmMXns65Ai5YkA63BSHEE1Qle3VBhd
 cG1w0CB5FBV3pB27UVnf0jEbysrDqW4qN7XMRFSWNAy5AQ0ETAEXWQEIAJ2p6l9LBoqdH/0J
 PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+
 LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4
 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU
 X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK
 HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAYkBHwQYAQIACQUCTAEXWQIbDAAK
 CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw
 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ
 WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz
 BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9
 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i
Message-ID: <39280f3a-7212-86f9-2a9f-1d9a62efa0ff@yandex.ru>
Date: Tue, 12 Feb 2019 14:09:48 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101
 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <ebd26c5a84b465183de8f8066f884136.squirrel@mail.monkeybrains.net>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="YQw9P8X9ohSaOzzYRgrJWUmyQVdVdUtA0"
X-Rspamd-Queue-Id: 54F0887362
X-Spamd-Bar: -------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=yandex.ru header.s=mail header.b=L0zTMACr;
 dmarc=pass (policy=none) header.from=yandex.ru;
 spf=pass (mx1.freebsd.org: domain of bu7cher@yandex.ru designates
 2a02:6b8:0:801:2::100 as permitted sender) smtp.mailfrom=bu7cher@yandex.ru
X-Spamd-Result: default: False [-7.91 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52];
 FREEMAIL_FROM(0.00)[yandex.ru]; HAS_ATTACHMENT(0.00)[];
 RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+];
 MX_GOOD(-0.01)[mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.99)[-0.986,0];
 DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; SIGNED_PGP(-2.00)[];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(-1.72)[ipnet: 2a02:6b8::/32(-4.77), asn: 13238(-3.82), country:
 RU(0.00)]; RCVD_TLS_LAST(0.00)[];
 RCVD_IN_DNSWL_LOW(-0.10)[0.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org
 : 127.0.5.1]; 
 ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU];
 MID_RHS_MATCH_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[yandex.ru.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[yandex.ru];
 R_DKIM_ALLOW(-0.20)[yandex.ru:s=mail];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
 MIME_TRACE(0.00)[0:+,1:+,2:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Feb 2019 11:14:06 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--YQw9P8X9ohSaOzzYRgrJWUmyQVdVdUtA0
Content-Type: multipart/mixed; boundary="2K2VeBGIIGLdmSDtJ5kFCZbgs6qQePizu";
 protected-headers="v1"
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: "Rudy (bulk address)" <crapsh@monkeybrains.net>, freebsd-ipfw@freebsd.org
Message-ID: <39280f3a-7212-86f9-2a9f-1d9a62efa0ff@yandex.ru>
Subject: Re: Patch to have ipfw0 work properly in jails
References: <mailman.47.1549886401.19526.freebsd-current@freebsd.org>
 <ebd26c5a84b465183de8f8066f884136.squirrel@mail.monkeybrains.net>
In-Reply-To: <ebd26c5a84b465183de8f8066f884136.squirrel@mail.monkeybrains.net>

--2K2VeBGIIGLdmSDtJ5kFCZbgs6qQePizu
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 12.02.2019 10:24, Rudy (bulk address) wrote:
>=20
> Never submitted a patch... is this good enough?
>=20
> Problem: ipfw logs in a way that is confusing in jails (it logs to the
> host syslogd)
> Solution: use ipfw0 and make sure to fix up syslog and launch tcpdump i=
f
> firewall_logif is set in rc.conf

Hi,

for what purpose do you use ipfw0? Running tcpdump and logger looks very
ugly.

--=20
WBR, Andrey V. Elsukov


--2K2VeBGIIGLdmSDtJ5kFCZbgs6qQePizu--

--YQw9P8X9ohSaOzzYRgrJWUmyQVdVdUtA0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlxiqXwACgkQAcXqBBDI
oXqXGAgAh3uceN+RnkcOc1AKDhQC1DVwQHkoDhf68rSrfJxJ0HbkQikqDPLBzY3N
i2rxcXOd5xlXloNiUmkWw+2ESQ7x8kX/86Gg4acsZSpi6IC0//7Uftn1jhB9oSC7
CAv27pd++tNC7ZFhtXshxYBUUwiZ4ABZeNCort5Uz33+l2CszHDyCmFL06+Uc/zL
/MegVXV7Dvz3aSYNP3/pZHIL4MKIIXVWdfKHAoEuon1/M3Cc3Ak2Kim5G67zvzut
KEv703F8/dbIQ4GB2KHbyQJuP8YGUDlcknf+DfMobSJQVowxf7y0UqVqT/B7V8Q9
J4zXKiMBkjVKKzRg+UBLuz1QOJgdKQ==
=jpQu
-----END PGP SIGNATURE-----

--YQw9P8X9ohSaOzzYRgrJWUmyQVdVdUtA0--