From nobody Mon Nov 18 12:23:20 2024 X-Original-To: freebsd-pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XsRcN54ccz5d2v7; Mon, 18 Nov 2024 12:23:32 +0000 (UTC) (envelope-from driesm@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XsRcN4Yp0z4P9b; Mon, 18 Nov 2024 12:23:32 +0000 (UTC) (envelope-from driesm@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731932612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ICqCu9eiIYL6I02QhnOF7a8dyulG4HVSXPTG0X6Ejk0=; b=am+LGQOvcIbFsss4a121aUYiJyL2fFLyYrk/9i4psUJLakEYUJfaxuo0wakG1bDUGDc04l rY07J3RyO5KnzX0HlmnGPXC2eXGlYg4VTl9fbq4rcEJ0eKlgL9JuoPA7O4zXagTGLBSi28 EXORNLkpZD4uCXpnKms0ZYRfNN/cOh4wuXxEMP4kG1IgD7IShsU59cgwUvz5fa4TBIfoTT r1qWUx2xF/nktwhpyS7KntiAqm4nx0PjazxB4ahAqETZgND2KagCHxbwyLopLGEQM4jtcN MT0TOZTR/84ucthlET9/ii4C0p/OUao21rZYpJtwMyVS1I974Fs26zxkH4pQwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1731932612; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ICqCu9eiIYL6I02QhnOF7a8dyulG4HVSXPTG0X6Ejk0=; b=eSLmAN0aGgrgCTmTHdPaeAtF+CtITxBuCpFnRRb+vdOhgy8DhKPBZWxBXvPD2UYjiC+b67 PBWe2J2ywXT7agKIT2i0fA/wB1WgcEuNYL1cqTr95K+RHv1YBCnvsusalhrSRqD5zTNqQ8 wLFUaerEhgkieMt/xaHmHSVKZ8V5ZTmtfLzPBjIkqAzRqLZNRwdFgdXxTyNjULuYP3fXi+ rvvfKcYf5GAwVkUU4/HBLdVs6asASIeQ/6UIJz1TDY/P+qvV9h8VMZtRCd0GUidXOvZSmR sZFMU1MxaxAR9Vdcmqjdihod/PK3f7Pap1O/Cxrzl9x+2Bw6qYX65uFi0Usc3g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731932612; a=rsa-sha256; cv=none; b=rtBM3eq65fUake+Qk1m6gZY5rAZ2uLsgFdTiTDxtgc6ZVdeYW1eotRfImJt0hKvKSRzex8 BX49vrkQKVQtrXRR1gzeXOCSUzW+l/ph9227fvkQgInFESfF6Fag8Hu2ZCt12mUo/ScIXx /x/MFfwLfzleZn8tp46Ek0L0YVBfOCsYZfJVA0jpLcxnNWclPHcxz8CpBQMBrBY4qbzWk4 gzzGO0XqymJHYE42lecgk70z6UmGBaXb2G5r1H/+EoHE+XlDvBt3btF2Fmtmv8fwp4IxJ/ 9DpR9Iqhk+GMPOJkWIU9RCiQSQS/sE4eXzdIy9ef8gH2r2eEetDNjyXmuCeFkQ== Received: from mail-ot1-f41.google.com (mail-ot1-f41.google.com [209.85.210.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) (Authenticated sender: driesm) by smtp.freebsd.org (Postfix) with ESMTPSA id 4XsRcN42HMzypW; Mon, 18 Nov 2024 12:23:32 +0000 (UTC) (envelope-from driesm@freebsd.org) Received: by mail-ot1-f41.google.com with SMTP id 46e09a7af769-718186b5c4eso878455a34.2; Mon, 18 Nov 2024 04:23:32 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCU/x2KKRhaGKRxx6V+GYyultf7gBvEA+6BbADJ9CNROHnEq1VKl7Df9DD5V8wl36CQXEPjm+Ue2ArVFQA==@freebsd.org, AJvYcCV9aAbfqZPLhQMeMo//ynxUID+GGYUMoNzxD376P37wU8GKaHZZs4hFlTri/aunnen4KWp+QHyRHbP2rQ==@freebsd.org X-Gm-Message-State: AOJu0YxkYI8/gogwmA95QiQ5ReenDHeQ7jscznVZTukIhAyaSZZ+ykz2 GdKkTKloCGt5yexDTlHxVeggsYfgbBX3YFkxBpChqEs+hFohQhAayM1LKRSGle5hUL1VvfJvdK3 3l7wtoYa57a35gGcJxKq8vcteMB4= X-Google-Smtp-Source: AGHT+IGCaPGSf0cMinAISwUPL3x/XlQwgxJtGo7VmZF/Q02eKcsgx9AyoO1JCsuZUe3vURstv+4B5AmeDh5oUDFwnsg= X-Received: by 2002:a05:6830:620a:b0:718:4073:428f with SMTP id 46e09a7af769-71a7798c242mr10051027a34.16.1731932611861; Mon, 18 Nov 2024 04:23:31 -0800 (PST) List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 References: <610cbd98-0e4c-474f-b352-9786fc9e6a70@FreeBSD.org> In-Reply-To: <610cbd98-0e4c-474f-b352-9786fc9e6a70@FreeBSD.org> From: Dries Michiels Date: Mon, 18 Nov 2024 13:23:20 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: IPFW statefull firewall ruleset - some sites or applications do not work as expected To: Ronald Klop Cc: freebsd-ipfw@freebsd.org, freebsd-pf@freebsd.org, FreeBSD Net Content-Type: multipart/alternative; boundary="0000000000001aef6306272efcc2" --0000000000001aef6306272efcc2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, unfortunately that's not the case, as I have onepass to off, meaning that after every rule, the packet continues to be processed by the next rule (so the NAT does get reached). Op do 14 nov 2024 om 11:17 schreef Ronald Klop : > Op 02-11-2024 om 16:30 schreef Dries Michiels: > > Hello, > > > > So I have a very basic ruleset, as described in the FreeBSD handbook, > see below. I have "blurred" my open ports as seen in the ruleset below. > > Igc0 is my WAN port and in the table "trusted_if" are like my LAN if an= d > some bridges. > > > > 00001 reass ip from any to any in > > 00010 allow ip from any to any via table(trustedif) > > 00050 deny log ip from any to any not antispoof in > > 00100 nat 1 ip4 from any to any in recv igc0 > > 00500 skipto 10000 tcp from any to any out xmit igc0 setup keep-state > :default > > 00501 skipto 10000 udp from any to any out xmit igc0 keep-state :defaul= t > > 05000 allow tcp from any to me *some open ports* in recv igc0 setup > keep-state :default > > 05001 allow udp from any to me *some open ports* in recv igc0 keep-stat= e > :default > > 09998 deny log tcp from any to any > > 09999 deny log udp from any to any > > 10000 nat 1 ip4 from any to any out xmit igc0 > > 65535 allow ip from any to any > > > > Now comes the tricky part. There are some applications that don't work > correctly with this ruleset. > > For example, itsme (belgium application) to identify yourself with a lo= t > of accounts, does not work. > > Recently my banking website also stopped working. So now I'm wondering > how do I start to troubleshoot this issue? > > Are there any ceavets with this ruleset when redirects are happening fo= r > example? I'm also wondering if Belgian PF users have the same issue?=C2= =A3 > > > > I'm hopeful to get to the bottom of this as its quite annoying needing > to switch wifi channels to my ISP's router which does work with these > applications. > > > > Regards > > Dries > > > > > > Hi, > > It is a while ago that I build ipfw firewalls, but doesn't rule 10 match > all internal (from LAN) traffic, preventing outgoing (to WAN) packets to > get to the nat rules? > > I would suggest something like this: > > 00001 reass ip from any to any in > 00050 deny log ip from any to any not antispoof in > 00100 nat 1 ip4 from any to any via igc0 > 00300 check-state :default > 00200 allow ip from any to any in table(trustedif) keep-state :default > 05000 allow tcp from any to me *some open ports* in recv igc0 setup > keep-state :default > 05001 allow udp from any to me *some open ports* in recv igc0 keep-state > :default > 09999 deny log ip from any to any > 65535 allow ip from any to any > > > > Regards, > Ronald. > > --0000000000001aef6306272efcc2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi, unfortunately=C2=A0that's not the case, as I have = onepass to off, meaning that after every rule, the packet continues to be p= rocessed=C2=A0by the next rule (so the NAT does get reached).


Op do 14 nov 2024 om 11:17 schreef Ronald Klop <ronald@freebsd.org>:
Op 02-11-2024 om 16:30 schreef Dries Michiels: > Hello,
>
> So I have a very basic ruleset, as described in the FreeBSD handbook, = see below. I have "blurred" my open ports as seen in the ruleset = below.
> Igc0 is my WAN port and in the table "trusted_if" are like m= y LAN if and some bridges.
>
> 00001 reass ip from any to any in
> 00010 allow ip from any to any via table(trustedif)
> 00050 deny log ip from any to any not antispoof in
> 00100 nat 1 ip4 from any to any in recv igc0
> 00500 skipto 10000 tcp from any to any out xmit igc0 setup keep-state = :default
> 00501 skipto 10000 udp from any to any out xmit igc0 keep-state :defau= lt
> 05000 allow tcp from any to me *some open ports* in recv igc0 setup ke= ep-state :default
> 05001 allow udp from any to me *some open ports* in recv igc0 keep-sta= te :default
> 09998 deny log tcp from any to any
> 09999 deny log udp from any to any
> 10000 nat 1 ip4 from any to any out xmit igc0
> 65535 allow ip from any to any
>
> Now comes the tricky part. There are some applications that don't= =C2=A0work correctly with this ruleset.
> For example, itsme (belgium application) to identify yourself with a l= ot of accounts, does not=C2=A0work.
> Recently my banking=C2=A0website also stopped working. So now I'm = wondering how do I start to troubleshoot=C2=A0this issue?
> Are there any ceavets=C2=A0with this ruleset when redirects are happen= ing for example? I'm also wondering if Belgian PF users have the same i= ssue?=C2=A3
>
> I'm hopeful=C2=A0to get to the bottom of this as its quite annoyin= g needing to switch wifi channels to my ISP's router which does work wi= th these applications.
>
> Regards
> Dries
>
>

Hi,

It is a while ago that I build ipfw firewalls, but doesn't rule 10 matc= h all internal (from LAN) traffic, preventing outgoing (to WAN) packets to = get to the nat rules?

I would suggest something like this:

00001 reass ip from any to any in
00050 deny log ip from any to any not antispoof in
00100 nat 1 ip4 from any to any via igc0
00300 check-state :default
00200 allow ip from any to any in table(trustedif) keep-state :default
05000 allow tcp from any to me *some open ports* in recv igc0 setup keep-st= ate :default
05001 allow udp from any to me *some open ports* in recv igc0 keep-state :d= efault
09999 deny log ip from any to any
65535 allow ip from any to any



Regards,
Ronald.

--0000000000001aef6306272efcc2-- From nobody Tue Nov 19 15:06:02 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xt79Q3SP9z5f759 for ; Tue, 19 Nov 2024 15:06:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Xt79Q03fBz46Kw for ; Tue, 19 Nov 2024 15:06:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732028762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SvZoGnyZ3Gc00MOSPLecaKRZa0S+fnTZgCMggnh8+zc=; b=ckDwiX7pPAMOkhHk0nddpRd94jFLiSU/yZosq+3NOZtzpb5bfccMW4BqmJyBGIjLKPm/L7 9PuSoMqxKnKOKTp5Z3BcCm9i2kIQyy3tid5y65pU3Hke0x39i0bGxfXj6v1MYZcqIoDYmz ZzNjzeUuCaxpsbvXi7HN2Ov+B5E5CEAj0KjrzWnnoDRKUHelIRIvdVJMe6ARQ+kchzZA9H KmeJYvDT+RYKqToZVmL4lpAefFRX3OCNPXv8mArcby7qCS1BtaI6hFpB+PrwicJm7di2+1 XosOsg+4H3g0ZFAjxlRbN1MWygeNwrlZoH2FsGFDTa2iYAf0kM/umStFAIy1dQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732028762; a=rsa-sha256; cv=none; b=bb6mCVppfbA/5lMwosfr1i6AFZ09NNngdwefLLW2sZ+j4CCx0MvKxtHCjYiedvVSsm94yC cpnBhR0eT6MrI52DngKpecCMVnRGA5EIdbO0Oujm2DhZY1nvh+qR+YaxD2njAvQanFSHa1 FsIOkkxsnQ3MBYJWGAPnjATNZDGBI/3usT6LuDh2i7n8+ghEoFm0stqVOkFdyCslrwM41K 1Edo7MGpBs2fV7QAzVCC6NUIdesSKhtTZiX0jAOiO8SX8RkRG9JscpJVn05poXq72t0kfp Q9M6NDqmOvlIiU+jo/bSISwZe8Ld85dqlBkNYU7EUgBdJNh9nYWBH8G5fZKosg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Xt79P6fqMzFXS for ; Tue, 19 Nov 2024 15:06:01 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4AJF61eG026880 for ; Tue, 19 Nov 2024 15:06:01 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4AJF6148026879 for pf@FreeBSD.org; Tue, 19 Nov 2024 15:06:01 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282863] pf(4): Cannot add multiple filtering rules with IP address range Date: Tue, 19 Nov 2024 15:06:02 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 14.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282863 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Nov 21 19:01:41 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvSJQ0dZkz5dSLR for ; Thu, 21 Nov 2024 19:01:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XvSJP4kC1z4fgY for ; Thu, 21 Nov 2024 19:01:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732215701; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+RzAoOD+KlXG1clNY4DF7nwCicnmQ11Z9egv8twOGn8=; b=nd5uHWKPVPxKi5SGrj1MHHO255/X3pPrYouiBEk3B6MFZXl4BZwaiMMOxuPDBvdC/qi6z7 7d1POfB2NO5Tf7wI3bhOhwLTl8c5Myqnvrah3eE07D1M7hUeyimyDZ+LfruK1ebheVVdz4 Ns24QNMARZIb9nJCgvJBFEvFx2ba5s/dYNj8VHRF1a/cqp75/lBDLA2amD45P+NobeJWK/ 1LefBpdL+TidgroXBkPxV73VUQXV1KP7gLGyhMsWAw5oXy010S65MWF/4I8GZ4cmY+jNPF HWEQ+RiG21CQmSIeIKQEK1OBMIBbf4hT0USCRN4ExCLz0TPIQaixfwxTNa5KzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732215701; a=rsa-sha256; cv=none; b=QmAdNB7MvM+iYV30Lvbih9Yt9rbCJXg/NEn/ZsqrEgjvCFbqXADPkE6+g9C4dI2kMQ/JEp m4ZoSrphtPeRYpuszwMWiCXv04tm5jZ3fkcfuj54npyhf/04ykeXa3r0aebJsRN/JVwce3 jE/L+c7kNtYLfZ9lAUCNNe2t3KsRlQGCCpcGEbNDnOpfkdgHfA7RyB/Zzb9B3lTzjE4GjW Co3ADPZ6Z9Tz2fRqxUeImeBOsJo+s5KE8qh3Q0VmIhk5ff1vabq9HTHYg6Ri5eVcw6NolZ DMhjZJH27yRGFC9aUxK3iPOXA8oL02mLImv0q1NouhEKk0dLN4LN2MU1DVJIag== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvSJP4CPTzrdW for ; Thu, 21 Nov 2024 19:01:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4ALJ1frt060454 for ; Thu, 21 Nov 2024 19:01:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4ALJ1fcB060453 for pf@FreeBSD.org; Thu, 21 Nov 2024 19:01:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282877] pfctl: [Feature request] Allow pfctl to reset statistics for an individual IP address Date: Thu, 21 Nov 2024 19:01:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282877 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |pf@FreeBSD.org CC| |markj@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Nov 21 19:01:47 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvSJW6CQXz5dSVv for ; Thu, 21 Nov 2024 19:01:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XvSJW4Z94z4g0X for ; Thu, 21 Nov 2024 19:01:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732215707; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XuIQVUB9Gy2CWai99hDalEiy8yl+Xy8FFJoEm9kdzMk=; b=Pd8KOdD4Le/PKzMnoC77kTHz40EcIJSdTbYUitn2nSAjmdWWs+GliQ6vzcz1XsbDzHF8VT FlV9kAoCWhPHtLisBvxlpjFZF6IC2BhDXRC6qDlzZiPHu1rHMn0fqJhy+BsCyfQgHD885q XPv2Fmjh6oWkEQ59ZWe+dDW+864hElyNl4IoFnazVQheVBhXSyx/xlqGrUzrIZzUNB1px+ fS5wc1YKwb8n9pDXpNGoGinGsV3kMggMlyrKiditpZCD/ju+cZJRl5oVCOYRkcpijlOhB0 9lbHgv2rH3g5HsSiP67P0rZfAE+uAMIGX9qnk2VMBlFUeuJfKihIBPWfrp8iOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732215707; a=rsa-sha256; cv=none; b=fUasJhsfhe202ikg7oBdiQud+aUppb2E6rUGayvQTXk1GN4p9deNVkEZI3o6ZiA2BGD4c1 jop0mFePRCM1i3bdkXQxetxthspvhfH/Eb8s4O5wXJwfBkwi5bkNVwrukL45hSbMcdYvVr eY/6Gox8m+ANxm/RuL8fKlD87imHXlKR23AsX4IsE99uJprjNxLQr9QIBShxxuN92gcNYD 4tjrmbUT2ygu9s3VkPWjiPs6K5LW8fxGZv3J94zrZRvOxRWHJuvC+ApXm51F3FtteIG3IA hp47e35w7pheC6he5DyQeNmin2V9pXutISi02znoJqePk3na6rZ0CU9mumZegQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvSJW48sHzs6h for ; Thu, 21 Nov 2024 19:01:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4ALJ1lpW060552 for ; Thu, 21 Nov 2024 19:01:47 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4ALJ1lC8060551 for pf@FreeBSD.org; Thu, 21 Nov 2024 19:01:47 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282877] pfctl: [Feature request] Allow pfctl to reset statistics for an individual IP address Date: Thu, 21 Nov 2024 19:01:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: feature X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: markj@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282877 Mark Johnston changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |feature --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Thu Nov 21 22:41:41 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvYBG1RCmz5dhgW for ; Thu, 21 Nov 2024 22:41:42 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XvYBF5zXWz4LJX for ; Thu, 21 Nov 2024 22:41:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732228901; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/OR/zoLs1ZJcwmk1PvjH/JoQevnTeL0OqKWNAqgF8oQ=; b=TIQl/eYslUkixwWmOZvGykYsNS3eM6jLhFY4se7xiDmbozIt5FkyGxI2IpkUji8BHGXvrZ x0MlfgyRwNj3mL2YzV44B4/dUzPciM//sQW6HeL4id6ExvuTvIbxzZIM3uod2hNREYeIL6 y7DapS1BXmcaL1PeoaspmkmzzxUWApFZpVjz/7m7L/fRbqKxT1WhkRyYcXqSBOGbq2gI8W dpmnHIQj5+83Ul0ZkiO4b/MKqu2mJ8BKV+n3WXQGi4PKUpz29rNur4k42dSrxDzFcsDoDz cXiu9Ivq9KLdjTGl6lzOnjjwpIKG5IIoffQYTeuRm7KlOu3LbOqqQtwyv7fp/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732228901; a=rsa-sha256; cv=none; b=DidO6Uz5LL7s7wGsVgj8CMlijoY9mAhnZG0HKgZaDvOtBNDzrvqk4mw5b0B40hqgS/ww6k c6AFpzgX4JShkiYl1huZa/hA/arZiia8DWQ4rp/WyRnk3dkpqv9cSkJsNBUOs9uz2WzEsw Dxgfnk01+EVQGI+7FPE7Pbv+6s66v0Pl5YkImqmG3B5CwEM4OPHYtNW2Xu1oyiMZ+BNqwu dsMVvZrxbLCKy/AZSfMsMX0TJ+YKw492wdfw8l0igu/VIS+aAphOLU+3q3/Hvp80Hcc2yd aLRr1M5drQ5vMiubV23dHXJcQihfVEDkvhaQfw29e9ljBv+tkjmr1z/D3eFW8w== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvYBF4W7kzyy8 for ; Thu, 21 Nov 2024 22:41:41 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4ALMffAR055307 for ; Thu, 21 Nov 2024 22:41:41 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4ALMffoI055306 for pf@FreeBSD.org; Thu, 21 Nov 2024 22:41:41 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282877] pfctl: [Feature request] Allow pfctl to reset statistics for an individual IP address Date: Thu, 21 Nov 2024 22:41:41 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: feature X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: vegeta@tuxpowered.net X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282877 Kajetan Staszkiewicz changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vegeta@tuxpowered.net --- Comment #1 from Kajetan Staszkiewicz --- Please find the patch ported to FreeBSD here https://reviews.freebsd.org/D4= 7698 . It also lead to finding a bug https://reviews.freebsd.org/D47697 , so you probably want to apply both patches. I've developed them on the main branch, but they apply to FreeBSD 14 too, however I have not tested them on 14. --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Nov 22 09:58:25 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvrC50lqnz5dh32 for ; Fri, 22 Nov 2024 09:58:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XvrC45pwjz4YpT for ; Fri, 22 Nov 2024 09:58:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732269504; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OU8iqyo8IlF/0v+bhQhj1lP59dK2MVaONJErTyhT/us=; b=Wf4L+bK1fqY740MCwgUWLoOlN6EXPgN0vf7IszdvwNnmYw1lNE58Ns6wlQbIzS2DWWTqtM 1BYUe12VEzgp1dRIfrgyy0D147OLJv1R6JX/WIl/SxGrMe6wOaLVy+vUY/Nk36FsGLiTM/ XEpX1g1mE8+TLVIO9P5cgi/25KB/DxscUi7Yue6RJgW16i3izu0kZI3y5tSzTiFsSrJ6MS edYXWYyqsv9abHoy3i+AlCAWBqfPNOQ7xmhrD1cxyL64TMpGGeBvXw2sSfz6FNpbnJYRXI /C6gz2lvMP7eO7aalyZ9jm+NR1on7YuHaX+Jgu5nmYF8lG9hNEPBJfzmbBV5Rg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732269504; a=rsa-sha256; cv=none; b=rqdKWQMz8UHudLdKl80Tk9cxmbnQWRf1Ggd8gSSfPf2vaMfr0KlV/cIjx/+Axbu4Yub8tV ZOdOH7rsaCaioqiavYRp4k/AoM1+Eo/PRUDnUG8jKYgLqCUpu9EvN4Vk6VUOSGK3XkQOds U1xbogwEV0C6qtEd8YCYB8oIDwoJ763SdK37FXzo1YvckPExm/ciWq/ZEi0KVZWKXb5BsM zPNfch3XJN93nTUhJfZhZwT+R8yoQB3cG5bG1kACW8v7KEVYiZ2dRWTwPa/dVPyxZINg+B BY1P6tzuyA46U7sgDO4D71j4eJX9/ehxDNcqN/B/Ou8BGxDwSONB8n6rtXHCWQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvrC45QGvzKpV for ; Fri, 22 Nov 2024 09:58:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4AM9wOnR020609 for ; Fri, 22 Nov 2024 09:58:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4AM9wOst020607 for pf@FreeBSD.org; Fri, 22 Nov 2024 09:58:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282877] pfctl: [Feature request] Allow pfctl to reset statistics for an individual IP address Date: Fri, 22 Nov 2024 09:58:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: feature X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: freebsd@ohreally.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282877 --- Comment #2 from Rob LA LAU --- Thank you so much for your quick response. Will take a few days to get back to you with results (working today and this weekend). --=20 You are receiving this mail because: You are the assignee for the bug.= From nobody Fri Nov 22 12:26:53 2024 X-Original-To: pf@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XvvVQ2dsFz5dqLX for ; Fri, 22 Nov 2024 12:26:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XvvVQ1Xjrz4k7N for ; Fri, 22 Nov 2024 12:26:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732278414; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=no/AJ7glnx33IHinPDisJ2YQNXDkVgIV5grFa48JrWo=; b=yJkm19xo66OU2why+OBZHGTNfenNnBuK2Mdw1QaMYsDXoqwY2u6p6kFus64iH/YdMwo+TY X6N068sxkQH2/sfc35rvsSAurMBWint3jRvCtmESva9e8Dt1d1eipiHaJvXcLQt6ECBDbF rTDic7jt5BWoIndvneLk+uuQ5YRx9gKpJTSi8ExWDiMzy13JvIkM8LEtxvuJ57leuRpFUa kJmhpGQekP5+orFKY23V9JB1lImigpfLFEhB+hRiq8d9DzLotzZ7jD3Ok9cG//XQFG2ao9 7iuz7KNqSQFpgfEcSOMDm34QeTEzZxMIoSbty9tGDmQzEE30Ng6IPMZFB78pVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732278414; a=rsa-sha256; cv=none; b=CWVG8BheUxiFUfMPDoFRLa5W2EArhYw5lz71nVtXtx048KjbfKHS9DHbLl8NRtAZZZFEsU 8d+Y8mCtAVf0HueQu8r+zXdCYxZIGpCTjq2uvJ6Sz17O+vkz3vkPstVAlGs637VTcxjX2p QzoCufCCOy3bFljrIdbauls9T9f/ee9Nh/BH/8wOPMLZbowTHOT1miNsuykglHg0oZ/TFy LB+FGFBl4zH1v/W9/3gr8Au0YMqHQ1VjpvaBGW1Ym4w12fO0yff3/h9Yp1ve/uFBMveouB mvaaHtsBvChVuqIsTTxvZlO2xR5SP99vZzZ38vhqXb5PrYrQ2FOF0eq6lBVR8A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XvvVQ18TnzPDb for ; Fri, 22 Nov 2024 12:26:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4AMCQsRh092209 for ; Fri, 22 Nov 2024 12:26:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4AMCQsmJ092208 for pf@FreeBSD.org; Fri, 22 Nov 2024 12:26:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 282877] pfctl: [Feature request] Allow pfctl to reset statistics for an individual IP address Date: Fri, 22 Nov 2024 12:26:53 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 14.1-RELEASE X-Bugzilla-Keywords: feature X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Technical discussion and general questions about packet filter (pf) List-Archive: https://lists.freebsd.org/archives/freebsd-pf List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-pf@freebsd.org Sender: owner-freebsd-pf@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282877 --- Comment #3 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D6463b6b59152fb1695bbe0de78f6e2675= c5a765a commit 6463b6b59152fb1695bbe0de78f6e2675c5a765a Author: Kristof Provost AuthorDate: 2024-11-21 20:33:41 +0000 Commit: Kristof Provost CommitDate: 2024-11-22 11:22:16 +0000 pfctl: clear statistic for specified addresses The ioctl DIOCRCLRASTATS provides the functionality of clearing stats not only for the whole table for for addresses stored in that table. The functionality was missing from pfctl, though. Add it now. PR: 282877 Obtained from: OpenBSD, kirill , e496dff3a7 MFC after: 3 weeks sbin/pfctl/pfctl.8 | 6 ++--- sbin/pfctl/pfctl.h | 1 + sbin/pfctl/pfctl_radix.c | 23 +++++++++++++++++ sbin/pfctl/pfctl_table.c | 17 +++++++++++-- tests/sys/netpfil/pf/table.sh | 57 +++++++++++++++++++++++++++++++++++++++= ++++ 5 files changed, 99 insertions(+), 5 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=