From owner-freebsd-pf@FreeBSD.ORG Mon Mar 5 11:07:14 2012 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5C59E1065678 for ; Mon, 5 Mar 2012 11:07:14 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4AB9B8FC20 for ; Mon, 5 Mar 2012 11:07:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q25B7EWc034960 for ; Mon, 5 Mar 2012 11:07:14 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q25B7DUe034958 for freebsd-pf@FreeBSD.org; Mon, 5 Mar 2012 11:07:13 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 5 Mar 2012 11:07:13 GMT Message-Id: <201203051107.q25B7DUe034958@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2012 11:07:14 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/165315 pf [pf] States never cleared in PF with DEVICE_POLLING o kern/164402 pf [pf] pf crashes with a particular set of rules when fi o kern/164271 pf [pf] not working pf nat on FreeBSD 9.0 [regression] o kern/163208 pf [pf] PF state key linking mismatch o kern/160370 pf [pf] Incorrect pfctl check of pf.conf o kern/155736 pf [pf] [altq] borrow from parent queue does not work wit o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 48 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Mar 7 10:04:47 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D5999106566B for ; Wed, 7 Mar 2012 10:04:47 +0000 (UTC) (envelope-from More@SecondPassport.co.za) Received: from node-sl250.smtp.com (node-sl250.smtp.com [173.192.174.225]) by mx1.freebsd.org (Postfix) with ESMTP id 6AB248FC12 for ; Wed, 7 Mar 2012 10:04:47 +0000 (UTC) X-MSFBL: ZnJlZWJzZC1wZkBmcmVlYnNkLm9yZ0AxNzNfMTkyXzE3NF8yMjVAc2FjZnNfZGVk aWNhdGVkX3Bvb2xA DKIM-Signature: v=1; a=rsa-sha256; d=smtp.com; s=smtpcomcustomers; c=relaxed/simple; q=dns/txt; i=@smtp.com; t=1331113513; h=From:Subject:To:Date:MIME-Version:Content-Type; bh=0wA5W57eEGmBVdhMCpPSauKt4zNEj4LRuTGh7nsomcI=; b=HKNT8wjstZZc0dyD4dFqh0XArkg9+EbytdlFpZtc70gJ6iA6gAsHend7ax3E+5xD RqZi6VSzpy9rV7ldSAy9xPkqdsJU/iK5qFV8Y3TKoRCtSG0H7+NlkXi8HKBmL3f/ fZO2hZ0tu9yfj5e5XmTY342goPy/WiFC+apTVe4mlRY=; Received: from [109.73.163.143] ([109.73.163.143:64432] helo=Sender) by sl-se-mta01 (envelope-from ) (ecelerity 3.3.2.44647 r(44647)) with ESMTPA id 4E/9C-04912-92E275F4; Wed, 07 Mar 2012 09:45:13 +0000 Received: from cloned-VPS ([109.73.163.143]) by Sender ; Wed, 7 Mar 2012 11:45:57 +0200 Message-ID: MIME-Version: 1.0 From: "SecondPassport.co.za" To: freebsd-pf@freebsd.org Date: 7 Mar 2012 11:45:57 +0200 X-SMTPCOM-Tracking-Number: 5b46ac82-e24f-4acf-a4d2-1733d281850d X-SMTPCOM-Sender-ID: 436308 X-SMTPCOM-Spam-Policy: SMTP.com is a paid relay service. We do not tolerate UCE of any kind. Please report it ASAP to abuse@smtp.com Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: FREEBSD PF, Get a Second (foreign) Passport in as little as 3 months - SecondPassport.co.za X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2012 10:04:47 -0000 R2V0IHVwdG8gUjZNIExpZmUgQ292ZXIgKE5vIE1lZGljYWxzKTsgU2F2ZSB1cHRv IDUwJTsgRnJlZSBGaW5hbmNpYWwgUGxhbnMNCg0KSGkgRlJFRUJTRCBQRiwNCg0K RG8geW91IGZpbmQgT05MWSBoYXZpbmcgYSBTb3V0aCBBZnJpY2FuIHBhc3Nwb3J0 IGxpbWl0aW5nPw0KRG8geW91IGZpbmQgeW91ciB0cmF2ZWwgY2hvaWNlcyBhYnJv YWQgcmVzdHJpY3RpbmcgYW5kIHZpc2EgYXBwbGljYXRpb25zIGZydXN0cmF0aW5n Pw0KRG8geW91IGhhdmUgYW4gZXhpdCBzdHJhdGVneSBpZiBTb3V0aCBBZnJpY2Eg YmVjb21lcyB0aGUgbmV4dCBaaW1iYWJ3ZT8NCkRvIHlvdSBmZWVsIGxpa2UgeW91 IGFyZSBwYXlpbmcgdG9vIG11Y2ggdGF4IGluIFNvdXRoIEFmcmljYT8NCg0KQXJl IHlvdSBhd2FyZSB0aGF0IHlvdSBhcmUgZWxpZ2libGUgZm9yIGEgMm5kIHBhc3Nw b3J0IHByb3ZpZGluZyB0aGF0IHlvdSBtZWV0IGNlcnRhaW4gcXVhbGlmeWluZyBh bmQgaW52ZXN0bWVudCBjcml0ZXJpYT8NCg0KWW91IGNvdWxkIHJlY2VpdmUgeW91 ciBuZXcgcGFzc3BvcnQgaW4gYXMgbGl0dGxlIGFzIDMgbW9udGhzIGFuZCBlbmpv eSB0aGUgZm9sbG93aW5nIGJlbmVmaXRzOg0KDQrigKIgSW5jcmVhc2VkIHZpc2Et ZnJlZSB0cmF2ZWwgYW5kIGEgcG9zc2libGUgaW1taWdyYXRpb24gZGVzdGluYXRp b24NCuKAoiBBIG5ldyB0YXgganVyaXNkaWN0aW9uIGFuZCBpbXByb3ZlZCBwZXJz b25hbCBhbmQgY29ycG9yYXRlIHRheCBleHBvc3VyZQ0K4oCiIEFuIGFsdGVybmF0 aXZlIGFuZCBzZWN1cmUgbGlmZXN0eWxlIG9wdGlvbg0K4oCiIEluY3JlYXNlZCBh bmQgbmV3IHdvcmsgb3Bwb3J0dW5pdGllcyBhbmQgcmV0aXJlbWVudCBhbHRlcm5h dGl2ZXMNCuKAoiBSZWFsIGFuZCB2YXJpZWQgb3B0aW9ucyBmb3IgeW91IGFuZCB5 b3VyIGZhbWlseQ0KDQpTZWNvbmRQYXNzcG9ydC5jby56YSBoYXMgcGFydG5lcmVk IHdpdGggbWFya2V0IGxlYWRpbmcgcHJvdmlkZXJzIGFuZCBpcyBhYmxlIHRvIG9m ZmVyIG9wdGlvbnMgaW4gc2V2ZW4gZGlmZmVyZW50IGdsb2JhbCBkZXN0aW5hdGlv bnMgb2ZmZXJpbmcgdGhlIG1vc3QgY29tcGVsbGluZyBhbmQgY29tcHJlaGVuc2l2 ZSBvZmZlcmluZyBmb3IgYW55IFNvdXRoIEFmcmljYW4gbG9va2luZyB0byBnYWlu IGludGVybmF0aW9uYWwgY2l0aXplbnNoaXAgdGhyb3VnaCBpbnZlc3RtZW50Lg0K DQpUbyBmaW5kIG91dCBtb3JlIGFib3V0IHRoZSB2YXJpb3VzIGF2YWlsYWJsZSBv cHRpb25zLCBjcml0ZXJpYSBhbmQgaG93IGl0IHdvcmtzLCBwbGVhc2UgY2xpY2sg aGVyZSBvciBnbyB0byB3d3cuU2Vjb25kUGFzc3BvcnQuY28uemEuDQoNClRoYW5r cw0KDQpUaGUgU2Vjb25kUGFzc3BvcnQuY28uemEgdGVhbQ0KDQogDQoNCkdldCB1 cHRvIFI2TSBMaWZlIENvdmVyIChObyBNZWRpY2Fscyk7IFNhdmUgdXB0byA1MCU7 IEZyZWUgRmluYW5jaWFsIFBsYW5zDQoNCk91ciBTZXJ2aWNlcyBpbmNsdWRlOg0K MSkgUGVyc29uYWxpc2VkIGFuZCBkaXNjcmV0ZSBvbmUgb24gb25lIHNlc3Npb25z IHRvIGRpc2N1c3MgYW5kIHJlZmluZSB5b3VyIHNwZWNpZmljIG5lZWRzDQoyKSBS ZWd1bGFyIGZyZWUgc2VtaW5hcnMgZm9yIG91ciBjbGllbnRzIHdoZXJlIHdlIGRp c2N1c3MgcHJvcyBhbmQgY29ucyBvZiB2YXJpb3VzIG9wdGlvbnMNCjMpIFJlZ3Vs YXIgbmV3c2xldHRlcnMgY292ZXJpbmcgdG9waWNzIGFuZCBwcm9ncmFtbWUgdXBk YXRlcyByZWxldmFudCB0byBnbG9iYWwgY2l0aXplbg0KNCkgQWNjZXNzIHRvIGEg cG9ydGZvbGlvIG9mIGhpZ2ggeWllbGRpbmcgaW50ZXJuYXRpb25hbCBpbnZlc3Rt ZW50IG9wcG9ydHVuaXRpZXMNCg0KDQpFbWFpbCBzZW50IGJ5IFNBIENvbnN1bWVy IEZvdW5kYXRpb24NClNBIENvbnN1bWVyIEZvdW5kYXRpb24gfCAxMjAgMXN0IEF2 ZW51ZSB8IEh5ZGUgUGFyaywgSkhCLCBHYXV0ZW5nIDIxOTYNCjIwMTIgU0EgQ29u c3VtZXIgRm91bmRhdGlvbiBBbGwgUmlnaHRzIFJlc2VydmVkLg0KDQpJZiB5b3Ug ZGlkIG5vdCB3aXNoIHRvIHJlY2VpdmUgdGhpcywgcGxlYXNlIHVuc3Vic2NyaWJl IGZyb20gZnVydGhlciBlbWFpbHMgIGF0IGh0dHA6Ly93d3cuZm9ybXN0YWNrLmNv bS9mb3Jtcy9zYS1lbWFpbHVuc3Vic2NyaWJlP2VtYWlsPWZyZWVic2QtcGZAZnJl ZWJzZC5vcmcNCg0KSWYgeW91IGNvbnNpZGVyIHRoaXMgZW1haWwgdW5zb2xpY2l0 ZWQgYnVsayBtYWlsLCBwbGVhc2UgcmVwb3J0IFNQQU0gYXQgaHR0cDovL3d3dy5m b3Jtc3RhY2suY29tL2Zvcm1zL3NhLXJlcG9ydHNwYW0/ZW1haWw9ZnJlZWJzZC1w ZkBmcmVlYnNkLm9yZyZlbWFpbF9mcm9tPU1vcmVAU2Vjb25kUGFzc3BvcnQuY28uemE= From owner-freebsd-pf@FreeBSD.ORG Fri Mar 9 12:40:12 2012 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DA268106564A for ; Fri, 9 Mar 2012 12:40:12 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AC5398FC08 for ; Fri, 9 Mar 2012 12:40:12 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q29CeCmA049694 for ; Fri, 9 Mar 2012 12:40:12 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q29CeCq8049693; Fri, 9 Mar 2012 12:40:12 GMT (envelope-from gnats) Date: Fri, 9 Mar 2012 12:40:12 GMT Message-Id: <201203091240.q29CeCq8049693@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Hien Phan Cc: Subject: Re: kern/127920: [pf] ipv6 and synproxy don' t play well together X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Hien Phan List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Mar 2012 12:40:12 -0000 The following reply was made to PR kern/127920; it has been noted by GNATS. From: Hien Phan To: bug-followup@FreeBSD.org, hlh@restart.be Cc: Subject: Re: kern/127920: [pf] ipv6 and synproxy don't play well together Date: Fri, 09 Mar 2012 19:13:10 +0700 Hello, I confirm this problem still exists on 9.0-RELEASE FreeBSD web1.deploy.xxxxx 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:15:25 UTC 2012 root@obrian.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 From owner-freebsd-pf@FreeBSD.ORG Sat Mar 10 21:43:28 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F36E8106566B for ; Sat, 10 Mar 2012 21:43:27 +0000 (UTC) (envelope-from dougs@dawnsign.com) Received: from mailfilter.dawnsign.com (hydra.dawnsign.com [69.198.101.212]) by mx1.freebsd.org (Postfix) with ESMTP id C14AF8FC0A for ; Sat, 10 Mar 2012 21:43:27 +0000 (UTC) Received: from mailfilter.dawnsign.com (localhost [127.0.0.1]) by mailfilter.dawnsign.com (Postfix) with ESMTP id ED0929583A; Sat, 10 Mar 2012 13:34:24 -0800 (PST) Received: from Draco.dawnsign.com (draco.dawnsign.com [192.168.101.33]) by mailfilter.dawnsign.com (Postfix) with ESMTP id 9D40195826; Sat, 10 Mar 2012 13:34:24 -0800 (PST) Received: from DRACO.dawnsign.com ([fe80::6062:7fef:2376:a729]) by Draco.dawnsign.com ([fe80::6062:7fef:2376:a729%10]) with mapi id 14.01.0355.002; Sat, 10 Mar 2012 13:34:14 -0800 From: Doug Sampson To: 'Damien Fleuriot' , "freebsd-pf@freebsd.org" Thread-Topic: Differences in PF between FBSD 8.2 & 9.0? Thread-Index: AczrwaDiR0Lf3/s3RAyJ81meINaqDQTQd3lw Date: Sat, 10 Mar 2012 21:34:13 +0000 Message-ID: References: <4F3B76DB.1040301@my.gd> In-Reply-To: <4F3B76DB.1040301@my.gd> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [192.168.101.149] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Cc: Subject: RE: Differences in PF between FBSD 8.2 & 9.0? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2012 21:43:28 -0000 > On 2/15/12 2:22 AM, Doug Sampson wrote: > > I got bitten by PF when upgrading from 8.2 to 9.0. It refused to allow > > any incoming mail. I'm using spamd in conjunction with pf. I use a > > combination of natting along with redirections in conjunction with the > > normal pass/block rules. > > >=20 > Toggle logging on both your default drop rule and your allow mail ones. >=20 > Then tcpdump -nei pflog0 ip and port 465 (or 25, whichever) > See what rule number matches your packets, then find out what rule that > is with pfctl -vvvsr >=20 >=20 I'm now getting back to this issue after being diverted to other projects. = Spam has been noticed by our staff and they're not happy. :) Here's what the tcp dump show: mailfilter-root@~# tcpdump -nei pflog0 port 8025 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 655= 35 bytes 13:12:14.948935 rule 0..16777216/0(match): block in on fxp0: 75.180.132.120= .33308 > 127.0.0.1.8025: Flags [S], seq 4117619766, win 5840, options [mss = 1460,nop,nop,TS val 1845169225 ecr 0,nop,wscale 0,nop,nop,sackOK], length 0 13:12:18.324854 rule 0..16777216/0(match): block in on fxp0: 75.180.132.120= .33308 > 127.0.0.1.8025: Flags [S], seq 4117619766, win 5840, options [mss = 1460,nop,nop,TS val 1845169563 ecr 0,nop,wscale 0,nop,nop,sackOK], length 0 ... The pflog0 shows that all incoming packets are blocked by rule #0 which is: @0 scrub in all fragment reassemble @0 block drop in log all And mailfilter-root@~# spamdb | g GREY mailfilter-root@~# No greytrapping is occurring. Is the 'scrub' rule screwing up our packets? = Our pf.conf worked fine in version 8.2 prior to the upgrade to 9.0. Also why am I being warned that there isn't an IPv4 address assigned to pfl= og0? Pertinent pf.conf section related to spamd: # spamd-setup puts addresses to be redirected into table . table persist table persist table persist file "/usr/local/etc/spamd/spamd-mywhite" table persist file "/usr/local/etc/spamd/spamd-spf.txt" #no rdr on { lo0, lo1 } from any to any # redirect to spamd rdr inet proto tcp from to $external_addr port smtp -> 127.= 0.0.1 port smtp rdr inet proto tcp from to $external_addr port smtp -> 127.0.0.= 1 port smtp rdr inet proto tcp from to $external_addr port smtp -> 127.0.= 0.1 port smtp rdr inet proto tcp from to $external_addr port smtp -> 127.0.0.1 po= rt spamd rdr inet proto tcp from ! to $external_addr port smtp -> 127= .0.0.1 port spamd # block all incoming packets but allow ssh, pass all outgoing tcp and udp # connections and keep state, logging blocked packets. block in log all # allow inbound/outbound mail! also to log to pflog pass in log inet proto tcp from any to $external_addr port smtp flags S/SA = synproxy state pass out log inet proto tcp from $external_addr to any port smtp flags S/SA= synproxy state pass in log inet proto tcp from $internal_net to $int_if port smtp flags S/= SA synproxy state pass in log inet proto tcp from $dmz_net to $int_if port smtp flags S/SA sy= nproxy state ~Doug From owner-freebsd-pf@FreeBSD.ORG Sat Mar 10 23:15:51 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A10111065672 for ; Sat, 10 Mar 2012 23:15:51 +0000 (UTC) (envelope-from jasjus.bwi@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 352EA8FC12 for ; Sat, 10 Mar 2012 23:15:50 +0000 (UTC) Received: by wern13 with SMTP id n13so342031wer.13 for ; Sat, 10 Mar 2012 15:15:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=F/9yrGL65XKygz9ioU4cUNyb5UmvxptcHAhinKhyOYw=; b=M4B4Hzsd/o2ov+JB201KGKqLwsb9VIrwUIWjdMkT5CHqay7WQkHBUZtlNViQ0eVrwh TJMUGvsNNUDhBJHVexSyP2veyeojPpFGHgJJuBh8z9F0YQzrQC5NaXMJ6/daZ3QIaKPU nNetv8KBVJ/U+MdqxxxeK+p5zq60dcFftX/jo5SbsEDWc8fsyEtg1i6UpATPUv0XfCr5 1lbYAenrtxzjSy1lrjKl2ty13qiQp/zojhsyElrRKqxe6YaAdreSFekGDtUlHmAk9B1/ zO3HIRMAKg2I11jO3hmRPwBOBL/+gjQpqTIOyofLEvgiYpOp3lZB4zLBJMgTWkntnu/B u07A== MIME-Version: 1.0 Received: by 10.180.103.35 with SMTP id ft3mr15604856wib.0.1331421350144; Sat, 10 Mar 2012 15:15:50 -0800 (PST) Received: by 10.216.233.218 with HTTP; Sat, 10 Mar 2012 15:15:50 -0800 (PST) Date: Sun, 11 Mar 2012 06:15:50 +0700 Message-ID: From: just man man To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Shaping bandwith vlan X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Mar 2012 23:15:51 -0000 We have openbsd conected with swicth catalist cisco 2950,in catalist configure vlan 10,vlan 20,vlan 30. do you know how to make shaping bandwith management if we have many vlan? thank you