From owner-freebsd-pf@freebsd.org Sun May 26 21:00:56 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 654D915B081D for ; Sun, 26 May 2019 21:00:56 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1DB656E549 for ; Sun, 26 May 2019 21:00:56 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id D5C1D15B081A; Sun, 26 May 2019 21:00:55 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C30AD15B0818 for ; Sun, 26 May 2019 21:00:55 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5E1B86E53F for ; Sun, 26 May 2019 21:00:55 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8B78C15076 for ; Sun, 26 May 2019 21:00:54 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x4QL0sRQ078864 for ; Sun, 26 May 2019 21:00:54 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x4QL0sca078858 for pf@FreeBSD.org; Sun, 26 May 2019 21:00:54 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201905262100.x4QL0sca078858@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 26 May 2019 21:00:54 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 May 2019 21:00:56 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Tue May 28 00:58:43 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6914B15B0283 for ; Tue, 28 May 2019 00:58:43 +0000 (UTC) (envelope-from emily.h@onelocal.com) Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 740B48E52B for ; Tue, 28 May 2019 00:58:41 +0000 (UTC) (envelope-from emily.h@onelocal.com) Received: by mail-pf1-x444.google.com with SMTP id d126so8177665pfd.2 for ; Mon, 27 May 2019 17:58:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=onelocal.com; s=google; h=from:date:subject:message-id:to:mime-version; bh=WBek7jqtGHRJdIIy7730kjL8jPynu6inVdP5k7R/ajY=; b=aU8qrgCbCsp2EtXsyfDJpx9JgvOqXxGqMTvJ12rggAyrpx4HL5COHeIGvAzxWeGarJ Ipjq7ZolHLwGsG8tV4gY1qzX9yrmkXh3xRjW9ggWpfh4+kVwEo9ltpMsYSUgpOnEPYiO DSuENHK+wfwEWNezRICfnYn2iRX+sxHtro6LbcqqyHJ+Z8XSzno8jnIAOvPIk6ihGo/n +d1zCQenmiImIXgnXIwwkJvV1fo21t7+7wLZ9lx5/aPpRieUzqkAayFc4Pv7RORNn6HM dtU8oU9JBiOXUu4XrKnwvn/w748yMdov+yFWeBWZ/tgWmj8yWBhI2/Drq+GH57Vqnfzb MgZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:subject:message-id:to:mime-version; bh=WBek7jqtGHRJdIIy7730kjL8jPynu6inVdP5k7R/ajY=; b=JBHnnXzabc0zfdJ0vw5hVopZ5o/64ztrMOzAShBtJS47vn7+hKx1QMXvwsh0YTegIn ivmWR2647IaHlNPpFRsewiff1Lx8vO639vesUR8s5Fqzz3YL9znStyyVn1g5QgDxpLh7 xuDbElz1xpsRAmyApMphldj9Cyjh60PSLK5dT5UWP4lHoj6FVZ47oP+N2N0EdBQsoJvn 8nSdTHMQEA11jR3d1dBIuoxT1nXTocMYkQoTrL7ki0yuxvjnHiQtFlk6b002tSAlb0hx L5RQuQKHnbrjRKbbOZLhee9+R/heUMJ5bgwZQcMMPfxjXXXXZb4i7N033B34bkP1z6cy GVNg== X-Gm-Message-State: APjAAAXoZOgJlgR/lR5x8JeBJkzZP3FHF+mRAo3M18Nf/d+L5rcKWZXz Vc9opbYB0/QvS13Yv+d0VC07O//CqQg= X-Google-Smtp-Source: APXvYqxlUCtGEVILpIqcT5eYvRib/gkI3ZbKMGwzrTZJBkTM5Q+JDmrMnKJ3RbpNvODP4ojpYARsWw== X-Received: by 2002:a17:90a:ac0d:: with SMTP id o13mr1901307pjq.139.1559005120246; Mon, 27 May 2019 17:58:40 -0700 (PDT) Received: from [10.0.0.20] ([138.91.190.27]) by smtp.gmail.com with ESMTPSA id m9sm15669719pgd.23.2019.05.27.17.58.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 27 May 2019 17:58:39 -0700 (PDT) From: "emily.h@onelocal.com" Date: Tue, 28 May 2019 00:58:39 +0000 Subject: N/A, hoping to chat Message-Id: To: freebsd-pf@freebsd.org MIME-Version: 1.0 X-Rspamd-Queue-Id: 740B48E52B X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=onelocal.com header.s=google header.b=aU8qrgCb; dmarc=pass (policy=none) header.from=onelocal.com; spf=pass (mx1.freebsd.org: domain of emily.h@onelocal.com designates 2607:f8b0:4864:20::444 as permitted sender) smtp.mailfrom=emily.h@onelocal.com X-Spamd-Result: default: False [-3.32 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[onelocal.com:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_DN_EQ_ADDR(1.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.90)[ip: (1.12), ipnet: 2607:f8b0::/32(-3.29), asn: 15169(-2.28), country: US(-0.06)]; DKIM_TRACE(0.00)[onelocal.com:+]; DMARC_POLICY_ALLOW(-0.50)[onelocal.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,alt3.aspmx.l.google.com,alt2.aspmx.l.google.com,alt4.aspmx.l.google.com]; NEURAL_HAM_SHORT(-0.91)[-0.908,0]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[] Content-Type: text/plain; charset=utf-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 May 2019 00:58:43 -0000 Hi N/A, How are you going about getting a positive review after you close a file? I know how difficult it can be for lawyers to ask for reviews from a client. My company has been working with law firms to help them get more positive reviews on Google once they close a file, which has been helping them rank higher when someone is searching for their services. When do you have 2-3 minutes to chat about this in further detail? Best, Emily From owner-freebsd-pf@freebsd.org Wed May 29 17:19:51 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7580715A7EC3 for ; Wed, 29 May 2019 17:19:51 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [88.98.225.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B347A75FA0 for ; Wed, 29 May 2019 17:19:50 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from crayon2.yoonka.com (crayon2.yoonka.com [10.70.7.20]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id x4THJnnE076639 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 29 May 2019 17:19:49 GMT (envelope-from list1@gjunka.com) Subject: Re: Wishing to build a 'router' pf box To: freebsd-pf@freebsd.org References: <20190517004706.GA6318@doctor.nl2k.ab.ca> From: Grzegorz Junka Message-ID: <846647b8-4f6e-9174-8324-ff9bf3e2530c@gjunka.com> Date: Wed, 29 May 2019 17:19:49 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190517004706.GA6318@doctor.nl2k.ab.ca> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB-large X-Rspamd-Queue-Id: B347A75FA0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of list1@gjunka.com designates 88.98.225.149 as permitted sender) smtp.mailfrom=list1@gjunka.com X-Spamd-Result: default: False [-6.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:88.98.225.149]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pf@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; DMARC_NA(0.00)[gjunka.com]; MX_GOOD(-0.01)[cached: gjunka.com]; NEURAL_HAM_SHORT(-0.89)[-0.886,0]; IP_SCORE(-3.63)[ip: (-9.50), ipnet: 88.98.192.0/18(-4.75), asn: 56478(-3.80), country: GB(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:56478, ipnet:88.98.192.0/18, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 May 2019 17:19:51 -0000 On 17/05/2019 00:47, The Doctor via freebsd-pf wrote: > Running into toons of problems with opensbsd and their ports, > so I am looking to build a FreeBSD equivalent. > > The Box would look like: > > --------------------------------- > | | > | eth3 > | | > | eth2 > | | > | eth1 > | | > | eth0 > | | > --------------------------------- > > Yes I would the packet filtering to attempt to drop malicious packets and > pass and forward good ones true. > > the Interface of Eth0 would 192.168.81.14 and eth1 would go back to > 192.168.82.2 the router. > > I would like to use sshguard with PF, suricata, squid > and 2 to 3 virtual bhyve machines with the virtual machines have 2 > virtual etherports each. > > What are the installation steps? > > UFS/ZFS I will decide on the controller. > > I am not sure what installation steps are you after. Are you trying to install OpenBSD in a bhyve on FreeBSD host? Why not use host only or jails? FreeBSD installation is pretty straightforward https://www.freebsd.org/doc/handbook/bsdinstall.html but details may depend if you use EFI or legacy BIOS, if you want ZFS on host or in bhyve/jail, etc. GrzegorzJ