From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:00:15 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 91ED416A4D1; Thu, 16 Sep 2004 04:00:15 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 83787 invoked by uid 1005); 31 Jan 2004 17:11:38 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 83784 invoked from network); 31 Jan 2004 17:11:38 -0000 Received: from moutng.kundenserver.de (212.227.126.183) by pd9530895.dip.t-dialin.net with SMTP; 31 Jan 2004 17:11:38 -0000 Received: from [212.227.126.139] (helo=mxng12.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AmyaV-0008FS-00 for max@vampire.homelinux.org; Sat, 31 Jan 2004 18:07:19 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng12.kundenserver.de with esmtp (Exim 3.35 #1) id 1AmyaV-0005hL-00 for max@love2party.net; Sat, 31 Jan 2004 18:07:19 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id DFE0B394C32; Sat, 31 Jan 2004 12:00:53 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sat, 31 Jan 2004 12:00:37 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) ESMTP id 76D65394AAD for ; Sat, 31 Jan 2004 12:00:29 -0500 (EST) Received: from sdf.lonestar.org (IDENT:jibe@sdf.lonestar.org [192.94.73.1]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i0VH6mRO022271 for ; Sat, 31 Jan 2004 17:06:48 GMT Received: from localhost (localhost [[UNIX: localhost]]) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i0VH6lkl003830 for pf4freebsd@freelists.org; Sat, 31 Jan 2004 17:06:47 GMT From: jb To: pf4freebsd@freelists.org Message-ID: <20040131170657.GA5331@fried.sakeos.net> References: <20040130123456.GA773@fried.sakeos.net> <20040131054309.GA37208@kt-is.co.kr> <20040131070219.GA72233@kt-is.co.kr> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040131070219.GA72233@kt-is.co.kr> User-Agent: Mutt/1.4.1i X-archive-position: 260 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: jb@riseup.net Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 378 X-Length: 3518 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:00:59 +0000 Subject: [pf4freebsd] Re: problem with 'user' X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:00:15 -0000 X-Original-Date: Sat, 31 Jan 2004 18:06:57 +0100 X-List-Received-Date: Thu, 16 Sep 2004 04:00:15 -0000 On Sat, Jan 31, 2004 at 04:02:19PM +0900, Pyun YongHyeon wrote: > On Sat, Jan 31, 2004 at 02:43:09PM +0900, To pf4freebsd@freelists.org w= rote: > > Thank you for your report. > > Can you try this patch? (Copy attached file to > > /usr/ports/security/pf/files directory and build.) > > Working/failure reports are very appreciated. > >=20 thanks - patch applies cleanly against 2.02 (out of the port tree). All things related for 'user' seem to work, but there's like an anomaly -=20 'pass all' for an user contaminates ICMP rules. rules like: pass in on lo0 all pass out on lo0 all block in log all block out log all lock the box (of course). Adding the following: pass out all user boludo keep state allows all users to ping outside. Also adding block out log proto icmp doesnt seem to change anything. later' jb