From owner-freebsd-pf@FreeBSD.ORG Wed Apr 27 18:50:34 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97FD816A4CE for ; Wed, 27 Apr 2005 18:50:34 +0000 (GMT) Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15A6043D78 for ; Wed, 27 Apr 2005 18:50:34 +0000 (GMT) (envelope-from Greg.Hennessy@nviz.net) Received: from gw2.local.net (unknown [62.3.210.251]) by smtp.nildram.co.uk (Postfix) with ESMTP id E64E22537B4 for ; Wed, 27 Apr 2005 19:50:24 +0100 (BST) From: "Greg Hennessy" To: "'Max Laier'" , Date: Wed, 27 Apr 2005 19:50:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 In-Reply-To: <200504272024.41241.max@love2party.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 Thread-Index: AcVLV1ryshay/gtNQROhJg009BC86gAAHpzA Message-Id: <20050427185016.AB09C16@gw2.local.net> Subject: RE: Considered BETA now [Re: New PF (OpenBSD 3.7 ***ALPHA-preview***)] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 18:50:34 -0000 Hi Max, been meaning to log this, just subscribed today. Consider if you will the following, policy excerpts have been running fine under OBSD 3.4 and your excellent handiwork prior to the 3.7 import on Free. Pristine CURRENT as of ~ # uname -a FreeBSD gw2.local.net 6.0-CURRENT FreeBSD 6.0-CURRENT #38: Tue Apr 26 09:37:04 BST 2005 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 PF and ALTQ conf'd in statically. ~ # cat /etc/pf-nbt.conf Ext="hme1" RPC_NBT="{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }" # Drop NBT on external interface block quick on $Ext inet proto {tcp,udp} to any port $RPC_NBT # ~ # grep -i nbt /etc/pf.conf # Discard unwanted NBT traffic anchor nbt load anchor nbt:nbt from "/etc/pf-nbt.conf" # Appears to parse & load ok ~ # pfctl -v -a nbt:nbt -f /etc/pf-nbt.conf Ext = "hme1" Int = "hme0" RPC_NBT = "{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }" block drop quick on hme1 inet proto tcp from any to any port = loc-srv block drop quick on hme1 inet proto tcp from any to any port = netbios-ns block drop quick on hme1 inet proto tcp from any to any port = netbios-dgm block drop quick on hme1 inet proto tcp from any to any port = netbios-ssn block drop quick on hme1 inet proto tcp from any to any port = microsoft-ds block drop quick on hme1 inet proto udp from any to any port = loc-srv block drop quick on hme1 inet proto udp from any to any port = netbios-ns block drop quick on hme1 inet proto udp from any to any port = netbios-dgm block drop quick on hme1 inet proto udp from any to any port = netbios-ssn block drop quick on hme1 inet proto udp from any to any port = microsoft-ds However, no joy. ~ # pfctl -v -s Anchors -a nbt:nbt ~ # pfctl -v -s Anchors -a nbt ~ # Have been running the 3.7 code for a week, if you need other info from me, just ask. Cheers Greg > -----Original Message----- > From: owner-freebsd-pf@freebsd.org > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Max Laier > Sent: 27 April 2005 19:25 > To: freebsd-pf@freebsd.org > Subject: Considered BETA now [Re: New PF (OpenBSD 3.7 > ***ALPHA-preview***)] > > On Wednesday 20 April 2005 01:12, Max Laier wrote: > > All, > > > > at: > > http://people.freebsd.org/~mlaier/pf37/ > > > > you will find the first shot at the long awaited import of a new > > version of pf. This is level with what is likely to be shipped as > > OpenBSD 3.7 and includes *most* of the features. > > Until now I have gotten zero feedback concerning this! If > you are not willing to test, you will have to live with the > consequences! > > I have done some tests myself, however, and my soekris box > seems stable and happy with the code so far. I consider it > to be BETA-stage now and urge everybody - once more - PLEASE > TEST THIS AND SEND FEEDBACK, NOW! > > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News >