From owner-freebsd-pf@FreeBSD.ORG Thu Jul 14 08:26:11 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58EE0106566B for ; Thu, 14 Jul 2011 08:26:11 +0000 (UTC) (envelope-from msurucu@karaelmas.edu.tr) Received: from posta.karaelmas.edu.tr (unknown [IPv6:2001:a98:190::5]) by mx1.freebsd.org (Postfix) with ESMTP id C34D68FC18 for ; Thu, 14 Jul 2011 08:26:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by posta.karaelmas.edu.tr (Postfix) with ESMTP id 3C957A1173 for ; Thu, 14 Jul 2011 11:26:07 +0300 (EEST) Received: from posta.karaelmas.edu.tr ([127.0.0.1]) by localhost (posta.karaelmas.edu.tr [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 01913-01 for ; Thu, 14 Jul 2011 11:26:07 +0300 (EEST) Received: from Murat2011 (unknown [10.1.16.11]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: msurucu@karaelmas.edu.tr) by posta.karaelmas.edu.tr (Postfix) with ESMTPSA id 17A2BA116E; Thu, 14 Jul 2011 11:26:07 +0300 (EEST) From: =?iso-8859-9?B?TXVyYXQgU9xS3EPc?= To: =?iso-8859-9?Q?'Ermal_Lu=E7i'?= References: <010b01cc3fc2$7763b450$662b1cf0$@karaelmas.edu.tr> <002601cc4058$36a5b170$a3f11450$@karaelmas.edu.tr> In-Reply-To: <002601cc4058$36a5b170$a3f11450$@karaelmas.edu.tr> Date: Thu, 14 Jul 2011 11:26:04 +0300 Message-ID: <002f01cc41ff$ac02eac0$0408c040$@karaelmas.edu.tr> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQHDNPe+IRJb8qhRNJ6l65eF1gfs5wENXDUfAZ/S9eOU6CqJgA== Content-Language: en-us Cc: freebsd-pf@freebsd.org Subject: RE: FreeBSD 8.2 + pf + ipfw (dummynet) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2011 08:26:11 -0000 I think the problem is dummynet corrupts PF state information. What can = i do for prevent it? =20 Murat=20 -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] = On Behalf Of Murat S=DCR=DCC=DC Sent: Tuesday, July 12, 2011 8:55 AM To: 'Ermal Lu=E7i' Cc: freebsd-pf@freebsd.org Subject: RE: FreeBSD 8.2 + pf + ipfw (dummynet) Thanks for reply, IPFW is kernel module, PF is loadable module in my config. And this config was normally run when version is 7.2. Murat=20 -----Original Message----- From: ermal.luci@gmail.com [mailto:ermal.luci@gmail.com] On Behalf Of = Ermal Lu=E7i Sent: Tuesday, July 12, 2011 12:59 AM To: Murat S=DCR=DCC=DC Cc: freebsd-pf@freebsd.org Subject: Re: FreeBSD 8.2 + pf + ipfw (dummynet) 2011/7/11 Murat S=DCR=DCC=DC : > Hello, > > I used PF and dummynet together about two years and worked fine. > Recently i have upgraded the system 7.2 to 8.2 and dummynet doesn't=20 > work anymore. > If any packet belong the client IP puts any pipe, it drops and pflog=20 > says it blocked by last pf rule. But it match previous rule. > If i disable (flush) the ipfw rules, packets pass normally. > > Does anybody have same experience? You have to make sure ipfw module is loaded first otherwise you will hit = pf states twice which will drop as you see. > > http://forums.freebsd.org/showthread.php?t=3D24947 > > Thanks. > > Murat > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"