From owner-freebsd-stable@FreeBSD.ORG Wed Nov 10 13:49:02 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BC3A16A4CE for ; Wed, 10 Nov 2004 13:49:02 +0000 (GMT) Received: from dart.sr.se (dart.SR.SE [134.25.0.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83A0943D46 for ; Wed, 10 Nov 2004 13:49:01 +0000 (GMT) (envelope-from flygt@sr.se) Received: from honken.sr.se (honken.sr.se [134.25.128.27]) by dart.sr.se (8.12.9p2/8.12.8) with ESMTP id iAADmxTM036786 for ; Wed, 10 Nov 2004 14:48:59 +0100 (CET) (envelope-from flygt@sr.se) Received: from oldie.sr.se (oldie [134.25.200.100]) by honken.sr.se (8.12.8p2/8.12.8) with ESMTP id iAADmxO1025674 for ; Wed, 10 Nov 2004 14:48:59 +0100 (CET) (envelope-from flygt@sr.se) Received: from oldie.sr.se (localhost [127.0.0.1]) by oldie.sr.se (8.13.1/8.12.11) with ESMTP id iAADmsep022973 for ; Wed, 10 Nov 2004 14:48:54 +0100 (CET) (envelope-from flygt@sr.se) Received: (from gunnar@localhost) by oldie.sr.se (8.13.1/8.13.1/Submit) id iAADmsYT022972 for freebsd-stable@freebsd.org; Wed, 10 Nov 2004 14:48:54 +0100 (CET) (envelope-from gunnar) Date: Wed, 10 Nov 2004 14:48:54 +0100 From: Gunnar Flygt To: FreeBSD Stable Message-ID: <20041110134853.GB87953@sr.se> Mail-Followup-To: Gunnar Flygt , FreeBSD Stable Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: 5.3-RELEASE kde 3.3 and pf X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Gunnar Flygt List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 13:49:02 -0000 I've had problems with DKE 3.3 since I upgraded to 5.3-RELEASE. I compared the same machine (Dell Latitude D600) with a different HD where Gentoo Linux (Sorry for that:) resides. Om the Gentto box KDE 3.3 starts promply from kdm, no extra delays, but with FreeBSD 5.3 it takes about 2 minutes to get a running KDE environment. Got the "briliant" idea to stop pf before starting kdm AND alas KDE starts as fast as on the Gentoo system. (Actually it is even faster than login on the gentoo system:) Here is my /etc/pf.conf: # $FreeBSD: src/etc/pf.conf,v 1.1.2.1 2004/09/17 18:27:14 mlaier Exp $ # $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $ # # See pf.conf(5) and /usr/share/examples/pf for syntax and examples. # Required order: options, normalization, queueing, translation, filtering. # Macros and tables may be defined and used anywhere. # Note that translation rules are first match while filter rules are last match. # Macros: define common values, so they can be referenced and changed easily. ext_if="bge0" # replace with actual external interface name i.e., dc0 # Normalization: reassemble fragments and resolve or reduce traffic ambiguities. scrub in all # block all incoming packets but allow ssh, pass all outgoing tcp and udp # connections and keep state, logging blocked packets. block in log all antispoof for { lo, $ext_if } pass in on $ext_if proto tcp from any to $ext_if port 22 keep state pass out on $ext_if proto { tcp, udp } all keep state pass out quick proto icmp from any to any keep state pass in quick proto icmp from any to any # drop without log block in proto { tcp, udp } from any to any port 134 >< 140 block in proto tcp from any to any port = 515 block in from any to 255.255.255.255 # my local network Class B block in from any to yyy.xx.255.255 block in from any to 224.0.0.0/4 What is it that makes KDE so slow when using pf with these simple rules. Have I missed something? -- Gunnar Flygt SR Datadrift Sveriges Radio