Date: Thu, 16 Sep 2004 03:50:01 -0000 From: "Max Laier" <max@love2party.net> To: <pf4freebsd@freelists.org> Subject: [pf4freebsd] Re: pfaltq-5.1.0.4 problem using fingerprinting Message-ID: <00ce01c3715e$961a0ce0$01000001@max900> References: <3F54A3F9.3010101@dequim.ist.utl.pt> <3F54A64B.6090404@dequim.ist.utl.pt>
next in thread | previous in thread | raw e-mail | index | archive | help
> > All seems to be working fine including AltQ integration. Only a minor
> > glitch when I do ifconfig. (box reboots... works perfectly fine on
> > another 5.1 box. Probably a kernel option. Will do some more research on
> > this...)
> >
> > Anyway, passive fingerprinting may have a bug,
> > This is the important rule in question:
> >
> > #ssh
> > pass in on $ext_if proto tcp from any os Windows to $main_ip port 22
> > modulate state queue(interact_bulk,interact_ack)
> >
> > Without the "os Windows" everything works fine. And I am coming in from
> > a Windows box as tcpdump shows:
>
> To make it clear, it _never_ allows my remote windows box to log in.
.. too late for my reply ... can you provide counters (i.e. "pfctl -gvvsr"
output)? Please send the whole ruleset if you want us to help. Additonal
tcpdump on pflog0 (with some "log spice" in the rule-set) could help as
well. I have not seen problems with OSFP and tried it on a very same
scenario.
Regards,
Max
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ce01c3715e$961a0ce0$01000001>