Date: Tue, 19 Dec 2017 16:46:24 +0200 From: wishmaster <artemrts@ukr.net> To: freebsd-net@freebsd.org Subject: Re[2]: ng_patch and swap_pager_getswapspace error Message-ID: <1513694407.556184943.ya3sdvt4@frv52.fwdcdn.com> In-Reply-To: <5A391519.8040707@grosbein.net> References: <1513663683.700534911.voagagit@frv52.fwdcdn.com> <5A391519.8040707@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Original message ---
From: "Eugene Grosbein" <eugen@grosbein.net>
Date: 19 December 2017, 15:33:42
> On 19.12.2017 13:15, wishmaster wrote:
> > Hi,
> >
> > after I have applied ng_patch for setting TTL for outgoing packets with below rules
> >
> > kldload ng_ipfw 2>/dev/null
> > kldload ng_patch 2>/dev/null
> >
> > /usr/sbin/ngctl -f- <<-SEQ
> > mkpeer ipfw: patch 100 in
> > name ipfw:100 ttl_set
> > msg ttl_set: setconfig { count=1 csum_flags=1 ops=[ \
> > { mode=1 value=128 length=1 offset=8 } ] }
> > SEQ
> >
> > /sbin/ipfw add 15002 netgraph 100 ip from me to not me recv "*"
>
> Why do you have incoming ip packets sourced from your IP?
It's ok. I use per-interface ACL.
# out
ipfw -fq table tbl_OUT_IF flush
...
ipfw table tbl_OUT_IF add tun1 15000 #
...
$cmd 100 skipto tablearg log all from any to any in recv "table(tbl_IN_IF)"
$cmd 110 skipto tablearg log all from any to any out xmit "table(tbl_OUT_IF)"
### OUT ext_if tun0
$cmd 15000 nat 1 log all from not me to not me recv "*" # LAN traffic
# !!! 15002 here
$cmd 15020 allow log all from me to not me recv "*" # LAN traffic
$cmd 15150 allow log all from me to any $ks :nts # Router traffic
$cmd 15499 deny log all from any to any
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1513694407.556184943.ya3sdvt4>