From owner-freebsd-net@freebsd.org Tue Dec 19 14:46:41 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E8549E87B6C for ; Tue, 19 Dec 2017 14:46:41 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv190.fwdcdn.com (frv190.fwdcdn.com [212.42.77.190]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A9E337B966 for ; Tue, 19 Dec 2017 14:46:41 +0000 (UTC) (envelope-from artemrts@ukr.net) Received: from frv198.fwdcdn.com ([212.42.77.198]) by frv190.fwdcdn.com with esmtp ID 1eRJA9-0006Sf-Ju for freebsd-net@freebsd.org; Tue, 19 Dec 2017 16:46:33 +0200 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References: In-Reply-To:Message-Id:To:Subject:From:Date:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=elo2TxutjyN1F+CIeatp2TeUgKmcS+i0Wadlc2SyaF8=; b=qVt88I7vWNT//rRk2a2Y/1qB9j 4YGFTx8T3BU1untbpcwKiXLXTPaA+1l4yrfFix+u47dmx+syaLysi89RCWR77dUtLUwd/pP6tOvAE NdizKu6ax9XNUet6OYF2zZWfdktXjfBT8KJ4SFZ5Yf/dM7kK+0A8NZT61utDHm+9qJqs=; Received: from [10.10.10.52] (helo=frv52.fwdcdn.com) by frv198.fwdcdn.com with smtp ID 1eRJA0-0006G2-SF for freebsd-net@freebsd.org; Tue, 19 Dec 2017 16:46:24 +0200 Date: Tue, 19 Dec 2017 16:46:24 +0200 From: wishmaster Subject: Re[2]: ng_patch and swap_pager_getswapspace error To: freebsd-net@freebsd.org X-Mailer: mail.ukr.net 5.0 Message-Id: <1513694407.556184943.ya3sdvt4@frv52.fwdcdn.com> In-Reply-To: <5A391519.8040707@grosbein.net> References: <1513663683.700534911.voagagit@frv52.fwdcdn.com> <5A391519.8040707@grosbein.net> X-Reply-Action: reply Received: from artemrts@ukr.net by frv52.fwdcdn.com; Tue, 19 Dec 2017 16:46:24 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2017 14:46:42 -0000 --- Original message --- From: "Eugene Grosbein" Date: 19 December 2017, 15:33:42 > On 19.12.2017 13:15, wishmaster wrote: > > Hi, > > > > after I have applied ng_patch for setting TTL for outgoing packets with below rules > > > > kldload ng_ipfw 2>/dev/null > > kldload ng_patch 2>/dev/null > > > > /usr/sbin/ngctl -f- <<-SEQ > > mkpeer ipfw: patch 100 in > > name ipfw:100 ttl_set > > msg ttl_set: setconfig { count=1 csum_flags=1 ops=[ \ > > { mode=1 value=128 length=1 offset=8 } ] } > > SEQ > > > > /sbin/ipfw add 15002 netgraph 100 ip from me to not me recv "*" > > Why do you have incoming ip packets sourced from your IP? It's ok. I use per-interface ACL. # out ipfw -fq table tbl_OUT_IF flush ... ipfw table tbl_OUT_IF add tun1 15000 # ... $cmd 100 skipto tablearg log all from any to any in recv "table(tbl_IN_IF)" $cmd 110 skipto tablearg log all from any to any out xmit "table(tbl_OUT_IF)" ### OUT ext_if tun0 $cmd 15000 nat 1 log all from not me to not me recv "*" # LAN traffic # !!! 15002 here $cmd 15020 allow log all from me to not me recv "*" # LAN traffic $cmd 15150 allow log all from me to any $ks :nts # Router traffic $cmd 15499 deny log all from any to any