Date: Wed, 27 Apr 2005 19:50:16 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Max Laier'" <max@love2party.net>, <freebsd-pf@freebsd.org> Subject: RE: Considered BETA now [Re: New PF (OpenBSD 3.7 ***ALPHA-preview***)] Message-ID: <20050427185016.AB09C16@gw2.local.net> In-Reply-To: <200504272024.41241.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Max, been meaning to log this, just subscribed today. Consider if you will the following, policy excerpts have been running fine under OBSD 3.4 and your excellent handiwork prior to the 3.7 import on Free. Pristine CURRENT as of ~ # uname -a FreeBSD gw2.local.net 6.0-CURRENT FreeBSD 6.0-CURRENT #38: Tue Apr 26 09:37:04 BST 2005 root@gw2.local.net:/usr/obj/usr/src/sys/GH i386 PF and ALTQ conf'd in statically. ~ # cat /etc/pf-nbt.conf Ext="hme1" RPC_NBT="{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }" # Drop NBT on external interface block quick on $Ext inet proto {tcp,udp} to any port $RPC_NBT # ~ # grep -i nbt /etc/pf.conf # Discard unwanted NBT traffic anchor nbt load anchor nbt:nbt from "/etc/pf-nbt.conf" # Appears to parse & load ok ~ # pfctl -v -a nbt:nbt -f /etc/pf-nbt.conf Ext = "hme1" Int = "hme0" RPC_NBT = "{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }" block drop quick on hme1 inet proto tcp from any to any port = loc-srv block drop quick on hme1 inet proto tcp from any to any port = netbios-ns block drop quick on hme1 inet proto tcp from any to any port = netbios-dgm block drop quick on hme1 inet proto tcp from any to any port = netbios-ssn block drop quick on hme1 inet proto tcp from any to any port = microsoft-ds block drop quick on hme1 inet proto udp from any to any port = loc-srv block drop quick on hme1 inet proto udp from any to any port = netbios-ns block drop quick on hme1 inet proto udp from any to any port = netbios-dgm block drop quick on hme1 inet proto udp from any to any port = netbios-ssn block drop quick on hme1 inet proto udp from any to any port = microsoft-ds However, no joy. ~ # pfctl -v -s Anchors -a nbt:nbt ~ # pfctl -v -s Anchors -a nbt ~ # Have been running the 3.7 code for a week, if you need other info from me, just ask. Cheers Greg > -----Original Message----- > From: owner-freebsd-pf@freebsd.org > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Max Laier > Sent: 27 April 2005 19:25 > To: freebsd-pf@freebsd.org > Subject: Considered BETA now [Re: New PF (OpenBSD 3.7 > ***ALPHA-preview***)] > > On Wednesday 20 April 2005 01:12, Max Laier wrote: > > All, > > > > at: > > http://people.freebsd.org/~mlaier/pf37/ > > > > you will find the first shot at the long awaited import of a new > > version of pf. This is level with what is likely to be shipped as > > OpenBSD 3.7 and includes *most* of the features. > > Until now I have gotten zero feedback concerning this! If > you are not willing to test, you will have to live with the > consequences! > > I have done some tests myself, however, and my soekris box > seems stable and happy with the code so far. I consider it > to be BETA-stage now and urge everybody - once more - PLEASE > TEST THIS AND SEND FEEDBACK, NOW! > > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050427185016.AB09C16>