shwegime
Wed, 13 Jan 2010 04:20:59 -0800
On Wed, 13 Jan 2010, Vadim Zhukov wrote: > On 13 January 2010 P3. 06:07:35 shweg...@gmail.com wrote: >> I just installed a snapshot and run it from a usb thumb. >> The 'iwn' has exactly the same issues (that is hanging after a minute >> or so of usage and working again after doing 'up down') as with >> -release, including the 'ping' >> hanging there and not giving the 'packet loss' error, which I cannot >> really understand since it worked just fine until a couple of days >> ago. >> >> any ideas? > > I can recommend you to show your pf.conf on the list, there was some work > on PF too. Problems with ping could be related to PF changes. Of > course, "up-down" means you need help from Damien Bergamini > <dam...@openbsd.org> . > > -- > Best wishes, > Vadim Zhukov > > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing in e-mail? >
Well, this is my pf.conf. but I dare to think the problem is not there,
since it worked fine until two days ago and I did non make changes to it.
It is a very simple pf.conf for a desktop, comments welcomed
I will eventually write to Damien Bergamini.
Thanks.
# cat /etc/pf.conf
# interface
ext_if="iwn0"
# tables
table <brutes> persist
table <martians> const persist { 127/8, 192.168/16, 172.16/12, 10/8, 0/8,
169.254/16, 192.0.2/24, 240/4 }
# options
set block-policy drop
set loginterface $ext_if
set skip on lo0
# scrub
match in all scrub (no-df max-mss 1440)
# antispoof
antispoof for $ext_if
# block everything
block in log all
block out all
# block evil
block in quick on $ext_if from <martians> to any
block in quick from <brutes> to any
# allow ssh connections
pass in on $ext_if proto tcp from any to any port ssh keep state \
(max-src-conn-rate 2/10, overload <brutes> flush global)
# pass out all traffic
pass out on $ext_if inet all