After updating -current about a week ago I started getting the following
error upon trying to load my ruleset:
# pfctl -vf /etc/pf.conf
[...]
altq on tun0 cbq bandwidth 50Kb tbrsize 1500 queue { root std dns http
mail ssh}
queue root cbq( red ecn default ) { std dns http mail ssh }
pfctl:
No, you cannot use negated lists. They would always match in one or
the other way. Short, it wouldnt do what you want to achieve there.
Use { !1.2.3.4/32, !2.1.0.0/24}
Sure, i've already done that, thanks.
Anyway i think that syntax interpreted as you've done could be an
improvement in easing
On 10/03/2003, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
I'm almost totally new to pf.
I'v noticed that this syntax is not accepted:
Ext_If = rl0
MyVar = { 1.2.3.4/32, 2.1.0.0/24 }
pass in on $Ext_If from any to !$MyVar
I think this should be a honest
On 10/03/2003, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote To Philipp Buehler -
sysfive.com GmbH:
Use { !1.2.3.4/32, !2.1.0.0/24}
Sure, i've already done that, thanks.
Anyway i think that syntax interpreted as you've done could be an
improvement in easing the ruleset of pf.conf file.
Well,
[EMAIL PROTECTED] wrote:
I'm almost totally new to pf.
I'v noticed that this syntax is not accepted:
Ext_If = rl0
MyVar = { 1.2.3.4/32, 2.1.0.0/24 }
pass in on $Ext_If from any to !$MyVar
beware of rule expansion.
PF would expand that to:
pass in on $Ext_If from any to !1.2.3.4/32
Philipp Buehler - sysfive.com GmbH wrote:
On 10/03/2003, Damien Miller [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
After updating -current about a week ago I started getting the following
error upon trying to load my ruleset:
# pfctl -vf /etc/pf.conf
[...]
altq on tun0 cbq bandwidth 50Kb
w00t!
Design and Performance of the OpenBSD Stateful Packet Filter (pf)
by Daniel Hartmeier
[ http://linuxforum.mmmanager.net/1045982346433661373/view ]
Showtime:
http://linuxforum.mmmanager.net/1045982346433661373/SMIL.smil
Ed
On Mon, Mar 10, 2003 at 08:24:33PM +1100, Damien Miller wrote:
Philipp Buehler - sysfive.com GmbH wrote:
On 10/03/2003, Damien Miller [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
After updating -current about a week ago I started getting the following
error upon trying to load my ruleset:
Henning Brauer wrote:
On Mon, Mar 10, 2003 at 08:24:33PM +1100, Damien Miller wrote:
Philipp Buehler - sysfive.com GmbH wrote:
On 10/03/2003, Damien Miller [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
After updating -current about a week ago I started getting the following
error upon trying
Henning Brauer wrote:
On Mon, Mar 10, 2003 at 09:43:16PM +1100, Damien Miller wrote:
Henning Brauer wrote:
either you have more queuedefs you are hiding from us
yes, you have.
look, the error is obvious.
Ah, ok. Has the checking been tightened? This worked for ages...
the really right thing
On Mon, Mar 10, 2003 at 10:06:55PM +1100, Damien Miller wrote:
Henning Brauer wrote:
On Mon, Mar 10, 2003 at 09:43:16PM +1100, Damien Miller wrote:
Henning Brauer wrote:
either you have more queuedefs you are hiding from us
yes, you have.
look, the error is obvious.
Ah, ok. Has the
Title: RE: Why isn't this port blocked?
This was the problem:
Just replace with .
tcp 3.3.0.10:12002 - 2.2.20.0:2913 ESTABLISHED:ESTABLISHED
[498402552 + 63219] [922621281 + 63919]
age 00:03:52, expires in 23:59:56, 207 pkts, 42135 bytes, rule 43
@43 pass in inet proto tcp from any to
Hello,
Does enyone have a howto on this:
OpenBSD with 3 NIC's+SNORT with mysql+Apache with
ACID
2 NIC's are used for bridge
pffirewall
OpenBSD is also with SNORT and mysql
1 NIC is used for hookup with my
labtop.
Labtop is with apache and
ACID.
If U have one that U would like to
I have a question dealing with vlans
and bridges on an OpenBSD-stable box.
First, what I am trying to do is below in ascii art as much as I hate ascii art.
-
| Cisco 6509 |
-
|
fa3/0 dot 1q trunk to OBSD bridge fxp0
|
|
/etc/bridgename.bridge0
add fxp0 add fxp1 add vlan0 add vlan1 add vlan1 add
vlan 3 up
What's about add vlan2? I see only 0, 1, 1, 3.. is that right?
--
Oskar
15 matches
Mail list logo