hello,
i have a problem with rdr:
i have a default block policy, i can recognize incoming rdr packets by tags
given to them in 'rdr' line, but i don't know about any way to spot replies
to these rdr requests.
the whole problem is that i want to use if-bound states, because i need to
limit both
Jeff Wilson [EMAIL PROTECTED] wrote:
Is there a straightforward way to log these disallowed states? Or
perhaps a way to log which IPs have hit this ceiling, and when, and for
how long?
it just doesn't match a rule when it hits the limit, ie. matches the 'block'
rule, if you have it. use
Travis H. [EMAIL PROTECTED] wrote:
Queuing doesn't make sense inbound anyway; once you've received the
packet, it has already consumed your bandwidth, and thus queuing won't
change anything.
queueing could delay ACK reply being sent and then whole connection
would get throttled.
it works
hello,
i'm having a strange problem with my pf setup. i've upgraded my FreeBSD
router from 5.4-R to 6.0-R and rules, which were previously working as
normal, stopped functioning.
i had a rule like that:
pass in quick on rl0 inet proto tcp from any to 83.16.236.178 port = ssh flags
S/SA
Terje Elde [EMAIL PROTECTED] wrote:
There's also another issue. I (and I'm assuming others) would like
ssh to have a high priority, to ensure low latency when working
against remote servers, but if you have a delicate QoS setup, using
ssh for file transfer will use the same ports, and to a
hello,
sometimes it's not the best to use stateful firewalling, e.g. when
serving a lot of clients with public, routable addresses.
because of how putting data into queues now work, for queueing clients'
bandwidth, one has to specify separate firewall lines for every queue
used.
pf manual
On Sat, Apr 29, 2006, Daniel Hartmeier wrote:
I know this is possible because IPFW with dummynet doesn't have any
problems. If everyone loves PF because of its elegance why can't it do
something as simple as queue download traffic?
On Fri, May 05, 2006, Gustavo A. Baratto wrote:
Is there any easy way to find out what the defaults are for the options?
Things like timeout, limit, debug, etc have no default values
explicited in man page for pf.conf (openbsd 3.9)
timeouts:
# pfctl -st
-- sh
pgpUuglIYCYb7.pgp
Description:
Hello,
I'm curious how synproxy affects limits of state entries. In one
particular case, a host might be synflooded and a limit of state entries
would be placed. Would the limit only affect states passing synproxy
or all, even those created by a dumb synflood attack?
--
Unix stuff ::
On Mon, Dec 11, 2006, Travis H. wrote:
http://www.subspacefield.org/~travis/deadman/
Note that you shouldn't kill state, because then you won't be able
to hit return and the script will probably exit due to a HUP. I'll
think about how to fix that for the next rev.
You don't need to think
On Wed, Dec 20, 2006, Rob wrote:
It seems that the memory limitations related to the current table
implementation are due to the fact that all the records are stored in
memory [...]
The second more outlandish feature I call The Decider which would be
similar to read only tables but would
11 matches
Mail list logo
