subject:"openbsd packet firewall"

Re: openbsd packet firewall

2012-09-07 Thread Andreas Rudisch

On Thu, 6 Sep 2012 23:41:44 -0400 (EDT)
Darrel levi...@iglou.com wrote:

 Packet Filter does not work 

Hi,

you might want to give more information other than that.

Andreas
--
GnuPG key  : 0x2A573565|http://www.gnupg.org/howtos/de/
Fingerprint: 925D 2089 0BF9 8DE5 9166  33BB F0FD CD37 2A57 3565
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

2012-09-07 Thread Fbsd8


Darrel wrote:

Hello,

When I moved from -fbsd82 to -fbsd90 it required a total reinstall since 
Packet Filter did not *work* any longer.  Now that I have moved from 
-fbsd90 to the new release candidate, Packet Filter does not work 
considering at least IPv6 and ssh.


I have tested a simple pf.conf on this system with the same result.
It seems like I will need to learn ipfw or give up on fbsd.

Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org





pf is way back level in Freebsd, the online openbsd pf manual is at the 
current pf level and uses the newer syntax for the nat function. You 
have to use the freebsd pf man pages for correct matching documentation.

You can always use ipf (ipfilter) instead of ipfw.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

2012-09-07 Thread Darrel



On Fri, 7 Sep 2012, Fbsd8 wrote:


Darrel wrote:

Hello,

When I moved from -fbsd82 to -fbsd90 it required a total reinstall since 
Packet Filter did not *work* any longer.  Now that I have moved from 
-fbsd90 to the new release candidate, Packet Filter does not work 
considering at least IPv6 and ssh.


I have tested a simple pf.conf on this system with the same result.
It seems like I will need to learn ipfw or give up on fbsd.

Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to 
freebsd-questions-unsubscr...@freebsd.org





pf is way back level in Freebsd, the online openbsd pf manual is at the 
current pf level and uses the newer syntax for the nat function. You have to 
use the freebsd pf man pages for correct matching documentation.

You can always use ipf (ipfilter) instead of ipfw.



thanks for your kind response.

darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

2012-09-07 Thread Darrel



On Fri, 7 Sep 2012, Andreas Rudisch wrote:


On Thu, 6 Sep 2012 23:41:44 -0400 (EDT)
Darrel levi...@iglou.com wrote:


Packet Filter does not work


Hi,

you might want to give more information other than that.



when i updated from fbsd82 to fbsd90 using buildworld, buildkernel, 
installkernel, reboot, installworld, mergemaster, and make check-old, then 
packet filter simply did not load.  others on the list had the same 
problem.  i do not recall if it was specific to amd64.


now that i have updated from fbsd90 to fbsd91rc, ipv6 of packet filter is 
broken.  i can not connect to ipv6 services.  nmap run against the machine 
reports per usual with -4 flag and using -6 flag reports no opened ports. 
ssh and auth should be open.  i substituted a very simple pf.conf and got 
the same result.


i think that there is no troubleshooting to be done, but if you want 
further information then i will send it.


darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

2012-09-07 Thread Polytropon

On Fri, 7 Sep 2012 09:00:27 -0400 (EDT), Darrel wrote:
 when i updated from fbsd82 to fbsd90 using buildworld, buildkernel, 
 installkernel, reboot, installworld, mergemaster, and make check-old, then 
 packet filter simply did not load. 

That's nmot 100% the procedure. Please refer to the comment
header of /usr/src/Makefile for the full description. It should
also be mentioned in The FreeBSD Handbook.

 1.  `cd /usr/src'   (or to the directory containing your source tree).
 2.  `make buildworld'
 3.  `make buildkernel KERNCONF=YOUR_KERNEL_HERE' (default is GENERIC).
 4.  `make installkernel KERNCONF=YOUR_KERNEL_HERE'   (default is GENERIC).
  [steps 3.  4. can be combined by using the kernel target]
 5.  `reboot'(in single user mode: boot -s from the loader prompt).
 6.  `mergemaster -p'
 7.  `make installworld'
 8.  `make delete-old'
 9.  `mergemaster'(you may wish to use -i, along with -U or -F).
10.  `reboot'
11.  `make delete-old-libs' (in case no 3rd party program uses them anymore)

The proper use of mergemaster and the two delete* targets
seems to be different from your description.





-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

2012-09-07 Thread Darrel



On Fri, 7 Sep 2012, Polytropon wrote:


On Fri, 7 Sep 2012 09:00:27 -0400 (EDT), Darrel wrote:

when i updated from fbsd82 to fbsd90 using buildworld, buildkernel,
installkernel, reboot, installworld, mergemaster, and make check-old, then
packet filter simply did not load.


That's nmot 100% the procedure. Please refer to the comment
header of /usr/src/Makefile for the full description. It should
also be mentioned in The FreeBSD Handbook.

1.  `cd /usr/src'   (or to the directory containing your source tree).
2.  `make buildworld'
3.  `make buildkernel KERNCONF=YOUR_KERNEL_HERE' (default is GENERIC).
4.  `make installkernel KERNCONF=YOUR_KERNEL_HERE'   (default is GENERIC).
 [steps 3.  4. can be combined by using the kernel target]
5.  `reboot'(in single user mode: boot -s from the loader prompt).
6.  `mergemaster -p'
7.  `make installworld'
8.  `make delete-old'
9.  `mergemaster'(you may wish to use -i, along with -U or -F).
10.  `reboot'
11.  `make delete-old-libs' (in case no 3rd party program uses them anymore)

The proper use of mergemaster and the two delete* targets
seems to be different from your description.


You are correct, of course.  Actually that is what I have been doing, 
except that I have been running 'make delete-old' after mergemaster. 
Also, I have been deleting /usr/obj/* before 'cd /usr/src' and after 'cd 
/usr/src' running 'make cleandir  make cleandir'.


Thanks for the clarification.

Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

openbsd packet firewall

2012-09-06 Thread Darrel


Hello,

When I moved from -fbsd82 to -fbsd90 it required a total reinstall since 
Packet Filter did not *work* any longer.  Now that I have moved from 
-fbsd90 to the new release candidate, Packet Filter does not work 
considering at least IPv6 and ssh.


I have tested a simple pf.conf on this system with the same result.
It seems like I will need to learn ipfw or give up on fbsd.

Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: openbsd packet firewall

Re: openbsd packet firewall

Re: openbsd packet firewall

Re: openbsd packet firewall

Re: openbsd packet firewall

Re: openbsd packet firewall

openbsd packet firewall

7 matches

Site Navigation

Mail list logo

Footer information