[pfSense] Pflog undocumented rule (https://forum.pfsense.org/index.php?topic=52887.0)

2014-10-24 Thread Jason Pyeron 
About a year ago there was a post showing the RFC 5771 packets in the pflog and 
the OP did not have any logging rules.

I have a logging rule for my blocks, and this is polluting the log.

Where do they come from and how do I eliminate them?

em0=WAN
em1=LAN
re0=MGMT

NAT is enabled from LAN to WAN

No. TimeSourceDestination   Port   
Protocol Length Info
 50 2014-10-24 21:01:53 0.0.0.0   224.0.0.1
IGMPv2   96 [pass re0/0] Membership Query, general

Frame 50: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on 
interface 0
Interface id: 0 (-)
Encapsulation type: OpenBSD PF Firewall logs (39)
Arrival Time: Oct 24, 2014 21:01:53.220023000 Eastern Daylight Time
[Time shift for this packet: 0.0 seconds]
Epoch Time: 1414198913.220023000 seconds
[Time delta from previous captured frame: 120.692432000 seconds]
[Time delta from previous displayed frame: 124.99299 seconds]
[Time since reference or first frame: 459.626189000 seconds]
Frame Number: 50
Frame Length: 96 bytes (768 bits)
Capture Length: 96 bytes (768 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: pflog:ip:igmp]
[Coloring Rule Name: Routing]
[Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp 
|| gvrp || igmp || ismp]
PF Log IPv4 pass on re0 by rule 0
Header Length: 61
Address Family: IPv4 (2)
Action: pass (0)
Reason: ip-option (8)
Interface: re0
Ruleset:
Rule Number: 72
Sub Rule Number: -1
UID: -1
PID: -1601830656
Rule UID: 0
Rule PID: 1550778368
Direction: in (1)
Padding: 00
Internet Protocol Version 4, Src: 0.0.0.0 (0.0.0.0), Dst: 224.0.0.1 (224.0.0.1)
Version: 4
Header Length: 24 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 
0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
 ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable 
Transport) (0x00)
Total Length: 32
Identification: 0x (0)
Flags: 0x02 (Don't Fragment)
0...  = Reserved bit: Not set
.1..  = Don't fragment: Set
..0.  = More fragments: Not set
Fragment offset: 0
Time to live: 1
Protocol: IGMP (2)
Header checksum: 0x0417 [validation disabled]
[Good: False]
[Bad: False]
Source: 0.0.0.0 (0.0.0.0)
Destination: 224.0.0.1 (224.0.0.1)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Options: (4 bytes), Router Alert
Router Alert (4 bytes): Router shall examine packet (0)
Type: 148
1...  = Copy on fragmentation: Yes
.00.  = Class: Control (0)
...1 0100 = Number: Router Alert (20)
Length: 4
Router Alert: Router shall examine packet (0)
Internet Group Management Protocol
[IGMP Version: 2]
Type: Membership Query (0x11)
Max Resp Time: 10.0 sec (0x64)
Header checksum: 0xee9b [correct]
Multicast Address: 0.0.0.0 (0.0.0.0)

  3d 02 00 08 72 65 30 00 00 00 00 00 00 00 00 00   =...re0.
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   
0020  00 00 00 00 00 00 00 48 ff ff ff ff ff ff ff ff   ...H
0030  a0 86 01 00 00 00 00 00 5c 6f 00 00 01 00 00 00   \o..
0040  46 c0 00 20 00 00 40 00 01 02 04 17 00 00 00 00   F.. ..@.
0050  e0 00 00 01 94 04 00 00 11 64 ee 9b 00 00 00 00   .d..

No. TimeSourceDestination   Port   
Protocol Length Info
 51 2014-10-24 21:01:53 0.0.0.0   224.0.0.1
IGMPv2   96 [pass em1/0] Membership Query, general

Frame 51: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on 
interface 0
Interface id: 0 (-)
Encapsulation type: OpenBSD PF Firewall logs (39)
Arrival Time: Oct 24, 2014 21:01:53.22009 Eastern Daylight Time
[Time shift for this packet: 0.0 seconds]
Epoch Time: 1414198913.22009 seconds
[Time delta from previous captured frame: 0.67000 seconds]
[Time delta from previous displayed frame: 0.67000 seconds]
[Time since reference or first frame: 459.626256000 seconds]
Frame Number: 51
Frame Length: 96 bytes (768 bits)
Capture Length: 96 bytes (768 bits)
[Frame is marked: True]
[Frame is ignored: False]
[Protocols in frame: pflog:ip:igmp]
[Coloring Rule Name: Routing]
[Coloring Rule String: hsrp || eigrp || ospf || bgp || cdp || vrrp || carp 
|| gvrp || igmp || ismp]
PF Log IPv4 pass on em1 by rule 0
Header Length: 61
Address Family: IPv4 (2)
Action: pass (0)
Reason: ip-option (8)
Interface: em1
Ruleset:
Rule Number: 72
Sub Rule Number: -1
UID: -1
PID: -1601

Re: [pfSense] pfsense h/w

2014-10-24 Thread Josh Reynolds 
It's not your "fault", it's "my fault". I made an apparently poor 
assumption that the info might be useful to people on this list in a 
small-blurb format. Useful or not, it caused extra background noise.


I'd perfer to let this /offtopic end, if you will.

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 03:07 PM, Ryan Coleman wrote:

I did ask the reply to be off-list…



On Oct 24, 2014, at 17:57, Josh Reynolds > wrote:


"You said it, man. Nobody fucks with the Jesus."

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 02:54 PM, Jim Thompson wrote:

Josh,


First, did you not read the part where I said, "(At least not until 
we make pfSense available on Ubiquiti platforms.)” ??


Note that I’ve *always* said that pfSense software on the ERL will 
occur *after* (emphasis: **AFTER**) the regular 2.2 release.


WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART?  I just want to be 
clear.


A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain. 
 Once we have that sorted, the effort will resume.  We’re also in a 
(much) deeper
relationship with Cavium now, so there is a possibility that we can 
put some of the acceleration bits in with time.


Frankly, there is an internal build of pfSense software for the 
Beaglebone Black, too.  Not that we’re planning on selling BBB 
(though Netgate
will be selling same) with pfSense software pre-loaded, but it does 
allow us to work out the kinks in the process to support 
architectures other

than i386 and amd64.

But this is all still very back-burner compared to the effort to get 
pfSense 2.2 to a RELEASEd status.


The lizard has spoken.

Jim

On Oct 24, 2014, at 5:37 PM, Josh Reynolds > wrote:


Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make 
pfSense available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a 
little biased.


The M series gear is pretty good kit for point to point or point 
to multi point applications. AirFiber is great for ~10 mile or 
less shots, with bandwidth a little over 765Mbps full duplex on 
short range shots with the AF24. The new UniFi products are 
looking good, basically localor remote "cloud" managed routers, 
switches, access points, and phones, with plans to fold the 
unifi-video line directly in, as well as the mFi sensor line into 
the same interface. The camera hardware is getting better, but 
the native camera feature set needs work... I can't seem to get 
it pounded into peoples heads that RTSP and cookieless jpg 
snapshots should be native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more 
than VRRP. The QoS engine and firewall engines could both stand 
to be rebuilt, and might be in the fairly near future. The 
standard 8 port edgerouter and edgerouter pro models are pretty 
nice. I'm excited to see how the "carrier" and other future 
models turn out.


There-- that's a quick writeup that should be useful for people 
on this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well 
as high capacity wifi) and I'd be curious to get some pros/cons 
from those who know... so please email me off list (so as not to 
offend the other Thompson on the list... he might molt on me 
anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of 
Brocade when I wrote that.  I could also use UBNT's competitor, 
MikroTik, as a good example of how to build decent products the 
wrong way, but Brocade was my target here. You're a paragon of 
open-source stewardship in comparison!




_

Re: [pfSense] pfsense h/w

2014-10-24 Thread Ryan Coleman 
I did ask the reply to be off-list… 



> On Oct 24, 2014, at 17:57, Josh Reynolds  wrote:
> 
> "You said it, man. Nobody fucks with the Jesus."
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 02:54 PM, Jim Thompson wrote:
>> Josh,
>> 
>> 
>> First, did you not read the part where I said, "(At least not until we make 
>> pfSense available on Ubiquiti platforms.)” ??
>> 
>> Note that I’ve *always* said that pfSense software on the ERL will occur 
>> *after* (emphasis: **AFTER**) the regular 2.2 release.
>> 
>> WAIT, BACK UP. DID YOU READ THE AFTER PART?  I just want to be clear.
>> 
>> A-F-T-E-R
>> 
>> Now, since you asked,
>> 
>> There is currently an upstream problem with the (MIPS) toolchain.  Once we 
>> have that sorted, the effort will resume.  We’re also in a (much) deeper
>> relationship with Cavium now, so there is a possibility that we can put some 
>> of the acceleration bits in with time.
>> 
>> Frankly, there is an internal build of pfSense software for the Beaglebone 
>> Black, too.  Not that we’re planning on selling BBB (though Netgate
>> will be selling same) with pfSense software pre-loaded, but it does allow us 
>> to work out the kinks in the process to support architectures other
>> than i386 and amd64.
>> 
>> But this is all still very back-burner compared to the effort to get pfSense 
>> 2.2 to a RELEASEd status.
>> 
>> The lizard has spoken.
>> 
>> Jim
>> 
>>> On Oct 24, 2014, at 5:37 PM, Josh Reynolds >> > wrote:
>>> 
>>> Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?
>>> 
>>> Your own post:
>>> "When what I'm trying to do is make pfSense available on an inexpensive
>>> platform.  It should perform better than an Alix, even without the
>>> private-SDK stunts.
>>> 
>>> Jim"
>>> 
>>> from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html 
>>> 
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
>>> 10:14 AM, Jim Thompson wrote:
 
 This list is not about Ubiquiti.   (At least not until we make pfSense 
 available on Ubiquiti platforms.)
 
 Please take the discussion elsewhere.
 
 jim
 
 
> On Oct 24, 2014, at 12:38 PM, Josh Reynolds  > wrote:
> 
> I am the CIO of a WISP who uses their products, and does a lot of 
> alpha/beta testing for them and other vendors... I may be a little biased.
> 
> The M series gear is pretty good kit for point to point or point to multi 
> point applications. AirFiber is great for ~10 mile or less shots, with 
> bandwidth a little over 765Mbps full duplex on short range shots with the 
> AF24. The new UniFi products are looking good, basically local or remote 
> "cloud" managed routers, switches, access points, and phones, with plans 
> to fold the unifi-video line directly in, as well as the mFi sensor line 
> into the same interface. The camera hardware is getting better, but the 
> native camera feature set needs work... I can't seem to get it pounded 
> into peoples heads that RTSP and cookieless jpg snapshots should be 
> native on the cameras themselves.
> 
> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
> like to see more work done on the HA front - I need more than VRRP. The 
> QoS engine and firewall engines could both stand to be rebuilt, and might 
> be in the fairly near future. The standard 8 port edgerouter and 
> edgerouter pro models are pretty nice. I'm excited to see how the 
> "carrier" and other future models turn out.
> 
> There -- that's a quick writeup that should be useful for people on this 
> list.
> 
> 
> 
> 
> 
> 
> 
> Did Thompson molt yet?
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 05:53 AM, Ryan Coleman wrote:
>> I presume UBNT is Ubiquiti? 
>> 
>> I'm probably going to start testing their hardware for other 
>> applications (I work in the video surveillance industry as well as high 
>> capacity wifi) and I'd be curious to get some pros/cons from those who 
>> know... so please email me off list (so as not to offend the other 
>> Thompson on the list... he might molt on me anyway). 
>> 
>> Sliante! 
>> 
>> 
>> On 10/24/2014 4:03 AM, Adam Thompson wrote: 
>>> [One public correction, nothing to do with Godwin's law!  -Adam] 
>>> 
>>> On 14-10-23 08:36 PM, Jim Thompson wrote: 
> Not that UBNT is a paragon of openness, either, 
 “either”? Wow. Strike 2. 
>>> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when 
>>> I wrote that.  I could also use UB

Re: [pfSense] pfsense h/w

2014-10-24 Thread Josh Reynolds 

"You said it, man. Nobody fucks with the Jesus."

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 02:54 PM, Jim Thompson wrote:

Josh,


First, did you not read the part where I said, "(At least not until we 
make pfSense available on Ubiquiti platforms.)” ??


Note that I’ve *always* said that pfSense software on the ERL will 
occur *after* (emphasis: **AFTER**) the regular 2.2 release.


WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART?  I just want to be 
clear.


A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain. 
 Once we have that sorted, the effort will resume.  We’re also in a 
(much) deeper
relationship with Cavium now, so there is a possibility that we can 
put some of the acceleration bits in with time.


Frankly, there is an internal build of pfSense software for the 
Beaglebone Black, too.  Not that we’re planning on selling BBB (though 
Netgate
will be selling same) with pfSense software pre-loaded, but it does 
allow us to work out the kinks in the process to support architectures 
other

than i386 and amd64.

But this is all still very back-burner compared to the effort to get 
pfSense 2.2 to a RELEASEd status.


The lizard has spoken.

Jim

On Oct 24, 2014, at 5:37 PM, Josh Reynolds > wrote:


Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make 
pfSense available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little 
biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less 
shots, with bandwidth a little over 765Mbps full duplex on short 
range shots with the AF24. The new UniFi products are looking good, 
basically localor remote "cloud" managed routers, switches, access 
points, and phones, with plans to fold the unifi-video line 
directly in, as well as the mFi sensor line into the same 
interface. The camera hardware is getting better, but the native 
camera feature set needs work... I can't seem to get it pounded 
into peoples heads that RTSP and cookieless jpg snapshots should be 
native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more than 
VRRP. The QoS engine and firewall engines could both stand to be 
rebuilt, and might be in the fairly near future. The standard 8 
port edgerouter and edgerouter pro models are pretty nice. I'm 
excited to see how the "carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on 
this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend 
the other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that. I could also use UBNT's competitor, MikroTik, 
as a good example of how to build decent products the wrong way, 
but Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.

Re: [pfSense] pfsense h/w

2014-10-24 Thread Jim Thompson 
Josh,


First, did you not read the part where I said, "(At least not until we make 
pfSense available on Ubiquiti platforms.)” ??

Note that I’ve *always* said that pfSense software on the ERL will occur 
*after* (emphasis: **AFTER**) the regular 2.2 release.

WAIT, BACK UP. DID YOU READ THE AFTER PART?  I just want to be clear.

A-F-T-E-R

Now, since you asked,

There is currently an upstream problem with the (MIPS) toolchain.  Once we have 
that sorted, the effort will resume.  We’re also in a (much) deeper
relationship with Cavium now, so there is a possibility that we can put some of 
the acceleration bits in with time.

Frankly, there is an internal build of pfSense software for the Beaglebone 
Black, too.  Not that we’re planning on selling BBB (though Netgate
will be selling same) with pfSense software pre-loaded, but it does allow us to 
work out the kinks in the process to support architectures other
than i386 and amd64.

But this is all still very back-burner compared to the effort to get pfSense 
2.2 to a RELEASEd status.

The lizard has spoken.

Jim

> On Oct 24, 2014, at 5:37 PM, Josh Reynolds  wrote:
> 
> Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?
> 
> Your own post:
> "When what I'm trying to do is make pfSense available on an inexpensive
> platform.  It should perform better than an Alix, even without the
> private-SDK stunts.
> 
> Jim"
> 
> from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html 
> 
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 10:14 AM, Jim Thompson wrote:
>> 
>> This list is not about Ubiquiti.   (At least not until we make pfSense 
>> available on Ubiquiti platforms.)
>> 
>> Please take the discussion elsewhere.
>> 
>> jim
>> 
>> 
>>> On Oct 24, 2014, at 12:38 PM, Josh Reynolds >> > wrote:
>>> 
>>> I am the CIO of a WISP who uses their products, and does a lot of 
>>> alpha/beta testing for them and other vendors... I may be a little biased.
>>> 
>>> The M series gear is pretty good kit for point to point or point to multi 
>>> point applications. AirFiber is great for ~10 mile or less shots, with 
>>> bandwidth a little over 765Mbps full duplex on short range shots with the 
>>> AF24. The new UniFi products are looking good, basically local or remote 
>>> "cloud" managed routers, switches, access points, and phones, with plans to 
>>> fold the unifi-video line directly in, as well as the mFi sensor line into 
>>> the same interface. The camera hardware is getting better, but the native 
>>> camera feature set needs work... I can't seem to get it pounded into 
>>> peoples heads that RTSP and cookieless jpg snapshots should be native on 
>>> the cameras themselves.
>>> 
>>> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
>>> like to see more work done on the HA front - I need more than VRRP. The QoS 
>>> engine and firewall engines could both stand to be rebuilt, and might be in 
>>> the fairly near future. The standard 8 port edgerouter and edgerouter pro 
>>> models are pretty nice. I'm excited to see how the "carrier" and other 
>>> future models turn out.
>>> 
>>> There -- that's a quick writeup that should be useful for people on this 
>>> list.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> Did Thompson molt yet?
>>> Josh Reynolds, Chief Information Officer
>>> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
>>> 05:53 AM, Ryan Coleman wrote:
 I presume UBNT is Ubiquiti? 
 
 I'm probably going to start testing their hardware for other applications 
 (I work in the video surveillance industry as well as high capacity wifi) 
 and I'd be curious to get some pros/cons from those who know... so please 
 email me off list (so as not to offend the other Thompson on the list... 
 he might molt on me anyway). 
 
 Sliante! 
 
 
 On 10/24/2014 4:03 AM, Adam Thompson wrote: 
> [One public correction, nothing to do with Godwin's law!  -Adam] 
> 
> On 14-10-23 08:36 PM, Jim Thompson wrote: 
>>> Not that UBNT is a paragon of openness, either, 
>> “either”? Wow. Strike 2. 
> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
> wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
> example of how to build decent products the wrong way, but Brocade was my 
> target here.  You're a paragon of open-source stewardship in comparison! 
> 
 
 ___ 
 List mailing list 
 List@lists.pfsense.org  
 https://lists.pfsense.org/mailman/listinfo/list 
 
>>> 
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org

Re: [pfSense] pfsense h/w

2014-10-24 Thread Josh Reynolds 

Shouldn't the EdgeRouter lite support pfsense with the 2.2 release?

Your own post:
"When what I'm trying to do is make pfSense available on an inexpensive
platform.  It should perform better than an Alix, even without the
private-SDK stunts.

Jim"

from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 10:14 AM, Jim Thompson wrote:


This list is not about Ubiquiti.   (At least not until we make pfSense 
available on Ubiquiti platforms.)


Please take the discussion elsewhere.

jim


On Oct 24, 2014, at 12:38 PM, Josh Reynolds > wrote:


I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little 
biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less 
shots, with bandwidth a little over 765Mbps full duplex on short 
range shots with the AF24. The new UniFi products are looking good, 
basically localor remote "cloud" managed routers, switches, access 
points, and phones, with plans to fold the unifi-video line directly 
in, as well as the mFi sensor line into the same interface. The 
camera hardware is getting better, but the native camera feature set 
needs work... I can't seem to get it pounded into peoples heads that 
RTSP and cookieless jpg snapshots should be native on the cameras 
themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd 
still like to see more work done on the HA front- I need more than 
VRRP. The QoS engine and firewall engines could both stand to be 
rebuilt, and might be in the fairly near future. The standard 8 port 
edgerouter and edgerouter pro models are pretty nice. I'm excited to 
see how the "carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on 
this list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend 
the other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that.  I could also use UBNT's competitor, MikroTik, 
as a good example of how to build decent products the wrong way, 
but Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

2014-10-24 Thread Jim Thompson 

This list is not about Ubiquiti.   (At least not until we make pfSense 
available on Ubiquiti platforms.)

Please take the discussion elsewhere.

jim


> On Oct 24, 2014, at 12:38 PM, Josh Reynolds  wrote:
> 
> I am the CIO of a WISP who uses their products, and does a lot of alpha/beta 
> testing for them and other vendors... I may be a little biased.
> 
> The M series gear is pretty good kit for point to point or point to multi 
> point applications. AirFiber is great for ~10 mile or less shots, with 
> bandwidth a little over 765Mbps full duplex on short range shots with the 
> AF24. The new UniFi products are looking good, basically local or remote 
> "cloud" managed routers, switches, access points, and phones, with plans to 
> fold the unifi-video line directly in, as well as the mFi sensor line into 
> the same interface. The camera hardware is getting better, but the native 
> camera feature set needs work... I can't seem to get it pounded into peoples 
> heads that RTSP and cookieless jpg snapshots should be native on the cameras 
> themselves.
> 
> 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like 
> to see more work done on the HA front - I need more than VRRP. The QoS engine 
> and firewall engines could both stand to be rebuilt, and might be in the 
> fairly near future. The standard 8 port edgerouter and edgerouter pro models 
> are pretty nice. I'm excited to see how the "carrier" and other future models 
> turn out.
> 
> There -- that's a quick writeup that should be useful for people on this list.
> 
> 
> 
> 
> 
> 
> 
> Did Thompson molt yet?
> Josh Reynolds, Chief Information Officer
> SPITwSPOTS, www.spitwspots.com On 10/24/2014 
> 05:53 AM, Ryan Coleman wrote:
>> I presume UBNT is Ubiquiti? 
>> 
>> I'm probably going to start testing their hardware for other applications (I 
>> work in the video surveillance industry as well as high capacity wifi) and 
>> I'd be curious to get some pros/cons from those who know... so please email 
>> me off list (so as not to offend the other Thompson on the list... he might 
>> molt on me anyway). 
>> 
>> Sliante! 
>> 
>> 
>> On 10/24/2014 4:03 AM, Adam Thompson wrote: 
>>> [One public correction, nothing to do with Godwin's law!  -Adam] 
>>> 
>>> On 14-10-23 08:36 PM, Jim Thompson wrote: 
> Not that UBNT is a paragon of openness, either, 
 “either”? Wow. Strike 2. 
>>> That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
>>> wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
>>> example of how to build decent products the wrong way, but Brocade was my 
>>> target here.  You're a paragon of open-source stewardship in comparison! 
>>> 
>> 
>> ___ 
>> List mailing list 
>> List@lists.pfsense.org  
>> https://lists.pfsense.org/mailman/listinfo/list 
>> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

2014-10-24 Thread Josh Reynolds 
I am the CIO of a WISP who uses their products, and does a lot of 
alpha/beta testing for them and other vendors... I may be a little biased.


The M series gear is pretty good kit for point to point or point to 
multi point applications. AirFiber is great for ~10 mile or less shots, 
with bandwidth a little over 765Mbps full duplex on short range shots 
with the AF24. The new UniFi products are looking good, basically 
localor remote "cloud" managed routers, switches, access points, and 
phones, with plans to fold the unifi-video line directly in, as well as 
the mFi sensor line into the same interface. The camera hardware is 
getting better, but the native camera feature set needs work... I can't 
seem to get it pounded into peoples heads that RTSP and cookieless jpg 
snapshots should be native on the cameras themselves.


1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still 
like to see more work done on the HA front- I need more than VRRP. The 
QoS engine and firewall engines could both stand to be rebuilt, and 
might be in the fairly near future. The standard 8 port edgerouter and 
edgerouter pro models are pretty nice. I'm excited to see how the 
"carrier" and other future models turn out.


There-- that's a quick writeup that should be useful for people on this 
list.








Did Thompson molt yet?

Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/24/2014 05:53 AM, Ryan Coleman wrote:

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as 
high capacity wifi) and I'd be curious to get some pros/cons from 
those who know... so please email me off list (so as not to offend the 
other Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade 
when I wrote that.  I could also use UBNT's competitor, MikroTik, as 
a good example of how to build decent products the wrong way, but 
Brocade was my target here.  You're a paragon of open-source 
stewardship in comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] a notification is not sent when a gateway is down[https://redmine.pfsense.org/issues/3306]

2014-10-24 Thread Brian Caouette 

I don't get emails either.

On 10/8/2014 12:09 PM, Jason Pyeron wrote:

-Original Message-
From: Brian Caouette
Sent: Wednesday, October 08, 2014 11:59

On 10/8/2014 11:39 AM, Jason Pyeron wrote:

I think I am being hit by the same issue.

Here is what I tried:

Version: 2.0.2-RELEASE (i386)
built on Fri Dec 7 16:30:25 EST 2012
FreeBSD 8.1-RELEASE-p13

Test email is recived when hitting save on the notifications page.



As shown above, I pulled the uplink for about 10 seconds. No email. Email, DNS, 
etc are LAN side resources.

Any suggestions?




If i'm understanding your message this is expected behavior. You pull
the uplink and the pings will fail. Thats the whole point.

And then an email should be sent, which it is not being sent.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

2014-10-24 Thread Ryan Coleman 

I presume UBNT is Ubiquiti?

I'm probably going to start testing their hardware for other 
applications (I work in the video surveillance industry as well as high 
capacity wifi) and I'd be curious to get some pros/cons from those who 
know... so please email me off list (so as not to offend the other 
Thompson on the list... he might molt on me anyway).


Sliante!


On 10/24/2014 4:03 AM, Adam Thompson wrote:

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade when 
I wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
example of how to build decent products the wrong way, but Brocade was 
my target here.  You're a paragon of open-source stewardship in 
comparison!




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] (ot) Re: pfsense h/w

2014-10-24 Thread Ryan Coleman 

I KNEW IT!!!

:D

On 10/23/2014 5:57 PM, Jim Thompson wrote:

and Jim Thompson is actually a blood thirsty, extra-terrestrial, shapeshifting 
reptile.


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

2014-10-24 Thread Adam Thompson 

[One public correction, nothing to do with Godwin's law!  -Adam]

On 14-10-23 08:36 PM, Jim Thompson wrote:

Not that UBNT is a paragon of openness, either,

“either”? Wow. Strike 2.
That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I 
wrote that.  I could also use UBNT's competitor, MikroTik, as a good 
example of how to build decent products the wrong way, but Brocade was 
my target here.  You're a paragon of open-source stewardship in comparison!


--
-Adam Thompson
 athom...@athompso.net

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfsense h/w

2014-10-24 Thread Josh Reynolds 
I'm very intrigued as to what happened with UBNThere, as Robert, Stig, 
and An-Cheng's phone numbers are all in my contact list.


I've called them out on concerns over their gpl tarball and (fairly 
recent) lack of SDK as well, but then again, I've also called out 
MikroTik... which they've ignored.


Josh Reynolds, Chief Information Officer
SPITwSPOTS, www.spitwspots.com 

On 10/23/2014 05:36 PM, Jim Thompson wrote:

On Oct 23, 2014, at 7:48 PM, Adam Thompson  wrote:

[Hmm... half of this doesn't need to be on-list.  Sorry if I'm polluting. -Adam]


On 14-10-23 05:57 PM, Jim Thompson wrote:

I get that Jim rubs a lot of people the wrong way (myself included),

Darn, you’d think that sharing a last name would count for something...

Sorry, no.  ;-)
Kind of in the same way Theo de Raadt rubs people the wrong way.

Wow.   You just compared me to Theo.

I’m done.

Anyone want to buy a firewall company?

It’s either that, or I invoke Godwin’s law.  (Or its corollary, “Thompson’s 
Law”:   That the thread is over once someone compares one of the participants 
to Mr. de Raadt.)

(It’s left to you to decide who gets the eponymous glory.)


Mostly just idiots & newbies take offense.  And it's mostly driven, I think, by 
having your lifetime supply of tolerance for people who speak first and think 
second be long-since exhausted.  So as long as you don't start saying incorrect or 
technically-invalid things, your audience sticks around.  See closing comments, 
below.


I think some people are waiting for “the other shoe to drop”.  For us to take 
the pfSense project in a direction similar to what happened with Vyatta.

Yeah... it's a possibility.  OTOH, I'll point out that UBNT essentially forked Vyatta 
(and renamed it "EdgeOS", IIRC) when Brocade started to close it all up.  Not 
that UBNT is a paragon of openness, either,

“either”?  Wow.  Strike 2.   You probably don’t want to know that Jamie and I 
nearly bought Ubiquiti from Mr. Pera, or that we let the company live when he 
owed us a pile of cash.

I’m not going into details, but Ubiquiti did violate Vyatta’s license, got 
called on it, and had to reverse direction for a bit.


but that's the benefit of the appropriate license - everyone can feel free to 
copy (or fork!) pfSense from any of the multitude of places it lives online 
right now, and feel free to burn it to archival WORM media Just In Case 
Something Bad Happens To The Project.

As Jim pointed out, however, when you resurrect it (and somehow replace all the 
infrastructure and developers in one fell swoop, *ahem*), you can't call your 
new project pfSense.  You can have an FAQ entry explaining how it used to be 
pfSense, you can even leave the GIT, or SVN, or even SCCS repository up as-is 
with the pfSense name throughout it, but as soon as you create a derivative 
work: new project.


... pfSense is going closed source,

Technically, this could happen, but realistically, someone will probably fork 
it.  And that project will likely die out or remove itself from public 
participation, as these things tend to do.
For that matter, remember that pfSense is (sort of) a fork of m0n0wall from a 
decade ago in the first place.  For different reasons, but nonetheless.

As if I didn’t know, had forgotten, or wish people would forget.

Just in-case you have forgotten, Netgate originally shipped m0n0wall on WRAP 
boards, then cut-over to pfSense quite early after the fork.


  and Jim Thompson is actually a blood thirsty, extra-terrestrial, 
shapeshifting reptile.

Well, that explains a few things!  

It explains everything, actually.


Finally, I think there is still a segment of the community who views me with 
distrust because I put a license agreement and contributor agreement in front 
of access to the source code for the pfSense project.   We didn’t articulate 
the reasons for doing this very well, and the execution when we did it wasn’t … 
optimal.

I wasn't affected by that, and - AFAIK - neither were most of the people who 
whine and cadge about a commercial entity being involved.

I don't recall what the license used to be, but clearly the current one is a 
custom license that doesn't even attempt to follow the UCB/BSD license.  As 
long as ESF covered all their legal bases properly, they can do whatever the 
f*** they want with the license. I can see how old contributors might not like 
the new CLA, though. And I don't know of any project that has ever pivoted on a 
license change this way ... optimally.

There is an agreement that allows access to the pfsense-tools repo.  As 
pre-requisite to that agreement, a contributor agreement must be in-place.  
Once you have the code, you’ll find the license in the individual files to be 
the same as it always was (mostly BSD 3 clause, but there are a smattering of 
other files.)   Doesn’t matter, you already agreed to the other license, that’s 
the hack.

The license is non-transferable, but if you build and release a version