Current FreeBSD problem reports
Critical problems
Serious problems
S Submitted Tracker Resp. Description
---
o [2003/04/22] kern/51274 ipfwipfw2 create dynamic rules with parent nu
f [2003/04/24]
Current FreeBSD problem reports
Critical problems
Serious problems
Non-critical problems
S Submitted Tracker Resp. Description
---
a [2001/04/13] kern/26534 ipfwAdd an option to ipfw to log gid/uid
Hello,
I am doing some simple tests in a specific enviroment where layer2
filtering and dummynet will work together. There is a complex set of FW
rules, which showed a behaviour where, whenever I turn layer2 filtering
on, dummynet configured pipes get the configured BW reduced by half. To
you are passing traffic through the pipe twice.
you have to decide if your rules should apply tto
layer2 or not and write the rules accordingly
luigi
On Mon, Oct 03, 2005 at 01:07:56PM -0300, Patrick Tracanelli wrote:
Hello,
I am doing some simple tests in a specific enviroment where
Luigi Rizzo wrote:
you are passing traffic through the pipe twice.
you have to decide if your rules should apply tto
layer2 or not and write the rules accordingly
Why are they going twice through the pipe? When net.link.ether.ipfw=1
you pass it through all rules twice? first match wins does
see the ipfw manpage near the eginning with the graph
showing the packet flow.
layer2 means the rule matches only on layer2.
not layer2 matches only on layer 3.
if you don't put anything, it matches both layer2 and layer3.
luigi
On Mon, Oct 03, 2005 at 01:27:39PM -0300, Patrick Tracanelli
Hi all,
I'm a bit confused here, please give me some light.
My problem is that after the rule 190 (see them bellow) I get this
error message:
ipfw: unrecognised option [-1] tcp
But it´s not only after 190, if I remove it the problem keeps.
Here is the begining of
Hi,
Whenever someone tries a portscan or http server vulnerability scan on my
system, I have to manually add their ip in my /etc/ipfw.conf file such as:
add 100 deny all from xx.xxx.xxx.xxx to any
Is there a way, without enabling blackhole, to dynamically add ips to my
blacklist after a
Hi all,
There is a program called tcpsentry... doesn't it have the
ability to do this?
--
Colin
On Mon, 3 Oct 2005, Nicolas Blais wrote:
Hi,
Whenever someone tries a portscan or http server vulnerability scan on my
system, I have to manually add their ip in my /etc/ipfw.conf
Whenever someone tries a portscan or http server vulnerability scan on my=20
system, I have to manually add their ip in my /etc/ipfw.conf file such as:
add 100 deny all from xx.xxx.xxx.xxx to any
Is there a way, without enabling blackhole, to dynamically add ips to my=20
blacklist after a
On Monday 03 October 2005 22:15, Olivier Nicole wrote:
Whenever someone tries a portscan or http server vulnerability scan on
my=20 system, I have to manually add their ip in my /etc/ipfw.conf file
such as: add 100 deny all from xx.xxx.xxx.xxx to any
so why you would do that at all?
you
Andrey V. Elsukov wrote:
I want a nonprivileged access to ipfw (without sudo, suid and etc..).
But RAW sockets restrict this. I have an one idea - a pseudo device
/dev/ipfw. I think that realisation of this feature is not
difficult task. Now i have some questions.
Thanks for more answers :)
I
12 matches
Mail list logo