Kill states for one host and only for rdr rule

Hello, I need to kill states from Host1 that belongs to a rdr rule. But pfctl flush all states belongs to Host1. Is it possible ? Regards ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send

pfctl -ss -a anchorName uinterruptable wait

Hello, I'm trying to get states belongs to an anchor. but pfctl -ss -a anchorName command waits, Ctrl+C and Ctrl+Z doesnt work. ps ax gives D+ state. and kill -9 doesnt work. When pfctl is in D+ state, I run pfctl -d. pf becomes disabled but the process has D+ state still in same state. This

Usage of global tables and anchor

Hi, I'm trying to use overload tables using global tables within anchors. Sample ruleset is shown below: table persist block quick from pass in proto tcp to port ssh modulate state \ (max-src-conn-rate 5/3, overload flush global) anchor "ftp" { pass in proto tcp to port ftp modulate

Rule last match timestamp

Hi, I need last match timestamps for each rule. ipfw has an option for this. But pfctl -v -sr command doesnt show last match timestamp. Is there way to gather this information in pf? Thanks ___ freebsd-pf@freebsd.org mailing list

Blocking SYN with data

Hi, I want to block SYN with data packets. I read the pf.conf manual, but couldn't find a clear way to do this. Is it possible to match packets greater then N bytes using pf on FreeBSD 12.1 stable? Does synproxy state or modulate state perform this operation? Thanks

Re: PF and Multicast Routing

Hi, Problem solved, pass all as first rule drops packets with IP options regards On Wed, May 20, 2020 at 10:35 PM Özkan KIRIK wrote: > Hello, > > I'm running FreeBSD 12.1-Stable. pimd is running. > When I enabled pf, multicast traffic is dropped. > > I wrote a single ba

PF and Multicast Routing

Hello, I'm running FreeBSD 12.1-Stable. pimd is running. When I enabled pf, multicast traffic is dropped. I wrote a single basic rule: pass quick all allow-opts but still multicast traffic is dropped. after pfctl -xm, dmesg shows this error: pf: dropping packet with ip options pf: dropping

pf - state counter tracking like pfsync

Hi, My goal is save pkt/byte counters of each expired/killed/closed states into a txt file. What is the right way to do this in userspace ? Is it possible to do something with ioctl & poll ? Alternatively is it possible to create multiple pfsync interfaces, first one for real purpose to send

Re: pf - state counter tracking like pfsync

Thank you for the clarification. On Sun, Jun 28, 2020 at 1:10 PM Kristof Provost wrote: > On 26 Jun 2020, at 13:56, Özkan KIRIK wrote: > > My goal is save pkt/byte counters of each expired/killed/closed states > > into > > a txt file. > > What is the right

rdr with tos filteropt

Hi, I'm trying to rdr packages that has tos lowdelay only. But pf.conf doesn't support filteropt in rdr syntax. I need to write a rule like below: rdr proto tcp from 10.0.0.0/24 to any tos lowdelay -> 127.0.0.1 port 8080 Is it possible to do anyway?

pf - SCTP ports are not allowed in filter rules.

Hi, SCTP protocol header has src port and dst port fields. But pf doesn't supports. # echo "pass log (to pflog0) quick proto SCTP from any to any port 13873" | pfctl -f - stdin:1: port only applies to tcp/udp stdin:1: skipping rule due to errors stdin:1: rule expands to no valid combination