IP Filter

2007-12-17 Thread Stephen Clark
Hello List, Can someone tell me why ipf_nattable_max is not a sysctl variable. The only way to change this currently is via a edit the source and rebuild. It looks like it would be as simple as adding: SYSCTL_IPF(_net_inet_ipf, OID_AUTO, pf_nattable_max, CTLFLAG_RWO,

Re: IP Filter

2007-12-17 Thread Ollivier Robert
According to Stephen Clark: It looks like it would be as simple as adding: SYSCTL_IPF(_net_inet_ipf, OID_AUTO, pf_nattable_max, CTLFLAG_RWO, ipf_nattable_max, 0, ); Isn't the pf_nattable_max a typo for ipf_nattable_max? BTW, talk to Darren Reed about that, he is the author and

Re: IP Filter

2007-12-17 Thread Max Laier
On Monday 17 December 2007, Ollivier Robert wrote: According to Stephen Clark: It looks like it would be as simple as adding: SYSCTL_IPF(_net_inet_ipf, OID_AUTO, pf_nattable_max, CTLFLAG_RWO, ipf_nattable_max, 0, ); Isn't the pf_nattable_max a typo for ipf_nattable_max?

IP Filter OOW fix? for 6.1

2007-11-14 Thread Stephen Clark
Hello List, Was a fix ever developed for the ip filter OOW keep state problem that can be installed on or back ported to 6.1 stable? Thanks for any advice, Steve -- They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety. (Ben Franklin

Re: still trouble with IP-Filter in 4.4-prerel

2001-08-09 Thread Andreas Ntaflos
On Thu, Aug 09, 2001 at 01:30:44PM -0400, Mike Tancsa wrote: At 07:34 PM 8/9/01 +0200, Andreas Ntaflos wrote: i do remember now...i did that before too...didn't help. diff'ing /usr/src and /usr/src_backup showed that both were exactly the same. and yes, i think ipf is the only thing that

Re: still trouble with IP-Filter in 4.4-prerel (solved)

2001-08-09 Thread Andreas Ntaflos
ok, i solved that problem for me now and i want to thank every- body for your input and suggestions. the problem was that /sbin/ipf didn't get replaced by an up-to-date version during the installworld phase, either because of a kinda corrupted or otherwise incorrect source tree after doing a

IP Filter 3.4.17?

2001-04-06 Thread Matt Haught
Is it too late to update ipfilter in -STABLE? 3.4.16 seems to have a serious bug. Darren just sent out this to the ipfilter mailling list: -snip A *VERY* serious bug has been brought to my attention in IPFilter. In 10 words or less, fragment caching with can let through "any" packet.

Re: IP Filter 3.4.17?

2001-04-06 Thread Dan Langille
This is the second time this has been asked today. Are we asking in the right place? On 6 Apr 2001, at 14:38, Matt Haught wrote: Is it too late to update ipfilter in -STABLE? 3.4.16 seems to have a serious bug. Darren just sent out this to the ipfilter mailling list: -snip A