On 2017-05-15, Adam Thompson <athom...@athompso.net> wrote:
> I still haven't found this answer anywhere...
>
> Does OpenBSD (more specifically, pf(4), I guess) support RFC 6296,
> IPv6-to-IPv6 Network Prefix Translation? Looks like FreeBSD can do it,
> but I can't tel
I still haven't found this answer anywhere...
Does OpenBSD (more specifically, pf(4), I guess) support RFC 6296,
IPv6-to-IPv6 Network Prefix Translation? Looks like FreeBSD can do it,
but I can't tell if that's something they added to their own pf fork, or
if I'm just missing something
On Sat, 5/13/17, Carl Mascott <cmasc...@yahoo.com> wrote:
Subject: Re: pf queue definition: bandwidth resolution problem
To: "Mike Belopuhov" <m...@belopuhov.com>
Cc: misc@openbsd.org
Date: Saturday, May 13, 2017, 4:55 PM
I forgot to ask: How will I know when there's
wrote:
Subject: Re: pf queue definition: bandwidth resolution problem
To: "Mike Belopuhov" <m...@belopuhov.com>
Cc: misc@openbsd.org, t...@openbsd.org
Date: Saturday, May 13, 2017, 4:21 PM
First, just to be safe, I did a bandwidth
test with only one queue, max bandwidth 1999K.
First, just to be safe, I did a bandwidth test with only one queue, max
bandwidth 1999K.
pf is fine: measured speed was about 2M.
Just eyeballing it, I don't see anything wrong with your patch, but I have no
way to test it: I'm not set up to build from source.
If I understand correctly you have
ue." Example: 1800K in pf.conf becomes 1M in the output
> of "pfctl -squeue" -- a very significant difference.
>
> It remains to be determined whether the fault is in the setting of bandwidth
> by pf or in the reporting of bandwidth by pfctl. Actual tests with a simp
t of "pfctl -squeue." Example: 1800K in pf.conf becomes 1M in the output
>of "pfctl -squeue" -- a very significant difference.
It remains to be determined whether the fault is in the setting of bandwidth by
pf or in the reporting of bandwidth by pfctl. Actual tests wit
On Tue, May 09, 2017 at 19:47 +, Carl Mascott wrote:
> Intel Atom D2500 1.66GHz
> OpenBSD i386 v6.1-stable
>
> I can't get pf to give me the queue bandwidths that I specify in pf.conf.
>
> pf.conf:
>
> queue rootq on $ext_if bandwidth 9M max 9M qlimit 100
>
Hi,
I run OpenBSD 6.0 GENERIC.MP#4 amd64 on a firewall and I recently discovered
lots of these messages in
dmesg:
pf: pfi_kif_unref: rules refcount <= 0
do you know what it is ?
Thanks
Morgan
Il 11/05/2017 01:42, Erling Westenvik ha scritto:
> Check out pfctl(8) and the -F option. The issue might be resolvable
> simply by flushing one or more of the filter parameters you'll find
> there.
I had always assumed that loading a new ruleset with pfctl -f also
implied "-F all".
This
On Thu, May 11, 2017 at 12:09:26AM +0200, Gabriele Tozzi wrote:
>
> Looks like I've solved by only renaming the queues.
>
> Instead of naming them "high", "normal" and "low", I have now named them
> "exthi", "extstd" and "extlo" and then everything seems to work as expended.
>
> Maybe "high" is a
Looks like I've solved by only renaming the queues.
Instead of naming them "high", "normal" and "low", I have now named them
"exthi", "extstd" and "extlo" and then everything seems to work as expended.
Maybe "high" is a (maybe undocumented) reserved queue name?
l look for it.
I have also checked "pfctl -s rules | grep high" and it returns no data.
To the best of my knowledge, this confirms that there is no pf rule
explicitly sending packets to the "high" queue... but lots of packets
are queued there anyway, so I am supposing there sho
but perhaps someone else would be able to see something that you didn't,
hence the requirement to share the file.
-luis
On Wed, May 10, 2017 at 12:50 PM, Gabriele Tozzi wrote:
>
> Il 10/05/2017 14:45, Daniel Melameth ha scritto:
> >> queue ext on $Ext bandwidth 900K
> >>
Il 10/05/2017 14:45, Daniel Melameth ha scritto:
>> queue ext on $Ext bandwidth 900K
>> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default
>> queue high parent ext bandwidth 193K qlimit 10
>> queue low parent ext bandwidth 193K, max 540Kb qlimit 10
>
> You'll have to post your
On Wed, May 10, 2017 at 4:47 AM, Gabriele Tozzi <gabri...@tozzi.eu> wrote:
> I have a quite simple pf setup: I have defined 3 queues for my external
> interface in my pf.conf:
>
> queue ext on $Ext bandwidth 900K
> queue normal parent ext bandwidth 386K, max 850K qlimit 10
Hello there,
I have noticed some weirdness when using "pfctl -s queue -v" so I have
decided to investigate.
I have a quite simple pf setup: I have defined 3 queues for my external
interface in my pf.conf:
queue ext on $Ext bandwidth 900K
queue normal parent ext bandwidth 386K, max 8
Intel Atom D2500 1.66GHz
OpenBSD i386 v6.1-stable
I can't get pf to give me the queue bandwidths that I specify in pf.conf.
pf.conf:
queue rootq on $ext_if bandwidth 9M max 9M qlimit 100
queue qdef parent rootq bandwidth 3650K default
queue qrtp parent rootq bandwidth 350K min
2017-05-04 1:56 GMT+02:00 Luke Small :
> Four words Peter..."dynamic IP address". I'm sure that there are folks that
> ssh into machines that are on a dynamic IP address that don't have a modem
> on a power backup, or even possibly on an ISP that may down, possibly when
>
of that script at whatever
intervals you need (this is what cron was made for). That script could even
put the results into files that you can then use as source for the initial
values for table contents.
Basically I think your scenario is easily solved with a reasonably structured
set of PF rules
Luke Small <lukensm...@gmail.com>:
>
>> Is it worthwhile to set up a hook for pf to load rules that have URLs
>after
>> the network services that can resolve them come into effect?
>>
orthwhile to set up a hook for pf to load rules that have URLs after
> the network services that can resolve them come into effect?
>
--
May the most significant bit of your life be positive.
Four words Peter..."dynamic IP address". I'm sure that there are folks that
ssh into machines that are on a dynamic IP address that don't have a modem
on a power backup, or even possibly on an ISP that may down, possibly when
they are out of town. I don't know if it is possible or already done,
...@gmail.com> wrote:
> Is it worthwhile to set up a hook for pf to load rules that have URLs
> after the network services that can resolve them come into effect?
On 05/03/17 22:16, Luke Small wrote:
> Is it worthwhile to set up a hook for pf to load rules that have URLs after
> the network services that can resolve them come into effect?
This sounds like you have a pf.conf that contains host names, and for
some reason you are not sure that those
Is it worthwhile to set up a hook for pf to load rules that have URLs after
the network services that can resolve them come into effect?
On Wed, 3 May 2017 08:02:10 +0200
> Thanks for sharing.
> I’ll re-use this at home.
>
> Br
>
> > 1 maj 2017 kl. 01:43 skrev Kevin Chadwick :
> >
> >
> > I find that to prevent connection timeouts on playstations, the
> > following is required. Hopefully they will fix
Thanks for sharing.
I’ll re-use this at home.
Br
> 1 maj 2017 kl. 01:43 skrev Kevin Chadwick :
>
>
> I find that to prevent connection timeouts on playstations, the
> following is required. Hopefully they will fix their packet AND
> connection handling one day.
>
> match
I find that to prevent connection timeouts on playstations, the
following is required. Hopefully they will fix their packet AND
connection handling one day.
match from ! $ps3 scrub(tcp reassembly)
match from $ps3 scrub(without tcp reassembly)
any buffers that is causing this in 6.1 but not in 6.0 ?
>>
>> There were changes that would allow larger TCP buffers in 6.1. This
>> would not have made a difference to normal or natted connections from
>> non-OpenBSD going through PF to non-OpenBSD but could possibly affect
>
TCP buffers in 6.1. This
> would not have made a difference to normal or natted connections from
> non-OpenBSD going through PF to non-OpenBSD but could possibly affect
> some configurations with proxies (though only if PF rules were already
> dodgy - you would have active states in &qu
TCP buffers in 6.1. This
> would not have made a difference to normal or natted connections from
> non-OpenBSD going through PF to non-OpenBSD but could possibly affect
> some configurations with proxies (though only if PF rules were already
> dodgy - you would have active states in &qu
On 2017-04-20, Sjöholm Per-Olov <p...@incedo.org> wrote:
> Could it be any buffers that is causing this in 6.1 but not in 6.0 ?
There were changes that would allow larger TCP buffers in 6.1. This
would not have made a difference to normal or natted connections from
non-OpenBSD going t
e:
>>>>> Anyone with a clue would be _very_ much appreciated….
>>>>> I upgraded from 6.0 to 6.1 two days ago and **did not change
>anything to the network** stuff at all. After that clients have random
>problems reaching my dmz web server (centos + nginx). I h
;>>> reaching my dmz web server (centos + nginx). I have checked the release
>>>> notes, but could not see any clue there. Se logs below
>>>> # Relevant rules from PF
>>>> LAN_INT="vlan2"
>>>> DMZ1_INT="vlan3"
>>>&g
ed….
>>> I upgraded from 6.0 to 6.1 two days ago and **did not change anything to
>>> the network** stuff at all. After that clients have random problems
>>> reaching my dmz web server (centos + nginx). I have checked the release
>>> notes, but could not see any clu
Bytes: 0 ]
Out/Pass:[ Packets: 0 Bytes: 0 ]
Out/XPass: [ Packets: 0 Bytes: 0 ]
which corresponds to the pf uptime.
Is this intentional?
I ran into this while trying to parse snmp info:
stuff at all. After that clients have random problems reaching my
>> dmz web server (centos + nginx). I have checked the release notes, but could
>> not see any clue there. Se logs below
>> # Relevant rules from PF
>> LAN_INT="vlan2"
>> DMZ1_INT
checked the release notes, but could not
see any clue there. Se logs below
# Relevant rules from PF
LAN_INT="vlan2"
DMZ1_INT="vlan3"
DMZ2_INT="vlan4"
GUEST_INT="vlan1003"
INTERNET_INT="em3
ALL_INTERFACES="{" $LAN_INT $GUEST_INT $DMZ1_INT $DMZ2
any clue there. Se logs below
# Relevant rules from PF
LAN_INT="vlan2"
DMZ1_INT="vlan3"
DMZ2_INT="vlan4"
GUEST_INT="vlan1003"
INTERNET_INT="em3
ALL_INTERFACES="{" $LAN_INT $GUEST_INT $DMZ1_INT $DMZ2_INT $INTERNET_INT "}"
pass out o
Tue, 11 Apr 2017 15:31:57 -0500 "Adam Thompson"
> > > Plus, this year it appears that Peter is co-delivering the seminar
> > > with Massimiliano Stucchi from RIPE, so it will presumably cover
> > > a lot of IPv6 topics as well, which are poorly represented in
> > > existing
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
> Behalf Of bytevolc...@safe-mail.net
> Sent: April 10, 2017 19:31
>
> > Plus, this year it appears that Peter is co-delivering the seminar
> > with Massimiliano Stucchi from RIPE, so it will presumably
On April 11, 2017 5:54:31 AM GMT+02:00, Ingo Schwarze
wrote:
>bytevolc...@safe-mail.net wrote on Tue, Apr 11, 2017 at 10:30:35AM
>+1000:
>
>> Another issue with the man pages is that there is extremely limited
>> indexing.
>
>That isn't true on OpenBSD. It still is true on most
bytevolc...@safe-mail.net wrote on Tue, Apr 11, 2017 at 10:30:35AM +1000:
> Another issue with the man pages is that there is extremely limited
> indexing.
That isn't true on OpenBSD. It still is true on most Linux
distributions, and even on FreeBSD by default, but at least FreeBSD
has an
> Another issue with the man pages is that there is extremely limited
> indexing.
They are manual pages, not manual books.
You are welcome to spend your time building an entire new subsystem
and proving the value of your work. Go knock yourself out.
t wasn't obvious
> just from reading pf.conf(5). Sometimes it was something Peter said,
> sometimes it was something another attendee said. That's the value
> of attending any training class or seminar, not just this one for PF.
>
> The tutorial is aimed not at people who would go and produce
On 8 April 2017 at 07:41, Mihai Popescu <mih...@gmail.com> wrote:
> I don;t want to offend you folks, but I'm curious and I will ask: is
> this BSDCon so useful? Does it pay the efforts?
>
> If someone has time and knowledge to do a PF tutorial he/she can do it
> and post
On 2017-04-07 16:41, Mihai Popescu wrote:
I don;t want to offend you folks, but I'm curious and I will ask: is
this BSDCon so useful? Does it pay the efforts?
If someone has time and knowledge to do a PF tutorial he/she can do it
and post. Do you need the Con?
I'm asking this having in my mind
> complicates things further. What about queueing of traffic inside GRE
> > tunnels in transport mode protected with IPSEC? Where to read about it?
>
> The queue is assigned to the PF state, based on the queue name.
> You can either do this in a "pass" rule or a &qu
On Sat, Apr 8, 2017 at 4:39 AM, Marina Ala <marina...@mail.com> wrote:
> I heard that OpenBSD's pf can prevent Hole punching:
> Is it true? I just cannot google on it, but if someone would answer this
> thread then the world can google for it from that point :D
PF doesn't preven
On 04/08/17 10:39, Marina Ala wrote:
> I heard that OpenBSD's pf can prevent Hole punching:
>
> https://en.wikipedia.org/wiki/Hole_punching_(networking)
>
> Is it true? I just cannot google on it, but if someone would answer this
> thread then the world can google for it from
Hello,
I heard that OpenBSD's pf can prevent Hole punching:
https://en.wikipedia.org/wiki/Hole_punching_(networking)
Is it true? I just cannot google on it, but if someone would answer this thread
then the world can google for it from that point :D
Thanks..
to
mitigate against DHCP exhaustion attacks e.g. on public wifi).
> Adding NAT to the mix
> complicates things further. What about queueing of traffic inside GRE
> tunnels in transport mode protected with IPSEC? Where to read about it?
The queue
Am 07.04.2017 18:38 schrieb Peter N. M. Hansteen:
On 04/07/17 18:00, I love OpenBSD wrote:
I second to more IPv6 related information.
I am curious about blocking port scanning in IPv6 Web. Does pf let me
put a CIDR into the named table based on offending IPv6 address and
64-bit mask? I mean
On Fri, 7 Apr 2017 17:39:16 + (UTC)
Stuart Henderson wrote:
> On 2017-04-06,
> wrote:
> > On Wed, 5 Apr 2017 22:44:54 + (UTC)
> > Stuart Henderson wrote:
> >
> >> On 2017-04-05,
I don;t want to offend you folks, but I'm curious and I will ask: is
this BSDCon so useful? Does it pay the efforts?
If someone has time and knowledge to do a PF tutorial he/she can do it
and post. Do you need the Con?
I'm asking this having in my mind Google Summer of (no)Code thread from misc
Dear Peter,
May I suggest the following topic of interest:
PF with VLAN interfaces (with LACP trunk interface behind) and CARP of course.
Regards,
M.
Original Message
Subject: Topics for revised PF and networking tutorial
Local Time: April 1, 2017 10:52 AM
UTC Time: April 1
On 2017-04-06, wrote:
> On Wed, 5 Apr 2017 22:44:54 + (UTC)
> Stuart Henderson wrote:
>
>> On 2017-04-05,
>> wrote:
>> > I've been using a trick to emulate
On 2017-04-07, I love OpenBSD <lampsh...@poczta.fm> wrote:
> I second to more IPv6 related information.
> I am curious about blocking port scanning in IPv6 Web. Does pf let me put a
> CIDR into the named table based on offending IPv6 address and 64-bit mask? I
> mean
On 04/07/17 18:00, I love OpenBSD wrote:
> I second to more IPv6 related information.
> I am curious about blocking port scanning in IPv6 Web. Does pf let me put a
> CIDR into the named table based on offending IPv6 address and 64-bit mask? I
> mean something similar to 'overl
+1 Queue Prioritization and ToS ( set prio / set tos combinations ) by
examples will be great
2017-04-07 13:00 GMT-03:00 I love OpenBSD <lampsh...@poczta.fm>:
> I second to more IPv6 related information.
> I am curious about blocking port scanning in IPv6 Web. Does pf let me
I second to more IPv6 related information.
I am curious about blocking port scanning in IPv6 Web. Does pf let me put a
CIDR into the named table based on offending IPv6 address and 64-bit mask? I
mean something similar to 'overload ' option.
On 04/07/17 13:36, Markus Rosjat wrote:
> Since not everyone can attend to this Conference will there be a
> recording of this session?
At previous BSDCans, talks have generally been recorded but not
tutorials. So probably not. Slides likely will be available after the
session has concluded.
On
Since not everyone can attend to this Conference will there be a
recording of this session? I use pf not so much on a daily basis but I
would like to get more insight too ;)
And I admit I'm more the visual guy
regards
Markus
Am 07.04.2017 um 06:25 schrieb li...@wrant.com:
Wed, 5 Apr 2017
On Fri, 7 Apr 2017 07:25:58 +0300 li...@wrant.com wrote:
> Thank you ALL for the hard work over the years to complement OpenBSD.
Yes.
Wed, 5 Apr 2017 17:46:18 +0200 Marko Cupać <marko.cu...@mimar.rs>
> On Sat, 1 Apr 2017 10:52:20 +0200
> "Peter N. M. Hansteen" <pe...@bsdly.net> wrote:
>
> > Hi,
> >
> > I thought I'd like to give you a heads up that there will be a "PF
Without hijacking this thread completely, but touching on some of the
elements discussed above (and I think these are great inclusions for the
tutorial).
We have implemented a variety of queues to manage our internet links and
ikev2 VPNs tunnels to remote offices. We have also done something
On Wed, 5 Apr 2017 22:44:54 + (UTC)
Stuart Henderson wrote:
> On 2017-04-05,
> wrote:
> > I've been using a trick to emulate scheduled rules using IP
> > tables.
>
> Nice trick. Anchors are also good for this.
>
On 2017-04-05, wrote:
> I've been using a trick to emulate scheduled rules using IP tables.
Nice trick. Anchors are also good for this.
But don't forget that active connections won't be dropped unless you
also flush the relevant states.
).
The 0.0.0.0/0 range is a very useful tool in many cases.
On Sat, 1 Apr 2017 10:52:20 +0200
"Peter N. M. Hansteen" <pe...@bsdly.net> wrote:
> Hi,
>
> I thought I'd like to give you a heads up that there will be a "PF and
> networking" tutorial at BSDCan 2017
On Sat, Apr 1, 2017 at 10:52 AM, Peter N. M. Hansteen <pe...@bsdly.net>
wrote:
> Hi,
>
> I thought I'd like to give you a heads up that there will be a "PF and
> networking" tutorial at BSDCan 2017 in Ottawa this June.
>
> The session will however not be t
On Sat, 1 Apr 2017 10:52:20 +0200
"Peter N. M. Hansteen" <pe...@bsdly.net> wrote:
> Hi,
>
> I thought I'd like to give you a heads up that there will be a "PF and
> networking" tutorial at BSDCan 2017 in Ottawa this June.
>
> The session will howeve
On Sat, Apr 01, 2017 at 10:52:20AM +0200, Peter N. M. Hansteen wrote:
> Hi,
>
> I thought I'd like to give you a heads up that there will be a "PF and
> networking" tutorial at BSDCan 2017 in Ottawa this June.
>
> The session will however not be the Nth rerun of t
Anycast with ospf and ipv6 could be a fun tutorial...
/S
On 2 Apr 2017 22:27, "Luke Small" wrote:
> It might be a fun idea to share what a really locked down desktop system
> pf.conf would look like like if you are running a chain of DNS services (or
> something that
It might be a fun idea to share what a really locked down desktop system
pf.conf would look like like if you are running a chain of DNS services (or
something that would be good to tightly control) like local ntpd, unbound,
and dnscrypt_proxy where you have local traffic locked down as well so
Hi,
I thought I'd like to give you a heads up that there will be a "PF and
networking" tutorial at BSDCan 2017 in Ottawa this June.
The session will however not be the Nth rerun of the old one, we're
starting from scratch this time, and were looking for input on what to
include.
D
On Tue, Mar 21, 2017, at 16:56, Marko Cupać wrote:
> ...
>
> What exactly I should pass on enc interface so that the above packet
> passes?
>
> Thank you in advance.
Hi,
You probably need to allow ipencap protocol packets. I also need l2tp
packets, but that depends on whether you use it.
--
of my better understanding of pf. However
I can't figure out what exactly I need to pass.
Here's output from tcpdump on pflog:
16:37:37.380697 rule 4/(match) [uid 0, pid 17711] block in on enc0:
192.168.224.2 > 192.168.224.97: gre 192.168.224.2 > 192.168.224.97: []
10.50.0.89 > 224.0.0.
You seem to be equating the setgid bit with the concept of "start a
process with a different gid".
No, that's not what it does. The setgid bit starts a new executable
with a disjoint mix of effective, saved, and real gid list, as well as
a gidlist.
Maybe it was not clear in my message but:
On Sun, Mar 12, 2017 at 07:13:08PM +0100, Jrme FRGACIC wrote:
> Hi @misc,
>
> I have a question about pf and its possibility to filter packets by process
> group: is it a reasonable practice to use setgid for add some rules that
> allow only specific programs to use some servic
sking. You are asking about doing this for a gigantic program like
firefox. That approach is crazy, and doesn't match what pf is doing in
any case.
Thanks for your reply.
You are providing a program with an additional gid. The program has
not been coded be aware of that gid. Two potentially different
filesystem views now exist within the program, depending on the g=rwx
bits of directories and files in the tree. The program is no longer
> Thanks for your reply.
>
> > You are providing a program with an additional gid. The program has
> > not been coded be aware of that gid. Two potentially different
> > filesystem views now exist within the program, depending on the g=rwx
> > bits of directories and files in the tree. The
> If I create a separate group for each program I want to allow, is there
> any additional risk induce by the use of the setgid?
Yes, it introduces a risk.
You are providing a program with an additional gid. The program has
not been coded be aware of that gid. Two potentially different
Hi @misc,
I have a question about pf and its possibility to filter packets by
process group: is it a reasonable practice to use setgid for add some
rules that allow only specific programs to use some services? For
example, only permit the ftp command and firefox to use HTTP and HTTPS
privoxy will be faster I think. as well as footprint on the system.
But both privoxy and squid are a bit different, especially if youâll need to
chain proxies.
> 24 feb. 2017 kl. 17:39 skrev Alan Corey :
>
> I'm looking at privoxy although I'm not sure it's more
On 2017/03/01 17:12, Frank White wrote:
> yes it works well. But it's very interesting the use of tag.
There might be another way to do it, but I stopped looking after I hit
upon one that worked :)
> Is egress:0 the if alias ?
It's the "main" address on the interface, so it's a single
yes it works well. But it's very interesting the use of tag.
Is egress:0 the if alias ?
2017-03-01 16:09 GMT+01:00 Stuart Henderson <s...@spacehopper.org>:
> On 2017-03-01, Frank White <mediome...@gmail.com> wrote:
> > Hi,
> > anyone know how to configure pf to ma
On 2017-03-01, Frank White <mediome...@gmail.com> wrote:
> Hi,
> anyone know how to configure pf to make hairpin nat ?
Should be something like this.
pass in quick inet proto tcp to self port 7755 rdr-to $SOMEHOST port 80 tag
hairpin
pass out quick inet tagged hairpin nat-to egress:0
Hi folks,
I spent way too much time on a table defined twice by
accident in my pf.conf file. Do you think it would be
possible to throw a warning if there are 2 table
definitions with the same name?
Probably
table
:
:
table const persist { 172.22.32.0/24
On Wed, Mar 01, 2017 at 12:50:39PM +0100, Frank White wrote:
> Hi,
> anyone know how to configure pf to make hairpin nat ?
At first blush, no.
But after a quick web search, I can think of several equally opaque
terms for the same phenomenon. Some more useful than others.
A piece of g
Hi,
anyone know how to configure pf to make hairpin nat ?
I'm looking at privoxy although I'm not sure it's more appropriate
than squid. I'm hoping to run this on a Raspberry Pi or Zero so it'll
most likely be under Raspbian.
Right now I use the standard Android "Portable Wi-Fi hotspot" in the
phone. I run it open (no password) because I'm in a very
On Thu, Feb 23, 2017 at 10:27:20AM -0500, Alan Corey wrote:
> I'm wondering if it's possible to do content filtering in a firewall.
> Maybe with something that cooperates with pf. I'm on a very limited
> (5 GB/month) metered internet connection through a cell phone and I'm
> not t
Not a pf job
Best to greese monkey your js to drop or stuff like
http://www.opera.com/blogs/news/2015/11/how-operas-video-compression-technology-works/
Last ressort : relayd + mime type filtering.
On Thu, Feb 23, 2017 at 10:27 AM, Alan Corey <alan01...@gmail.com> wrote:
> I'm
I'm wondering if it's possible to do content filtering in a firewall.
Maybe with something that cooperates with pf. I'm on a very limited
(5 GB/month) metered internet connection through a cell phone and I'm
not the only user when I have it shared over wifi. I'd like to block
video because it's
On 01/28/2017 12:13 PM, Stuart Henderson wrote:
On 2017-01-27, lilit-aibolit<lilit-aibo...@mail.ru> wrote:
Hi list, I have an office behind NAT with PF.
There are mostly Win7 workstations with
different Skype versions but mostly with
7.3x or the latest versions.
Two days ago any skyp
On 2017/01/30 09:36, lilit-aibolit wrote:
> On 01/28/2017 12:13 PM, Stuart Henderson wrote:
> > On 2017-01-27, lilit-aibolit<lilit-aibo...@mail.ru> wrote:
> > > Hi list, I have an office behind NAT with PF.
> > > There are mostly Win7 workstations with
> >
On 2017-01-27, lilit-aibolit <lilit-aibo...@mail.ru> wrote:
> Hi list, I have an office behind NAT with PF.
> There are mostly Win7 workstations with
> different Skype versions but mostly with
> 7.3x or the latest versions.
> Two days ago any skype call started to drop
> a
Hi list, I have an office behind NAT with PF.
There are mostly Win7 workstations with
different Skype versions but mostly with
7.3x or the latest versions.
Two days ago any skype call started to drop
after few seconds without any voice from
opposite side.
I got skype support which remotely looked
901 - 1000 of 6755 matches
Mail list logo