Re: Linux virtual server competition

2003-06-20 Thread Claudio Jeker
On Fri, Jun 20, 2003 at 06:53:08PM +0200, Stefan Sonnenberg-Carstens wrote: Hi list, I'm sure anyone here knows about the linux virtual server (layer 4 load-balancer). I searched the web for an equivalent for *bsd, but found none. The only thing which looks like something like a load-balancer

skip states and tables

2003-07-17 Thread Claudio Jeker
Hi all, is there a known problem with skip states and tables in 3.3-stable? I have multiple rules of the form: pass in on fxp1 from any to table_a keep state queue a pass in on fxp1 from any to table_b keep state queue b pass in on fxp1 from any to table_c keep state queue c pass in on fxp1

Re: a trick

2004-03-09 Thread Claudio Jeker
On Tue, Mar 09, 2004 at 09:15:11AM -0800, Brian Keefer wrote: On Tue, 2004-03-09 at 07:06, Todd T. Fries wrote: Not when you're working on a system that is being attacked with packets with source ip's in the list. In my opinion anyway. Well, as long as you're using anti-spoof packets

Re: a trick

2004-03-10 Thread Claudio Jeker
On Wed, Mar 10, 2004 at 06:43:33PM +1100, Damien Miller wrote: On Tue, 9 Mar 2004, Claudio Jeker wrote: The best sollution is to have a full view (with no default route) via bgp and use no-route. So you get a auto-update bogon filter. It is more accurate than those lists because

Re: pf pauses in sending traffic

2004-09-14 Thread Claudio Jeker
On Tue, Sep 14, 2004 at 12:51:26PM +0200, Marco Matarazzo wrote: Hi Matthew, I've the same problem here with 3.4 (and had the same problem with 3.3). The 'hole' in communication is always just 20 seconds. In the beginning I thought about a Spanning Tree issue, but after careful inspection,

Re: OpenBGPD PF

2006-01-05 Thread Claudio Jeker
On Thu, Jan 05, 2006 at 06:46:54AM -0500, jared r r spiegel wrote: On Thu, Jan 05, 2006 at 03:18:22AM +0100, Sylwester S. Biernacki wrote: On Thursday, January 5, 2006, at 01:15:00, jared r r spiegel wrote: - establish session with A and learn about 1.2.3.4/30; 1.2.3.4/30 is written

Re: PF Table Size - Sanity Check

2006-11-07 Thread Claudio Jeker
On Tue, Nov 07, 2006 at 08:28:00PM +0100, Daniel Hartmeier wrote: On Tue, Nov 07, 2006 at 06:08:52PM +, Paul Pruett wrote: A nominal i386 computer with only a meg of ram without limit changes would not load it. Neither would a stock GENERIC kernel on any architecture. The reason is

Re: arpresolve: can't allocate llinfo

2007-02-28 Thread Claudio Jeker
On Tue, Feb 27, 2007 at 04:37:27PM -0600, Travis H. wrote: I am not sure if this is pf-related, but has anyone seen this error message, and what condition actually causes it? Incomplete arp table? Out of memory? Something else? Something else normaly. Most probably trying to attach a arp

Re: New pf install on Freebsd seem to be a slow starter.

2008-07-10 Thread Claudio Jeker
On Wed, Jul 09, 2008 at 07:25:18PM +0200, Leslie Jensen wrote: Hello When I boot the machine where pf is installed, every thing I can see looks ok. It's hard to read the text scrolling on the screen and the information concerning pf is not to be found in /var/log/messages. Anyway I have

Re: pf protection against spoofed [source addr] packets

2010-10-20 Thread Claudio Jeker
On Wed, Oct 20, 2010 at 04:50:49AM +0300, Nerius Landys wrote: I then tried to use nemesis to change the spoofed source address from 64.156.193.115 to 127.0.0.1 or 192.168.0.x, but nemesis wasn't able to do this with the error message ERROR: Incomplete packet injection. Only wrote -1 bytes.

Re: pf corrupting packet checksums?

2010-12-29 Thread Claudio Jeker
On Wed, Dec 29, 2010 at 10:40:58AM +, Stuart Henderson wrote: On 2010/12/29 08:51, Johan Helsingius wrote: Running pf on openbsd 4.8 (i386), I find something very strange going on. Looking at the log: Dec 28 22:23:37.772604 rule 4/(match) [uid 0, pid 28161] pass in on xl2:

Re: PF ruleset stymying my PPPoE testing, or am I just confused?

2011-01-04 Thread Claudio Jeker
On Thu, Dec 30, 2010 at 09:48:52PM -0800, Jonathan Rogers wrote: Trying to set up a new telco fiber connection on my OpenBSD router/ firewall (this is an OLD box with OpenBSD 3.8 on it...sorry). I can't put the new telco connection live as the default yet, because it will affect all users, and

Re: double NOT in rules is not working as expected

2011-04-08 Thread Claudio Jeker
On Fri, Apr 08, 2011 at 01:19:59PM +0300, Bojidara Marinchovska wrote: Hello, netif=netif test1=1.2.3.4 test2=2.3.4.5 block in quick on $netif from {!$test1, !$test2} to x.x.x.x - blocks the access from the IPs from test1 and test2 macros, BUT it should block all other EXCEPT this ones