Is there some reason that divert sockets (``man divert'') can't do
this for you?
On Sun, Jun 13, 2010 at 03:27:57AM +0400, Vadim Jukov wrote:
Hello, tech@, especially PF hackers!
This is a work-in-progress patch that implements direct packet inspection
in PF. This is needed in the cases
On Sun, Jun 13, 2010 at 12:36:52PM +1000, Rod Whitworth wrote:
The rule:
pass in on $int_if inet proto tcp to any port ftp \
rdr-to 127.0.0.1 port 8021
in the example ruleset on http://www.openbsd.org/faq/pf/example1.html
does not work for active ftp from NATted hosts.
There are
On Sun, 13 Jun 2010 07:44:26 +0100, Jason McIntyre wrote:
On Sun, Jun 13, 2010 at 12:36:52PM +1000, Rod Whitworth wrote:
The rule:
pass in on $int_if inet proto tcp to any port ftp \
rdr-to 127.0.0.1 port 8021
in the example ruleset on http://www.openbsd.org/faq/pf/example1.html
does
On Sun, Jun 13, 2010 at 05:31:39PM +1000, Rod Whitworth wrote:
if the point of that rule is the same as the point of the rule in
ftp-proxy(8), then the rule should really match the man page (which uses
quick) or vice versa.
Note that the ftp-proxy manpage does pass in quick with no
On Sun, Jun 13, 2010 at 12:41:01PM +0400, Vadim Zhukov wrote:
Hm-m-m, could you explain better, please? I don't see the way to do
such filtering with diverting, excluding writing a proxy app listening
all the traffic.
Why do you assume I'm excluding a proxy app?
2010/6/13, Bret S. Lambert
ym(4) needs the following in addition.
I haven't gotten any test results on this yet ... a lot of the
code in audioce(4) and audiocs(4) in sparc64 and sparc come from
here ... the plan is to split the MI code out and share instead
of having it copied in several places. so, this is not just for
No, no, it's me who is excluding this way. :) Moving packets through
userland and reimplementing states in the app is not the simpliest,
most reliable and - last but not least - fastest way, IMHO. Please
prove me if I'm wrong.
2010/6/13, Bret S. Lambert bret.lamb...@gmail.com:
On Sun, Jun 13,
On Sun, 13 Jun 2010 10:48:49 +0100, Stuart Henderson wrote:
On 2010/06/13 17:31, Rod Whitworth wrote:
On Sun, 13 Jun 2010 07:44:26 +0100, Jason McIntyre wrote:
On Sun, Jun 13, 2010 at 12:36:52PM +1000, Rod Whitworth wrote:
The rule:
pass in on $int_if inet proto tcp to any port ftp \
Thank you, I got the point. Yes, my patch is intended for some simple
case only, when writing a program for filtering is a little bit
overkill. I understand that there is no silver bullet, and, of course,
separate proxy app is needed in complex cases. Well, there are reasons
having both rdr-to and
13 June 2010 P3. 19:14:39 Vadim Zhukov wrote:
Thank you, I got the point. Yes, my patch is intended for some simple
case only, when writing a program for filtering is a little bit
overkill. I understand that there is no silver bullet, and, of course,
separate proxy app is needed in complex
2010/6/12 Vadim Jukov persg...@gmail.com:
This is a work-in-progress patch that implements direct packet inspection
in PF.
Is there a reason not to reuse bpf for this?
11 matches
Mail list logo
