From owner-freebsd-pf@FreeBSD.ORG Mon Oct 12 11:06:59 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1799C10656B2 for ; Mon, 12 Oct 2009 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 04AFD8FC13 for ; Mon, 12 Oct 2009 11:06:59 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n9CB6wqE036499 for ; Mon, 12 Oct 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n9CB6wBu036495 for freebsd-pf@FreeBSD.org; Mon, 12 Oct 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 12 Oct 2009 11:06:58 GMT Message-Id: <200910121106.n9CB6wBu036495@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Oct 2009 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 36 problems total. From owner-freebsd-pf@FreeBSD.ORG Thu Oct 15 20:45:27 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 394B3106566C for ; Thu, 15 Oct 2009 20:45:27 +0000 (UTC) (envelope-from ml@infosec.pl) Received: from v027580.home.net.pl (v027580.home.net.pl [89.161.156.148]) by mx1.freebsd.org (Postfix) with SMTP id 84E6D8FC12 for ; Thu, 15 Oct 2009 20:45:26 +0000 (UTC) Received: from localhost (HELO ?192.168.1.67?) (ml.freeside@home@127.0.0.1) by m094.home.net.pl with SMTP; Thu, 15 Oct 2009 20:18:49 -0000 Message-ID: <4AD79180.204@infosec.pl> Date: Thu, 15 Oct 2009 21:17:52 +0000 From: Michal User-Agent: Thunderbird 2.0.0.23 (X11/20091003) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: pf starts too early X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 20:45:27 -0000 Hello, I'm using pf on FreeBSD 8.0-RC1. My wlan0-ath0 card is set up via wpa_supplicant.conf and rc.conf (ifconfig_wlan0="WPA DHCP"). pf also starts via rc.conf Problem is that pf cannot start during the system boot because it tries to load rules before my network card gets authenticated and connected. Since wlan0 doesn't have IP address at the time I get a lot of: no IP address found for wlan0 /etc/pf.conf:151: could not parse host specification no IP address found for wlan0 pfctl: Syntax error in config file: pf rules not loaded pf enabled It fills up my dmesg output. Loading rules by hand works perfectly fine. Any ideas what is wrong or which part of the system should I tweak? Michal -- "Attacks always get better; they never get worse." -NSA From owner-freebsd-pf@FreeBSD.ORG Thu Oct 15 21:06:18 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C5BA1065670 for ; Thu, 15 Oct 2009 21:06:18 +0000 (UTC) (envelope-from mkhitrov@gmail.com) Received: from mail-yw0-f178.google.com (mail-yw0-f178.google.com [209.85.211.178]) by mx1.freebsd.org (Postfix) with ESMTP id DF2358FC13 for ; Thu, 15 Oct 2009 21:06:17 +0000 (UTC) Received: by ywh8 with SMTP id 8so1397595ywh.3 for ; Thu, 15 Oct 2009 14:06:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=W8pkEOtvQbUsLfr9fEBfJ9glvGooxdupNH0XiYGu6CE=; b=SQ6g3gMju4hdFrxnCE6XRk5T5ApoqVnhkAWlJaM7rFRXow0TAcS/y41l3u7X2WYQ44 zTEDdAYmN3oYF8lKNXXtIvRM/bmA/Ye3pcLjFk838+fXe79AAGGAGJnEpOmajpynBeHO MWNURBcP9qMF0gixdpXSoeqVUwwNvwDvquH9w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=iwYuJXl7VUsLvB3+RI8uMeU6lQCNgF1fqBI7BdNBIlTRtcDW1tjk5byxz2Z8m9DQBZ EkRUzi9yR2PRTqX4nXFVeC2LJFhTnpcdEwm7tYaHzLQin4hky0aBkqITKlaiAZEdyTYY 0vxNAkO0Y5/hRwuj8ayfOBZYsZCYxGvg+n2jw= MIME-Version: 1.0 Received: by 10.90.243.18 with SMTP id q18mr557341agh.75.1255640777165; Thu, 15 Oct 2009 14:06:17 -0700 (PDT) In-Reply-To: <4AD79180.204@infosec.pl> References: <4AD79180.204@infosec.pl> From: Maxim Khitrov Date: Thu, 15 Oct 2009 17:05:57 -0400 Message-ID: <26ddd1750910151405t79e78781reb417076d60bab45@mail.gmail.com> To: Michal Content-Type: text/plain; charset=UTF-8 Cc: freebsd-pf@freebsd.org Subject: Re: pf starts too early X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 21:06:18 -0000 On Thu, Oct 15, 2009 at 5:17 PM, Michal wrote: > Hello, > > I'm using pf on FreeBSD 8.0-RC1. My wlan0-ath0 card is set up via > wpa_supplicant.conf and rc.conf (ifconfig_wlan0="WPA DHCP"). pf also starts > via rc.conf > > Problem is that pf cannot start during the system boot because it tries to > load rules before my network card gets authenticated and connected. Since > wlan0 doesn't have IP address at the time I get a lot of: > > no IP address found for wlan0 > /etc/pf.conf:151: could not parse host specification > no IP address found for wlan0 > pfctl: Syntax error in config file: pf rules not loaded > pf enabled > > It fills up my dmesg output. Loading rules by hand works perfectly fine. > > Any ideas what is wrong or which part of the system should I tweak? > > Michal See the post I made a few weeks ago on this topic: http://lists.freebsd.org/pipermail/freebsd-pf/2009-September/005329.html You may need to tweak the REQUIRE line in /etc/rc.d/pf for your needs, but otherwise this solution has been working for me without any problems. Just need to be careful not to revert changes when running mergemaster. - Max From owner-freebsd-pf@FreeBSD.ORG Thu Oct 15 22:17:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 955E710656A6 for ; Thu, 15 Oct 2009 22:17:26 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by mx1.freebsd.org (Postfix) with ESMTP id 2B5958FC14 for ; Thu, 15 Oct 2009 22:17:25 +0000 (UTC) Received: from vampire.homelinux.org (dslb-088-067-232-182.pools.arcor-ip.net [88.67.232.182]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MABsf-1N9J4H2cEz-00BEXK; Fri, 16 Oct 2009 00:17:24 +0200 Received: (qmail 93880 invoked from network); 15 Oct 2009 22:17:24 -0000 Received: from kvm.laiers.local (HELO kvm.localnet) (192.168.4.200) by ns1.laiers.local with SMTP; 15 Oct 2009 22:17:24 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Fri, 16 Oct 2009 00:17:33 +0200 User-Agent: KMail/1.12.1 (Linux/2.6.30-ARCH; KDE/4.3.1; x86_64; ; ) References: <4AD79180.204@infosec.pl> In-Reply-To: <4AD79180.204@infosec.pl> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <200910160017.34339.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1/G7nPH5qZ7LIIuizSAQzkrjbOFs6uaWMpER9b etq0VJo21XVaO5iqMwRNKd+N+WBPfAY53H2BtlbpI6QQejrEvD n5fbXJbEj9vXlUgS+ojkQ== Cc: Subject: Re: pf starts too early X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 22:17:26 -0000 On Thursday 15 October 2009 23:17:52 Michal wrote: > Hello, > > I'm using pf on FreeBSD 8.0-RC1. My wlan0-ath0 card is set up via > wpa_supplicant.conf and rc.conf (ifconfig_wlan0="WPA DHCP"). pf also > starts via rc.conf > > Problem is that pf cannot start during the system boot because it tries > to load rules before my network card gets authenticated and connected. > Since wlan0 doesn't have IP address at the time I get a lot of: > > no IP address found for wlan0 > /etc/pf.conf:151: could not parse host specification > no IP address found for wlan0 > pfctl: Syntax error in config file: pf rules not loaded > pf enabled simply s/wlan0/(wlan0)/ where is appears in a host/address context. This is an FAQ. > It fills up my dmesg output. Loading rules by hand works perfectly fine. > > Any ideas what is wrong or which part of the system should I tweak? > > Michal > -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News From owner-freebsd-pf@FreeBSD.ORG Thu Oct 15 22:51:08 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C706D1065670 for ; Thu, 15 Oct 2009 22:51:08 +0000 (UTC) (envelope-from ml@infosec.pl) Received: from v027580.home.net.pl (v027580.home.net.pl [89.161.156.148]) by mx1.freebsd.org (Postfix) with SMTP id 618538FC15 for ; Thu, 15 Oct 2009 22:51:08 +0000 (UTC) Received: from localhost (HELO ?192.168.1.67?) (ml.freeside@home@127.0.0.1) by m094.home.net.pl with SMTP; Thu, 15 Oct 2009 22:51:15 -0000 Message-ID: <4AD7B543.6000700@infosec.pl> Date: Thu, 15 Oct 2009 23:50:27 +0000 From: Michal User-Agent: Thunderbird 2.0.0.23 (X11/20091003) MIME-Version: 1.0 To: Max Laier References: <4AD79180.204@infosec.pl> <200910160017.34339.max@love2party.net> In-Reply-To: <200910160017.34339.max@love2party.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: pf starts too early X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 22:51:08 -0000 Max Laier wrote: > > simply s/wlan0/(wlan0)/ where is appears in a host/address context. This is > an FAQ. > Thank you, looks that it does the trick. And sorry for missing that one. Michal -- "The future is here. It's just not widely distributed yet." -William Gibson