From owner-freebsd-pf@FreeBSD.ORG Mon Feb 28 11:07:04 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 47F11106566B for ; Mon, 28 Feb 2011 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 35F728FC1F for ; Mon, 28 Feb 2011 11:07:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1SB74qQ012042 for ; Mon, 28 Feb 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1SB7358012040 for freebsd-pf@FreeBSD.org; Mon, 28 Feb 2011 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Feb 2011 11:07:03 GMT Message-Id: <201102281107.p1SB7358012040@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Feb 2011 11:07:04 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 45 problems total. From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 20:54:58 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A9471065673 for ; Wed, 2 Mar 2011 20:54:58 +0000 (UTC) (envelope-from gina.smith@cabbagetreesolutions.com) Received: from mx3.supremebox.com (mx1.supremebox.com [209.25.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id EE8008FC12 for ; Wed, 2 Mar 2011 20:54:57 +0000 (UTC) Received: from [76.122.41.126] (helo=apple-PC.com) by mx3.supremebox.com with esmtpa (Exim 4.72) (envelope-from ) id 1PurpX-0001Mj-TG for freebsd-pf@freebsd.org; Wed, 02 Mar 2011 19:35:28 +0000 Date: Wed, 02 Mar 2011 14:35:27 -0500 Message-ID: <201132143527661AMUNIQUEID@APPLE-PC> From: gina.smith@cabbagetreesolutions.com To: freebsd-pf@freebsd.org X-Mailer: AutoMSW (www.automsw.com) ID: 1386452 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Sender-Ident: gina.smith@cabbagetreesolutions.com Subject: Audio Transcription - $0.50 Per Audio Minute X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 20:54:58 -0000 Hello, I work as an audio transcriber and can transcribe your writing material , = academic materials or audio recordings that you may be using for writing y= our books, articles, journals, class notes. I can do transcription of tel= eclass, mentoring / hypnotic sessions, Sermons, TV Shows, webinars, interv= iews and podcasts. I have over 3 years of transcription experience and hav= e been supporting several clients with their transcription requirements. = I assure you of quality work and most importantly confidentiality of all t= he proprietary information / materials. All the work is deleted from our s= ystems as soon as the transcription is completed to the satisfaction of ou= r client. I do sign an NDA if so required. = My rate is USD 0.50 per audio minute and audios can be transcribed and ret= urned within 12-24 hrs time. This means a 60 min clear audio will only co= st you $30.00 = You can send the audio via www.transferbigfiles.com to my email address gi= na.smith@cabbagetreesolutions.com . What I can do is a free sample transcr= ipt of any audio of your choice and if the sample is to your satisfaction,= then we can take it forward from there. Payment can be made only if you a= re satisfied with the work and the payment mode could be PayPal, wire tran= sfer or any other means as per your convenience. = In addition I also do SEO related tasks, typing work and article writing .= Should you have any such requirements, please do let me know. You can a= lso visit my website www.cabbagetreesolutions.com to get more information = about the services that I offer. Let me know what is a good time to call you and discuss this further. Look= ing forward to hearing from you soon and working for you and once again I = assure you of quality work and confidentiality of information. = Regards, Gina Smith www.cabbagetreesolutions.com 1-813-579-3593 From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 21:05:52 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC269106566B for ; Wed, 2 Mar 2011 21:05:52 +0000 (UTC) (envelope-from red35@zyni.com) Received: from esprit.zyni.com (zyni-1-pt.tunnel.tserv13.ash1.ipv6.he.net [IPv6:2001:470:7:a14::2]) by mx1.freebsd.org (Postfix) with ESMTP id 9BF938FC16 for ; Wed, 2 Mar 2011 21:05:52 +0000 (UTC) Received: from esprit.zyni.com (localhost [127.0.0.1]) by esprit.zyni.com (Postfix) with ESMTP id 7D9654AC1F for ; Wed, 2 Mar 2011 14:05:51 -0700 (MST) X-Virus-Scanned: amavisd-new at zyni.com Received: from esprit.zyni.com ([127.0.0.1]) by esprit.zyni.com (esprit.zyni.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XzBxA84e+15V for ; Wed, 2 Mar 2011 14:05:38 -0700 (MST) Received: from minuit.zyni.com (unknown [IPv6:2001:470:e317:98::101]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by esprit.zyni.com (Postfix) with ESMTPS id B5ADE4AC1B for ; Wed, 2 Mar 2011 14:05:38 -0700 (MST) Received: from minuit.zyni.com (localhost [127.0.0.1]) by minuit.zyni.com (8.14.4/8.14.4) with ESMTP id p22L5b2E030101 for ; Wed, 2 Mar 2011 14:05:38 -0700 (MST) (envelope-from red35@minuit.zyni.com) Message-Id: <201103022105.p22L5b2E030101@minuit.zyni.com> To: freebsd-pf@freebsd.org Date: Wed, 02 Mar 2011 14:05:37 -0700 From: Red35 Subject: plans for carpdev with IPv6 (rtadvd problem with carp interfaces) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 21:05:53 -0000 I was curious if anyone knew if there were plans for importing/committing carpdev with IPv6 support? I have been informed that carp and rtadvd will not work without this or some equivalent. I have a firewall I can help test with if necessary. Cheers, Geoffrey From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 21:14:54 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B705106564A for ; Wed, 2 Mar 2011 21:14:54 +0000 (UTC) (envelope-from neamtu@gmail.com) Received: from mail-gx0-f182.google.com (mail-gx0-f182.google.com [209.85.161.182]) by mx1.freebsd.org (Postfix) with ESMTP id 48D8C8FC08 for ; Wed, 2 Mar 2011 21:14:54 +0000 (UTC) Received: by gxk7 with SMTP id 7so153414gxk.13 for ; Wed, 02 Mar 2011 13:14:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=2MfC70vVbzdMjAAuHFXQXp2Sy866E++m0GcEDbTCr4s=; b=k+2/OpB4Z5/+n5IKcTRZiaIpURs87m++LqI58CM25kIedZIziij4ZEJj/ZvwScgdfP FjPpzxrjXTnmIZSOznvJ1gqFzl6s3ZvbHtcyRZoxD9Ir59aQuONBiguSWtEwZniBDOs7 130qYeB2P1YSn+ZV/5WgrntyiwYwdDUOsLMa4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=lXMbviWMqk48tTzKr0G5X8NYOo0Cy5l6kjGPOzj4/Zo13PHXmdbrpDrAS3H+X8iC+5 PtwBOlpH13SkppVxKlxANC4IZHkIFuuAQi5gQjSduc0eGn9hdmuiyJe5mmSdOg6OI7cn qyGWT8KX/UTSZlVyx5DQfbFJs9ymOQkiWHC9I= MIME-Version: 1.0 Received: by 10.91.21.35 with SMTP id y35mr799227agi.120.1299099065133; Wed, 02 Mar 2011 12:51:05 -0800 (PST) Received: by 10.90.70.11 with HTTP; Wed, 2 Mar 2011 12:51:05 -0800 (PST) Date: Wed, 2 Mar 2011 22:51:05 +0200 Message-ID: From: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: make pf to detect and drop virus/malware packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 21:14:54 -0000 Hi, this is the first time when I write on mailing list. If this subject was discussed in the past please don't shoot me, just trow me a bone. I was wonder if pf can detect packets that match a signature/fingerprint of a virus, like it makes with the OS fingerprints. Let's assume that I start to download eicar then pf 'see' the signature of the pachet(s) and drop the connection. Is this possible ? PS. excuse my English From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 21:49:40 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A4EE106564A for ; Wed, 2 Mar 2011 21:49:40 +0000 (UTC) (envelope-from neamtu@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 247E98FC17 for ; Wed, 2 Mar 2011 21:49:39 +0000 (UTC) Received: by ywf9 with SMTP id 9so147791ywf.13 for ; Wed, 02 Mar 2011 13:49:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vnzxrZW2HS2Oly4V6P5/HXQ+9oOBR5yhLzMAHTSAV0c=; b=mIVZGgtFkuU6x2ynFMUYqCaoa9zxzd1C3RBT2FpNSyp8lIt5BOEtW9N7RN7s9feu1t 1u3EyjM9+qtf+AhxKlKHTwfN92tJG5LQtaZPk/dgRjeEZyj+GkH+BUC4/4mPDoylGW2i uxEuRqr9NaB1ucAFrOu6VeMfDv1/kytV5/8pw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=YLrtFoT+gZDzK3Puh01N/CkcvpTgOUFEBEx9opCq9QENqKZ7dc4Yt+em4K6hTKZybv InBIMDdCKPC1OQlRXuOPBAXX4QQq4GBRvVLttS7RWgqKuYctViiJ/uftChhS3/9ehTlR PbAE+6BkY6zzlH5owZmfkUjMeLCYEK//+v/1s= MIME-Version: 1.0 Received: by 10.90.3.35 with SMTP id 35mr28230agc.39.1299102579365; Wed, 02 Mar 2011 13:49:39 -0800 (PST) Received: by 10.90.70.11 with HTTP; Wed, 2 Mar 2011 13:49:39 -0800 (PST) In-Reply-To: <4D6EB5BF.5040309@gmx.de> References: <4D6EB5BF.5040309@gmx.de> Date: Wed, 2 Mar 2011 23:49:39 +0200 Message-ID: From: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= To: olli hauer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: make pf to detect and drop virus/malware packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 21:49:40 -0000 This look interesting, thanks. On Wed, Mar 2, 2011 at 11:25 PM, olli hauer wrote: > On 2011-03-02 21:51, Richard Brend=F6rfer wrote: > > Hi, > > this is the first time when I write on mailing list. > > If this subject was discussed in the past please don't shoot me, just > trow > > me a bone. > > > > I was wonder if pf can detect packets that match a signature/fingerprin= t > of > > a virus, like it makes with the OS fingerprints. > > > > Let's assume that I start to download eicar then pf 'see' the signature > of > > the pachet(s) and drop the connection. > > Is this possible ? > > > > Not direct with pf, but in combination with snort and sortsam. > From owner-freebsd-pf@FreeBSD.ORG Wed Mar 2 21:52:30 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BF0A106564A for ; Wed, 2 Mar 2011 21:52:30 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by mx1.freebsd.org (Postfix) with SMTP id C65D18FC15 for ; Wed, 2 Mar 2011 21:52:29 +0000 (UTC) Received: (qmail invoked by alias); 02 Mar 2011 21:24:26 -0000 Received: from u18-124.dslaccess.de (EHLO [172.20.1.100]) [194.231.39.124] by mail.gmx.net (mp065) with SMTP; 02 Mar 2011 22:24:26 +0100 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX1/9N/Nicdr9V+DYDtqY7bW/p5rhBmEPxeEJmJTicF mOQVX4psMLTte1 Message-ID: <4D6EB5BF.5040309@gmx.de> Date: Wed, 02 Mar 2011 22:25:19 +0100 From: olli hauer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Richard_Brend=F6rfer?= References: In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Y-GMX-Trusted: 0 Cc: freebsd-pf@freebsd.org Subject: Re: make pf to detect and drop virus/malware packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2011 21:52:30 -0000 On 2011-03-02 21:51, Richard Brendörfer wrote: > Hi, > this is the first time when I write on mailing list. > If this subject was discussed in the past please don't shoot me, just trow > me a bone. > > I was wonder if pf can detect packets that match a signature/fingerprint of > a virus, like it makes with the OS fingerprints. > > Let's assume that I start to download eicar then pf 'see' the signature of > the pachet(s) and drop the connection. > Is this possible ? > Not direct with pf, but in combination with snort and sortsam.