From owner-freebsd-pf@FreeBSD.ORG  Mon Mar  7 11:07:04 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BCFAE1065675
	for <freebsd-pf@FreeBSD.org>; Mon,  7 Mar 2011 11:07:04 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id AA1828FC1C
	for <freebsd-pf@FreeBSD.org>; Mon,  7 Mar 2011 11:07:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p27B74Sn097016
	for <freebsd-pf@FreeBSD.org>; Mon, 7 Mar 2011 11:07:04 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p27B74uO097014
	for freebsd-pf@FreeBSD.org; Mon, 7 Mar 2011 11:07:04 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 7 Mar 2011 11:07:04 GMT
Message-Id: <201103071107.p27B74uO097014@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-pf@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2011 11:07:04 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/153307  pf         [pf] Bug with PF firewall
o kern/148290  pf         [pf] "sticky-address" option of Packet Filter (PF) blo
o kern/148260  pf         [pf] [patch] pf rdr incompatible with dummynet
o kern/147789  pf         [pf] Firewall PF no longer drops connections by sendin
o kern/146832  pf         [pf] "(self)" not always matching all local IPv6 addre
o kern/143543  pf         [pf] [panic] PF route-to causes kernel panic
o bin/143504   pf         [patch] outgoing states are not killed by authpf(8)
o conf/142961  pf         [pf] No way to adjust pidfile in pflogd
o conf/142817  pf         [patch] etc/rc.d/pf: silence pfctl
o kern/141905  pf         [pf] [panic] pf kernel panic on 7.2-RELEASE with empty
o kern/140697  pf         [pf] pf behaviour changes - must be documented
o kern/137982  pf         [pf] when pf can hit state limits, random IP failures 
o kern/136781  pf         [pf] Packets appear to drop with pf scrub and if_bridg
o kern/135948  pf         [pf] [gre] pf not natting gre protocol
o kern/135162  pf         [pfsync] pfsync(4) not usable with GENERIC kernel
o kern/134996  pf         [pf] Anchor tables not included when pfctl(8) is run w
o kern/133732  pf         [pf] max-src-conn issue
o kern/132769  pf         [pf] [lor] 2 LOR's with pf task mtx / ifnet and  rtent
f kern/132176  pf         [pf] pf stalls connection when using route-to [regress
o conf/130381  pf         [rc.d] [pf] [ip6] ipv6 not fully configured when pf st
o kern/129861  pf         [pf] [patch] Argument names reversed in pf_table.c:_co
o kern/127920  pf         [pf] ipv6 and synproxy don't play well together
o conf/127814  pf         [pf] The flush in pf_reload in /etc/rc.d/pf does not w
o kern/127439  pf         [pf] deadlock in pf
f kern/127345  pf         [pf] Problem with PF on FreeBSD7.0 [regression]
o kern/127121  pf         [pf] [patch] pf incorrect log priority
o kern/127042  pf         [pf] [patch] pf recursion panic if interface group is 
o kern/125467  pf         [pf] pf keep state bug while handling sessions between
s kern/124933  pf         [pf] [ip6] pf does not support (drops) IPv6 fragmented
o kern/124364  pf         [pf] [panic] Kernel panic with pf + bridge
o kern/122773  pf         [pf] pf doesn't log uid or pid when configured to
o kern/122014  pf         [pf] [panic] FreeBSD 6.2 panic in pf
o kern/120281  pf         [pf] [request] lost returning packets to PF for a rdr 
o kern/120057  pf         [pf] [patch] Allow proper settings of ALTQ_HFSC. The c
o bin/118355   pf         [pf] [patch] pfctl(8) help message options order false
o kern/114567  pf         [pf] [lor] pf_ioctl.c + if.c
o kern/114095  pf         [carp] carp+pf delay with high state limit
s conf/110838  pf         [pf] tagged parameter on nat not working on FreeBSD 5.
o kern/103283  pf         pfsync fails to sucessfully transfer some sessions
o kern/103281  pf         pfsync reports bulk update failures
o kern/93825   pf         [pf] pf reply-to doesn't work
o sparc/93530  pf         [pf] Incorrect checksums when using pf's route-to on s
o kern/92949   pf         [pf] PF + ALTQ problems with latency
o bin/86635    pf         [patch] pfctl(8): allow new page character (^L) in pf.
o kern/82271   pf         [pf] cbq scheduler cause bad latency

45 problems total.


From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 00:06:02 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15D1B106564A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 00:06:02 +0000 (UTC)
	(envelope-from mlmichael70@gmail.com)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 9A3BF8FC1C
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 00:06:01 +0000 (UTC)
Received: by wyf23 with SMTP id 23so1097wyf.13
	for <freebsd-pf@freebsd.org>; Tue, 08 Mar 2011 16:06:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:message-id:date:from:user-agent:mime-version:to
	:subject:content-type:content-transfer-encoding;
	bh=NF5m4GTvbmsP7K2QCRgKTqWsOs45dUWa4gQnxs9vnsQ=;
	b=WrSujuJayKRQb3j3dL3xcXXmu59NjrgyXaOKg7ICdqciqhPdYdddctG2l24uEzSYOX
	iv6zp6wbu563bxJYzTkmjImDHnJ4g6efFdoVQn7QaYQhCbHZlzbrer4Fg3ugQJZSHPxW
	+XQCC7k2kKgx3cH9FDA39LcnrxVJhqLBBhcks=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject
	:content-type:content-transfer-encoding;
	b=TrkFhWVsL7KjVhOdvPgR5AopJe/zw42wCtmyD4O9W1zYMFuP92s9AOcubda60JRw7M
	hFj6EccDXCHhvr3vt1lKazVwNAtweCvaolEYtaIg/H7akKXdFmvZfaOgR/kkqlf09/Rr
	IknS1wulAt+zu6uzNuZgjAL4Glc9Hd3/GbbTo=
Received: by 10.227.181.140 with SMTP id by12mr1329996wbb.84.1299627832967;
	Tue, 08 Mar 2011 15:43:52 -0800 (PST)
Received: from prime.nonspace (nat65.mia.three.co.uk [217.171.129.65])
	by mx.google.com with ESMTPS id bd8sm977511wbb.7.2011.03.08.15.43.52
	(version=SSLv3 cipher=OTHER); Tue, 08 Mar 2011 15:43:52 -0800 (PST)
Message-ID: <4D76BF41.9000406@gmail.com>
Date: Tue, 08 Mar 2011 23:44:01 +0000
From: Michael <mlmichael70@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.13) Gecko/20101215 Thunderbird/3.1.7
MIME-Version: 1.0
To: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: multiple loginterface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 00:06:02 -0000

Hi,

Is it possible to set multiple loginterfaces in pf.conf? The man page 
says no but maybe there is some workarounds?

I'm using FreeBSD 8.1-R

Michael

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 09:40:33 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 05731106564A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:40:33 +0000 (UTC)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from mail1.jellyfishnet.co.uk (mail1.jellyfishnet.co.uk [93.91.20.9])
	by mx1.freebsd.org (Postfix) with ESMTP id 9437D8FC0A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:40:32 +0000 (UTC)
Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.3) by
	mail1.jellyfishnet.co.uk (93.91.20.9) with Microsoft SMTP Server (TLS)
	id 8.1.393.1; Wed, 9 Mar 2011 09:29:41 +0000
Received: from PEMEXMBXVS02.jellyfishnet.co.uk.local ([192.168.65.37]) by
	pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi;
	Wed, 9 Mar 2011 09:29:38 +0000
From: Greg Hennessy <Greg.Hennessy@nviz.net>
To: Michael <mlmichael70@gmail.com>, "freebsd-pf@freebsd.org"
	<freebsd-pf@freebsd.org>
Date: Wed, 9 Mar 2011 09:29:36 +0000
Thread-Topic: multiple loginterface
Thread-Index: Acvd7dChoMaEBI3aQ6SWrUVBWOR0XAATqglA
Message-ID: <9E8D76EC267C9444AC737F649CBBAD9027BC9A4538@PEMEXMBXVS02.jellyfishnet.co.uk.local>
References: <4D76BF41.9000406@gmail.com>
In-Reply-To: <4D76BF41.9000406@gmail.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: 
Subject: RE: multiple loginterface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 09:40:33 -0000

V2hhdCdzIHRoZSBsaWtlbHkgdXNlIGNhc2UgPyBKYWlscyA/DQoNCj4gLS0tLS1PcmlnaW5hbCBN
ZXNzYWdlLS0tLS0NCj4gRnJvbTogb3duZXItZnJlZWJzZC1wZkBmcmVlYnNkLm9yZyBbbWFpbHRv
Om93bmVyLWZyZWVic2QtDQo+IHBmQGZyZWVic2Qub3JnXSBPbiBCZWhhbGYgT2YgTWljaGFlbA0K
PiBTZW50OiAwOCBNYXJjaCAyMDExIDExOjQ0IFBNDQo+IFRvOiBmcmVlYnNkLXBmQGZyZWVic2Qu
b3JnDQo+IFN1YmplY3Q6IG11bHRpcGxlIGxvZ2ludGVyZmFjZQ0KPiANCj4gSGksDQo+IA0KPiBJ
cyBpdCBwb3NzaWJsZSB0byBzZXQgbXVsdGlwbGUgbG9naW50ZXJmYWNlcyBpbiBwZi5jb25mPyBU
aGUgbWFuIHBhZ2Ugc2F5cyBubw0KPiBidXQgbWF5YmUgdGhlcmUgaXMgc29tZSB3b3JrYXJvdW5k
cz8NCj4gDQo+IEknbSB1c2luZyBGcmVlQlNEIDguMS1SDQo+IA0KPiBNaWNoYWVsDQo+IF9fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IGZyZWVic2QtcGZA
ZnJlZWJzZC5vcmcgbWFpbGluZyBsaXN0DQo+IGh0dHA6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWls
bWFuL2xpc3RpbmZvL2ZyZWVic2QtcGYNCj4gVG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1haWwg
dG8gImZyZWVic2QtcGYtdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmciDQo=

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 09:41:10 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 385091065672
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:41:10 +0000 (UTC)
	(envelope-from mlmichael70@gmail.com)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id BC82C8FC22
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:41:09 +0000 (UTC)
Received: by wyf23 with SMTP id 23so325204wyf.13
	for <freebsd-pf@freebsd.org>; Wed, 09 Mar 2011 01:41:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:message-id:date:from:user-agent:mime-version:to
	:cc:subject:references:in-reply-to:content-type
	:content-transfer-encoding;
	bh=B0FPY9+roaYfYigWyIkzR233I8fKVcgxqU0t6euYh4I=;
	b=VWCiPD7GJ6EGdZZSbrvMlEPwQccfgDMxgnhOLHv7DAvWuoRH61jsbbygZCud04mjWB
	SvjLVbIDOMYr1ZXg5aTSVJoxU6Pw3/bAjDVGBIj1Y5qV8Ao/GplySvdWZuwZvXGKTfj2
	51xY2qdRjaqO69EjktPhiEetx/Uqjv+CA+bgE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	b=IuVN4VmnsfFPXKOgSYjd4XKwoB6Icv1vxnAFsATVFRDYuuG7IMU/9TCT8htlzF18qz
	j3vE8MtnSbAwMGBVwI89JbjL44kOZZMhemt2qgCfYKmRClYHil+khdb0g6ic66b8JX45
	WGBrKT8/U3apURKje/s9XHNFgbM1chnMQ1Qek=
Received: by 10.227.110.37 with SMTP id l37mr5463358wbp.114.1299663668709;
	Wed, 09 Mar 2011 01:41:08 -0800 (PST)
Received: from prime.nonspace (nat79.mia.three.co.uk [217.171.129.79])
	by mx.google.com with ESMTPS id y29sm1316664wbd.16.2011.03.09.01.41.07
	(version=SSLv3 cipher=OTHER); Wed, 09 Mar 2011 01:41:08 -0800 (PST)
Message-ID: <4D774B3D.3050108@gmail.com>
Date: Wed, 09 Mar 2011 09:41:17 +0000
From: Michael <mlmichael70@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.13) Gecko/20101215 Thunderbird/3.1.7
MIME-Version: 1.0
To: Greg Hennessy <Greg.Hennessy@nviz.net>
References: <4D76BF41.9000406@gmail.com>
	<9E8D76EC267C9444AC737F649CBBAD9027BC9A4538@PEMEXMBXVS02.jellyfishnet.co.uk.local>
In-Reply-To: <9E8D76EC267C9444AC737F649CBBAD9027BC9A4538@PEMEXMBXVS02.jellyfishnet.co.uk.local>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: multiple loginterface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 09:41:10 -0000

On 09/03/2011 09:29, Greg Hennessy wrote:
> What's the likely use case ? Jails ?
>

I was thinking about something else, please correct me if I'm wrong. I'm 
using two interfaces to get online on a regular basis, one is gsm and 
another one is wifi.
I want to monitor both of them at any given time so I thought I need 
multiple loginterfaces?

Michael

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 09:48:04 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DA3C6106566B
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:48:04 +0000 (UTC)
	(envelope-from Greg.Hennessy@nviz.net)
Received: from mail2.jellyfishnet.co.uk (mail2.jellyfishnet.co.uk
	[93.91.20.10]) by mx1.freebsd.org (Postfix) with ESMTP id 739548FC1B
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 09:48:04 +0000 (UTC)
Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.3) by
	mail2.jellyfishnet.co.uk (93.91.20.10) with Microsoft SMTP Server (TLS)
	id 8.1.436.0; Wed, 9 Mar 2011 09:47:49 +0000
Received: from PEMEXMBXVS02.jellyfishnet.co.uk.local ([192.168.65.37]) by
	pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi;
	Wed, 9 Mar 2011 09:48:03 +0000
From: Greg Hennessy <Greg.Hennessy@nviz.net>
To: Michael <mlmichael70@gmail.com>
Date: Wed, 9 Mar 2011 09:48:01 +0000
Thread-Topic: multiple loginterface
Thread-Index: AcvePh/H8uWmlpCPSJCSijwsra+TgAAAA8XA
Message-ID: <9E8D76EC267C9444AC737F649CBBAD9027BC9A456D@PEMEXMBXVS02.jellyfishnet.co.uk.local>
References: <4D76BF41.9000406@gmail.com>
	<9E8D76EC267C9444AC737F649CBBAD9027BC9A4538@PEMEXMBXVS02.jellyfishnet.co.uk.local>
	<4D774B3D.3050108@gmail.com>
In-Reply-To: <4D774B3D.3050108@gmail.com>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
acceptlanguage: en-US, en-GB
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: RE: multiple loginterface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 09:48:04 -0000

QXMgbG9uZyBhcyBQRiBpcyBlbmFibGVkIGFuZCB5b3UgaGF2ZW4ndCBkb25lIGEgJ3NldCBza2lw
IG9uIGludGVyZmFjZScuIA0KDQpQdXR0aW5nIGJsb2NrIGxvZyBhbGwnIGF0IHRoZSBzdGFydCBv
ZiB0aGUgcG9saWN5IHdpbGwgY2F0Y2ggZXZlcnl0aGluZyBoaXR0aW5nIHRoZSBkZWZhdWx0IGRl
bnkgYW5kIGFkZGluZyAnbG9nJyB0byB0aGUgYWNjZXNzIHJ1bGVzIHdpbGwgcmVjb3JkIGV2ZXJ5
dGhpbmcgZWxzZS4gDQoNCklmIHlvdSdyZSB1c2luZyB0aGUgcGxhdGZvcm0gYXMgYSBtdWx0aWhv
bWVkIGZpcmV3YWxsLCBpdCBtYXkgbWFrZSBsaWZlIHNpbXBsZXIgdG8gZ3JhbnQgdGhlIGVncmVz
cyBpbnRlcmZhY2VzIGFjY2VzcyBieSBkZWZhdWx0LCBhbmQgcHV0IHNlY3VyaXR5IHBvbGljeSBl
bmZvcmNlbWVudCBvbiB0aGUgaW5ncmVzcyBpbnRlcmZhY2UuIA0KDQoNClJlZ2FyZHMNCg0KR3Jl
Zw0KDQoNCg0KPiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBNaWNoYWVsIFtt
YWlsdG86bWxtaWNoYWVsNzBAZ21haWwuY29tXQ0KPiBTZW50OiAwOSBNYXJjaCAyMDExIDk6NDEg
QU0NCj4gVG86IEdyZWcgSGVubmVzc3kNCj4gQ2M6IGZyZWVic2QtcGZAZnJlZWJzZC5vcmcNCj4g
U3ViamVjdDogUmU6IG11bHRpcGxlIGxvZ2ludGVyZmFjZQ0KPiANCj4gT24gMDkvMDMvMjAxMSAw
OToyOSwgR3JlZyBIZW5uZXNzeSB3cm90ZToNCj4gPiBXaGF0J3MgdGhlIGxpa2VseSB1c2UgY2Fz
ZSA/IEphaWxzID8NCj4gPg0KPiANCj4gSSB3YXMgdGhpbmtpbmcgYWJvdXQgc29tZXRoaW5nIGVs
c2UsIHBsZWFzZSBjb3JyZWN0IG1lIGlmIEknbSB3cm9uZy4gSSdtIHVzaW5nDQo+IHR3byBpbnRl
cmZhY2VzIHRvIGdldCBvbmxpbmUgb24gYSByZWd1bGFyIGJhc2lzLCBvbmUgaXMgZ3NtIGFuZCBh
bm90aGVyIG9uZSBpcw0KPiB3aWZpLg0KPiBJIHdhbnQgdG8gbW9uaXRvciBib3RoIG9mIHRoZW0g
YXQgYW55IGdpdmVuIHRpbWUgc28gSSB0aG91Z2h0IEkgbmVlZCBtdWx0aXBsZQ0KPiBsb2dpbnRl
cmZhY2VzPw0KPiANCj4gTWljaGFlbA0K

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 10:37:14 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5AEAC106564A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 10:37:14 +0000 (UTC)
	(envelope-from quentin.narvor@ensi-bourges.fr)
Received: from ensi-bourges.fr (mail.ensi-bourges.fr [195.221.38.25])
	by mx1.freebsd.org (Postfix) with ESMTP id E6F388FC1B
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 10:37:13 +0000 (UTC)
Received: (qmail 15847 invoked from network); 9 Mar 2011 10:10:21 -0000
Received: from unknown (HELO webmail.ensi-bourges.fr) ([195.221.38.6])
	(envelope-sender <quentin.narvor@ensi-bourges.fr>)
	by mail.ensi-bourges.fr (qmail-ldap-1.03) with SMTP
	for <freebsd-pf@freebsd.org>; 9 Mar 2011 10:10:21 -0000
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Date: Wed, 09 Mar 2011 11:10:15 +0100
From: "quentin.narvor" <quentin.narvor@ensi-bourges.fr>
To: <freebsd-pf@freebsd.org>
Message-ID: <6304e85de3fbe21c56ac6a3fbed4ee24@ensi-bourges.fr>
X-Sender: quentin.narvor@ensi-bourges.fr
User-Agent: RoundCube Webmail/0.3.1
Subject: Dynamically adding entry in a table
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 10:37:14 -0000

Hi,

I'd like to dump (dup-to operation) all traffic from a subset of hosts
belonging to my internal network. This subset of hosts will be stored in
a table.

I have another table referring to blacklisted hosts (ie botnets, etc).
When a
packet goes through the firewall with destination host = an IP of
blacklist table, I'd like to trigger an addition to the first table (the
one containing internal host to dump traffic).

Excepting "overload" rules, I didn't find out how to do it (dynamically
adding source host at a matching rule). Do you have some pieces of
information ?


From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 10:46:20 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 107A71065672
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 10:46:20 +0000 (UTC)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch
	[213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id EDD628FC1A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 10:46:17 +0000 (UTC)
Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1])
	by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id p29AkG46018689
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Wed, 9 Mar 2011 11:46:16 +0100 (MET)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id p29AkFYE010253;
	Wed, 9 Mar 2011 11:46:15 +0100 (MET)
Date: Wed, 9 Mar 2011 11:46:15 +0100
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: Michael <mlmichael70@gmail.com>
Message-ID: <20110309104615.GA29391@insomnia.benzedrine.cx>
References: <4D76BF41.9000406@gmail.com>
	<9E8D76EC267C9444AC737F649CBBAD9027BC9A4538@PEMEXMBXVS02.jellyfishnet.co.uk.local>
	<4D774B3D.3050108@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4D774B3D.3050108@gmail.com>
User-Agent: Mutt/1.5.12-2006-07-14
Cc: Greg Hennessy <Greg.Hennessy@nviz.net>,
	"freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org>
Subject: Re: multiple loginterface
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 10:46:20 -0000

On Wed, Mar 09, 2011 at 09:41:17AM +0000, Michael wrote:

> I was thinking about something else, please correct me if I'm wrong. I'm 
> using two interfaces to get online on a regular basis, one is gsm and 
> another one is wifi.
> I want to monitor both of them at any given time so I thought I need 
> multiple loginterfaces?

Try pfctl -i ifname -vvsI

Daniel

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 11:12:56 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CBD11106564A
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 11:12:56 +0000 (UTC)
	(envelope-from lists@c0mplx.org)
Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 8EE9F8FC12
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 11:12:56 +0000 (UTC)
Received: from pi by home.opsec.eu with local (Exim 4.72 (FreeBSD))
	(envelope-from <lists@c0mplx.org>) id 1PxHK5-000MJG-0c
	for freebsd-pf@freebsd.org; Wed, 09 Mar 2011 12:12:57 +0100
Date: Wed, 9 Mar 2011 12:12:56 +0100
From: Kurt Jaeger <lists@c0mplx.org>
To: freebsd-pf@freebsd.org
Message-ID: <20110309111256.GA85625@home.opsec.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: commit for PF ftp proxy bug (bin/154469) ?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 11:12:56 -0000

Hi!

Can someone have a look at

http://www.freebsd.org/cgi/query-pr.cgi?pr=154469

and do the commit ?

It's only a small change to flush the output buffers of the ftp-proxy,
but it's tested and works.

-- 
pi@opsec.eu            +49 171 3101372                         9 years to go !

From owner-freebsd-pf@FreeBSD.ORG  Wed Mar  9 19:54:31 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 452171065670
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 19:54:31 +0000 (UTC)
	(envelope-from k@kevinkevin.com)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id EF6008FC18
	for <freebsd-pf@freebsd.org>; Wed,  9 Mar 2011 19:54:30 +0000 (UTC)
Received: by vws16 with SMTP id 16so947085vws.13
	for <freebsd-pf@freebsd.org>; Wed, 09 Mar 2011 11:54:30 -0800 (PST)
Received: by 10.52.68.110 with SMTP id v14mr8138994vdt.248.1299700470107;
	Wed, 09 Mar 2011 11:54:30 -0800 (PST)
Received: from kkPC (not.enough.unixsluts.com [76.10.166.187])
	by mx.google.com with ESMTPS id c8sm862958vcc.33.2011.03.09.11.54.27
	(version=SSLv3 cipher=OTHER); Wed, 09 Mar 2011 11:54:28 -0800 (PST)
From: "kevin" <k@kevinkevin.com>
To: <freebsd-pf@freebsd.org>
Date: Wed, 9 Mar 2011 14:52:55 -0500
Message-ID: <077101cbde93$9673c780$c35b5680$@com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Content-Language: en-us
Thread-Index: Acvek5P51oylBP2QT8W4VsxAPHb6EQ==
x-cr-hashedpuzzle: AUoq AtIa BjkF B4ex CiKn E8AB FSJt FkmX Ha5A Hn51 IXhb JFwN
	JVck KWIr LRbv LXE9; 1;
	ZgByAGUAZQBiAHMAZAAtAHAAZgBAAGYAcgBlAGUAYgBzAGQALgBvAHIAZwA=;
	Sosha1_v1; 7; {6C43B98A-6FB9-48F3-9A24-5ACD6625CBCA};
	awBAAGsAZQB2AGkAbgBrAGUAdgBpAG4ALgBjAG8AbQA=;
	Wed, 09 Mar 2011 19:52:53 GMT;
	YwBhAG4AIAB5AG8AdQAgAGEAcwBzAGkAZwBuACAAbwByACAAYQBzAHMAbwBjAGkAYQB0AGUAIABjAGEAcgBwACAAdABvACAAYQAgAHIAZQBhAGwAIABpAG4AdABlAHIAZgBhAGMAZQA/ACAAKABjAGEAcgBwACAAKwAgAGMAYQByAHAAZABlAHYAKQA=
x-cr-puzzleid: {6C43B98A-6FB9-48F3-9A24-5ACD6625CBCA}
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: can you assign or associate carp to a real interface? (carp +
	carpdev)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2011 19:54:31 -0000

Hello,

 

 

According to OpenBSD's PF manual, located here :

 

http://www.openbsd.org/faq/pf/carp.html

 

 

It describes a directive that can be passed to CARP , called "carpdev",
which "specifies the physical network interface that belongs to this
redundancy group"

 

My question is that , after noticing that this directive doesn't exist in
FreeBSD's man page for carp, is there any way to associate a  CARP device
with a real interface? For example if  I have a server with two interfaces
with IP addresses on the same subnet - how will carp know which real
interface to associate with?

 

My understanding is that if no 'carpdev' directive is passed, carp will
detect the interface if its on the same subnet as the given carp ip.

 

If this can be done , please let me know! 

 

 

Thanks,

 

Kevin

 


From owner-freebsd-pf@FreeBSD.ORG  Thu Mar 10 02:08:38 2011
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 18E9F1065672
	for <freebsd-pf@freebsd.org>; Thu, 10 Mar 2011 02:08:38 +0000 (UTC)
	(envelope-from tom@uffner.com)
Received: from eris.uffner.com (uffner.com [66.208.243.25])
	by mx1.freebsd.org (Postfix) with ESMTP id B71938FC1B
	for <freebsd-pf@freebsd.org>; Thu, 10 Mar 2011 02:08:37 +0000 (UTC)
Received: from [10.69.69.61] (static-71-162-143-90.phlapa.fios.verizon.net
	[71.162.143.90]) (authenticated bits=0)
	by eris.uffner.com (8.14.3/8.14.3) with ESMTP id p2A1ngnK089622
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256
	verify=FAIL); Wed, 9 Mar 2011 20:49:48 -0500 (EST)
	(envelope-from tom@uffner.com)
Message-ID: <4D782E30.5030908@uffner.com>
Date: Wed, 09 Mar 2011 20:49:36 -0500
From: Tom Uffner <tom@uffner.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.16) Gecko/20110206 Lightning/1.0b1 SeaMonkey/2.0.11
MIME-Version: 1.0
To: "quentin.narvor" <quentin.narvor@ensi-bourges.fr>
References: <6304e85de3fbe21c56ac6a3fbed4ee24@ensi-bourges.fr>
In-Reply-To: <6304e85de3fbe21c56ac6a3fbed4ee24@ensi-bourges.fr>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: Dynamically adding entry in a table
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 02:08:38 -0000

quentin.narvor wrote:
> I'd like to dump (dup-to operation) all traffic from a subset of hosts
> belonging to my internal network. This subset of hosts will be stored in
> a table.
>
> I have another table referring to blacklisted hosts (ie botnets, etc).
> When a
> packet goes through the firewall with destination host = an IP of
> blacklist table, I'd like to trigger an addition to the first table (the
> one containing internal host to dump traffic).

let's call your two tables watchhosts & blackhosts.

ensure that you are logging packets w/ destinations in the blacklist table
(eg. "pass out log on $ext_if to <blackhosts>"). if you are logging a lot
of traffic you may find it useful to create a separate pflog for this rule
and use "log (to <interface>)" in this rule.

write a script that reads the pflog and parses source addresses from packets
that trip the blackhosts rule above. the script then uses something like
"pfctl -t watchhosts -T add <src addr>" to add the address to your table.

please consult the man pages pf.conf(5), pfctl(8) and pflog(4) for additional
information.