From owner-freebsd-pf@FreeBSD.ORG  Mon Aug 30 11:07:02 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B42811065673
	for <freebsd-pf@FreeBSD.org>; Mon, 30 Aug 2010 11:07:02 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id A2AC48FC2B
	for <freebsd-pf@FreeBSD.org>; Mon, 30 Aug 2010 11:07:02 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o7UB721T087508
	for <freebsd-pf@FreeBSD.org>; Mon, 30 Aug 2010 11:07:02 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o7UB717E087506
	for freebsd-pf@FreeBSD.org; Mon, 30 Aug 2010 11:07:01 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 30 Aug 2010 11:07:01 GMT
Message-Id: <201008301107.o7UB717E087506@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-pf@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 11:07:02 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/148290  pf         [pf] "sticky-address" option of Packet Filter (PF) blo
o kern/148260  pf         [pf] [patch] pf rdr incompatible with dummynet
o kern/147789  pf         [pf] Firewall PF no longer drops connections by sendin
o kern/146832  pf         [pf] "(self)" not always matching all local IPv6 addre
o kern/144311  pf         [pf] [icmp] massive ICMP storm on lo0 occurs when usin
o kern/143543  pf         [pf] [panic] PF route-to causes kernel panic
o bin/143504   pf         [patch] outgoing states are not killed by authpf(8)
o conf/142961  pf         [pf] No way to adjust pidfile in pflogd
o conf/142817  pf         [patch] etc/rc.d/pf: silence pfctl
o kern/141905  pf         [pf] [panic] pf kernel panic on 7.2-RELEASE with empty
o kern/140697  pf         [pf] pf behaviour changes - must be documented
o kern/137982  pf         [pf] when pf can hit state limits, random IP failures 
o kern/136781  pf         [pf] Packets appear to drop with pf scrub and if_bridg
o kern/135948  pf         [pf] [gre] pf not natting gre protocol
o kern/135162  pf         [pfsync] pfsync(4) not usable with GENERIC kernel
o kern/134996  pf         [pf] Anchor tables not included when pfctl(8) is run w
o kern/133732  pf         [pf] max-src-conn issue
o kern/132769  pf         [pf] [lor] 2 LOR's with pf task mtx / ifnet and  rtent
f kern/132176  pf         [pf] pf stalls connection when using route-to [regress
o conf/130381  pf         [rc.d] [pf] [ip6] ipv6 not fully configured when pf st
o kern/129861  pf         [pf] [patch] Argument names reversed in pf_table.c:_co
o kern/127920  pf         [pf] ipv6 and synproxy don't play well together
o conf/127814  pf         [pf] The flush in pf_reload in /etc/rc.d/pf does not w
o kern/127439  pf         [pf] deadlock in pf
f kern/127345  pf         [pf] Problem with PF on FreeBSD7.0 [regression]
o kern/127121  pf         [pf] [patch] pf incorrect log priority
o kern/127042  pf         [pf] [patch] pf recursion panic if interface group is 
o kern/125467  pf         [pf] pf keep state bug while handling sessions between
s kern/124933  pf         [pf] [ip6] pf does not support (drops) IPv6 fragmented
o kern/124364  pf         [pf] [panic] Kernel panic with pf + bridge
o kern/122773  pf         [pf] pf doesn't log uid or pid when configured to
o kern/122014  pf         [pf] [panic] FreeBSD 6.2 panic in pf
o kern/121704  pf         [pf] PF mangles loopback packets
o kern/120281  pf         [pf] [request] lost returning packets to PF for a rdr 
o kern/120057  pf         [pf] [patch] Allow proper settings of ALTQ_HFSC. The c
o bin/118355   pf         [pf] [patch] pfctl(8) help message options order false
o kern/114567  pf         [pf] [lor] pf_ioctl.c + if.c
o kern/114095  pf         [carp] carp+pf delay with high state limit
o kern/111220  pf         [pf] repeatable hangs while manipulating pf tables
s conf/110838  pf         [pf] tagged parameter on nat not working on FreeBSD 5.
o kern/103283  pf         pfsync fails to sucessfully transfer some sessions
o kern/103281  pf         pfsync reports bulk update failures
o kern/93825   pf         [pf] pf reply-to doesn't work
o sparc/93530  pf         [pf] Incorrect checksums when using pf's route-to on s
o kern/92949   pf         [pf] PF + ALTQ problems with latency
o bin/86635    pf         [patch] pfctl(8): allow new page character (^L) in pf.
o kern/82271   pf         [pf] cbq scheduler cause bad latency

47 problems total.


From owner-freebsd-pf@FreeBSD.ORG  Tue Aug 31 14:27:25 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AE489106566B
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 14:27:25 +0000 (UTC)
	(envelope-from k@kevinkevin.com)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 68BD08FC1E
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 14:27:25 +0000 (UTC)
Received: by vws7 with SMTP id 7so6330263vws.13
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 07:27:24 -0700 (PDT)
Received: by 10.220.88.155 with SMTP id a27mr3612709vcm.149.1283263184136;
	Tue, 31 Aug 2010 06:59:44 -0700 (PDT)
Received: from kkPC (not.enough.unixsluts.com [76.10.166.187])
	by mx.google.com with ESMTPS id m31sm2838387vcf.37.2010.08.31.06.59.42
	(version=SSLv3 cipher=RC4-MD5); Tue, 31 Aug 2010 06:59:43 -0700 (PDT)
From: "kevin" <k@kevinkevin.com>
To: <freebsd-pf@freebsd.org>
Date: Tue, 31 Aug 2010 09:59:35 -0400
Message-ID: <007601cb4914$c062b8e0$41282aa0$@com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
thread-index: ActJFL1bHcpdWIQNQziOfA6aTomLQA==
Content-Language: en-us
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Transparent bridge + PF + VPN + GRE Protocol
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2010 14:27:25 -0000

Hello,

 

I am attempting to setup a PPTP VPN on a client machine that is behind a
transparent bridged FreeBSD 8.0-RELEASE PF firewall :

 

FreeBSD xx-xx 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #11: Wed Aug 18 07:10:10
EDT 2010

 

My preliminary pf.conf directives simply pass in quick and pass out quick
proto gre. Unfortunately it appears as though packets are being dropped at
the firewall level for said protocol.

 

I'd like to appeal to the collective experience here in the hopes that
someone may have a similar environment where PF + GRE + PPTP are working. 

 

Please let me know if any additional information is required.

 

Thanks,

 

Kevin

 


From owner-freebsd-pf@FreeBSD.ORG  Tue Aug 31 23:25:18 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3C5A410656A5
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 23:25:18 +0000 (UTC)
	(envelope-from kevin.way@gmail.com)
Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id DE6098FC15
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 23:25:17 +0000 (UTC)
Received: by vws7 with SMTP id 7so6952123vws.13
	for <freebsd-pf@freebsd.org>; Tue, 31 Aug 2010 16:25:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:from:content-type:subject
	:date:message-id:to:mime-version:x-mailer;
	bh=SpFZIQshmH6i57PjJmeVrTR2eDSCXyrKrW7vO8s11Ak=;
	b=xP5ZGw35OJW78sBv3SLzbrrszNaZxmJwomopKq7yIjciDEgt5VUhLRSpdH/PBB3K40
	KV38ubSKAdURWvJBxXxJZEYn2SWgXBQszii/xRFoLBdD+alafE9qgduQ2AqaFihJxGlN
	XEaHG6pXKh5dLA/HlQsQSrh+wGLm72RvvJpcU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=from:content-type:subject:date:message-id:to:mime-version:x-mailer;
	b=q7L5HfR/tGBSmd6iRhbg4vqpuelDtfIhhv8fvev/uOpzyLuB7Hy6ksK8/2sdjyg878
	IT767AQvc8e+o3dMyIC9Ij89tqemWmL2ZtafIRU1l+JyymI4iJb47Bfv/WUM8uXk8lo1
	+bsoX8NIJAXJkkVNRQRB1bJT4xnD8uWdQEggs=
Received: by 10.220.122.87 with SMTP id k23mr3726085vcr.14.1283295481022;
	Tue, 31 Aug 2010 15:58:01 -0700 (PDT)
Received: from [10.0.1.99] (c-69-141-57-107.hsd1.pa.comcast.net
	[69.141.57.107])
	by mx.google.com with ESMTPS id m31sm3154671vcf.37.2010.08.31.15.57.59
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Tue, 31 Aug 2010 15:58:00 -0700 (PDT)
From: Kevin Way <kevin.way@gmail.com>
Date: Tue, 31 Aug 2010 18:57:58 -0400
Message-Id: <ACADA83C-45C1-4F69-9DB8-809940EC4A30@gmail.com>
To: freebsd-pf@freebsd.org
Mime-Version: 1.0 (Apple Message framework v1081)
X-Mailer: Apple Mail (2.1081)
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Performance problem w/pf using reply-to on FreeBSD 8.1
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2010 23:25:18 -0000

After upgrading to 8.1, I'm having a severe performance problem, that's =
throttling connections down to about 5kb/sec.  The same configuration =
works flawlessly on 8.0.  The rest of the ruleset works fine, our =
problem is just with this one line.


(uname -a)
FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010
root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64


(pf.conf)

jailhost_if=3D"vlan34"
jailhost_gateway=3D"10.11.34.1"
jailhost_network=3D"10.11.34.0/24"
pass in quick on $jailhost_if reply-to ($jailhost_if $jailhost_gateway) =
\
  from !$jailhost_network to $jailhost_network keep state label =
"Jailhost inbound"


(what happens almost instantly after a connection is initiated)

# pfctl -vvsl | grep "Jailhost inbound"
Jailhost inbound 35734 269954511 408697347239 134975646 10797967079 =
134978865 397899380160




Any help would be greatly appreciated.

Regards,
Kevin Way=

From owner-freebsd-pf@FreeBSD.ORG  Wed Sep  1 10:19:59 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1EF98106566C
	for <freebsd-pf@freebsd.org>; Wed,  1 Sep 2010 10:19:59 +0000 (UTC)
	(envelope-from zeus@relay.ibs.dn.ua)
Received: from relay.ibs.dn.ua (relay1.ibs.dn.ua [91.216.196.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 680DA8FC17
	for <freebsd-pf@freebsd.org>; Wed,  1 Sep 2010 10:19:57 +0000 (UTC)
Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) 
	by relay.ibs.dn.ua with ESMTP id o81A7Vg9073179
	for <freebsd-pf@freebsd.org>; Wed, 1 Sep 2010 13:07:31 +0300 (EEST)
Received: (from zeus@localhost)
	by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id o81A7V3k073174
	for freebsd-pf@freebsd.org; Wed, 1 Sep 2010 13:07:31 +0300 (EEST)
Date: Wed, 1 Sep 2010 13:07:31 +0300
From: Zeus V Panchenko <zeus.panchenko@gmail.com>
To: freebsd-pf@freebsd.org
Message-ID: <20100901100731.GA53832@relay.ibs.dn.ua>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
User-Agent: Mutt/1.4.2.3i
X-Operating-System: FreeBSD 8.1-RELEASE
X-Editor: GNU Emacs 23.2.1
Subject: is there emacs mode for pc.conf ?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: zeus.panchenko@gmail.com
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 10:19:59 -0000

Hi All,

is there any special mode for emacs to edit pf.conf (except conf-mode itself :) of course), please?

-- 
Zeus V. Panchenko
IT Dpt., IBS ltd			      	        GMT+2 (EET)