From owner-freebsd-pf@freebsd.org Sun May 12 21:00:22 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85D6215A2183 for ; Sun, 12 May 2019 21:00:22 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 1AADA8AC94 for ; Sun, 12 May 2019 21:00:22 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id D27ED15A2178; Sun, 12 May 2019 21:00:21 +0000 (UTC) Delivered-To: pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C074A15A2177 for ; Sun, 12 May 2019 21:00:21 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 612028AC8A for ; Sun, 12 May 2019 21:00:21 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 928A11F502 for ; Sun, 12 May 2019 21:00:20 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x4CL0KAi040074 for ; Sun, 12 May 2019 21:00:20 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x4CL0KF7040073 for pf@FreeBSD.org; Sun, 12 May 2019 21:00:20 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201905122100.x4CL0KF7040073@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: pf@FreeBSD.org Subject: Problem reports for pf@FreeBSD.org that need special attention Date: Sun, 12 May 2019 21:00:20 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 May 2019 21:00:22 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- Open | 203735 | Transparent interception of ipv6 with squid and p 1 problems total for which you should take action. From owner-freebsd-pf@freebsd.org Fri May 17 00:47:10 2019 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 019C115AB94C for ; Fri, 17 May 2019 00:47:10 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor.nl2k.ab.ca (doctor.nl2k.ab.ca [204.209.81.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1594A84129 for ; Fri, 17 May 2019 00:47:09 +0000 (UTC) (envelope-from doctor@doctor.nl2k.ab.ca) Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.92 (FreeBSD)) (envelope-from ) id 1hRR1e-000431-HE for freebsd-pf@freebsd.org; Thu, 16 May 2019 18:47:06 -0600 Date: Thu, 16 May 2019 18:47:06 -0600 From: The Doctor To: freebsd-pf@freebsd.org Subject: Wishing to build a 'router' pf box Message-ID: <20190517004706.GA6318@doctor.nl2k.ab.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.11.4 (2019-03-13) X-Rspamd-Queue-Id: 1594A84129 X-Spamd-Bar: + X-Spamd-Result: default: False [1.03 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.08)[-0.076,0]; URIBL_BLOCKED(0.00)[empire.kred.multi.uribl.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-0.20)[-0.201,0]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; NEURAL_SPAM_SHORT(0.14)[0.137,0]; MX_GOOD(-0.01)[cached: doctor.nl2k.ab.ca]; DMARC_POLICY_ALLOW(-0.50)[nl2k.ab.ca,quarantine]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; INTRODUCTION(2.00)[]; ASN(0.00)[asn:6171, ipnet:204.209.81.0/24, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-0.02)[country: CA(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 May 2019 00:47:10 -0000 Running into toons of problems with opensbsd and their ports, so I am looking to build a FreeBSD equivalent. The Box would look like: --------------------------------- | | | eth3 | | | eth2 | | | eth1 | | | eth0 | | --------------------------------- Yes I would the packet filtering to attempt to drop malicious packets and pass and forward good ones true. the Interface of Eth0 would 192.168.81.14 and eth1 would go back to 192.168.82.2 the router. I would like to use sshguard with PF, suricata, squid and 2 to 3 virtual bhyve machines with the virtual machines have 2 virtual etherports each. What are the installation steps? UFS/ZFS I will decide on the controller. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism Newfoundland on 16 May 2019, do not vote PC nor NDP!