Date: Sun, 27 Jan 2019 16:08:55 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: ASV <asv@inhio.net> Cc: "questions list" <freebsd-questions@freebsd.org> Subject: Re: PF issue since 11.2-RELEASE Message-ID: <F26DA908-F2AC-4CBF-8227-A4C3D21865EE@FreeBSD.org> In-Reply-To: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net> References: <989e79372513e9769c6857b531f14df8ce0b6f3a.camel@inhio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 Jan 2019, at 17:00, ASV wrote: > since I've upgraded to 11.2 (from 11.1) I've observed that anytime I > change something on pf.conf and reload (pfctl -f /etc/pf.conf) I > partially loose connectivity. Partially means that I still am > connected > to the server but the server cannot connect anywhere or ping anything > (no hosts no IPs) also the jails instantly suffers from the same. That sounds like your established connection continues (because it keeps using the old rules), and something is wrong with the new rules. The logical debugging steps would be: - check the ruleset matches what you expect (pfctl -s rules) - check the state table (pfctl -s states) - use pflog to determine what rule causes traffic to be dropped > The quickest fix is to revert the PF configuration to the previous one > and reload. Everything starts working again. > What do you mean by ‘previous one’? Do you have two rulesets? What are the two rulesets? > I've been trying to find the root cause of this without success. Did I > miss some major change on the PF port on FreeBSD? I've never seen this > serious issue before nor on FreeBSD neither on OpenBSD. It’s very difficult to debug this with the extremely limited information you’ve included. Please post, at the very least, your pf ruleset and a full description of what you’re doing when things break and how you recover. Regards, Kristof From owner-freebsd-questions@freebsd.org Sun Jan 27 15:39:31 2019 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6F7D614B0DCD for <freebsd-questions@mailman.ysv.freebsd.org>; Sun, 27 Jan 2019 15:39:31 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from kicp.uchicago.edu (kicp.uchicago.edu [128.135.20.70]) by mx1.freebsd.org (Postfix) with ESMTP id 0D0826EBA5 for <freebsd-questions@freebsd.org>; Sun, 27 Jan 2019 15:39:28 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from [10.0.0.5] (adsl-108-68-160-150.dsl.chcgil.sbcglobal.net [108.68.160.150]) by kicp.uchicago.edu (Postfix) with ESMTP id A66A8718054 for <freebsd-questions@freebsd.org>; Sat, 26 Jan 2019 13:23:22 -0600 (CST) Subject: Re: Wireless interface To: freebsd-questions@freebsd.org References: <CAPu-kW-0u=Eoj8NtASnD_WDnsosj_WcTEh=Zhby1DnBV3d2rdg@mail.gmail.com> <MWHPR04MB04954E8E691D98C40B68607780940@MWHPR04MB0495.namprd04.prod.outlook.com> From: Valeri Galtsev <galtsev@kicp.uchicago.edu> Message-ID: <ca52dc16-1f7b-7397-2106-76a22bf8579a@kicp.uchicago.edu> Date: Sat, 26 Jan 2019 13:23:22 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <MWHPR04MB04954E8E691D98C40B68607780940@MWHPR04MB0495.namprd04.prod.outlook.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 0D0826EBA5 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dmarc=fail reason="" header.from=uchicago.edu (policy=none) X-Spamd-Result: default: False [1.43 / 15.00]; ARC_NA(0.00)[]; DMARC_POLICY_SOFTFAIL(0.10)[uchicago.edu : No valid SPF, No valid DKIM,none]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.23)[-0.227,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; NEURAL_SPAM_MEDIUM(0.64)[0.643,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-0.02)[country: US(-0.08)]; NEURAL_SPAM_SHORT(0.94)[0.936,0]; MX_GOOD(-0.01)[kicp.uchicago.edu]; RCVD_IN_DNSWL_NONE(0.00)[70.20.135.128.list.dnswl.org : 127.0.10.0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:160, ipnet:128.135.0.0/16, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Sun, 27 Jan 2019 15:39:31 -0000 On 1/26/19 12:50 PM, Carmel NY wrote: > On Sat, 26 Jan 2019 09:54:05 -0600, Rob Belics stated: > >>> It is situations like this that make me love >>> Microsoft. Connecting a wireless network should not require user >>> intervention other than choosing the network and entering the >>> password. >> >> FreeBSD is not a consumer operating system. It's not designed to hand >> hold anyone. That is why Windows is such a huge monstrosity of an >> install. > > I just finished a fresh install of Windows 10. If you take the time > involved in installing a basic MS Windows system vs. a basic FreeBSD > system, Windows will usually win. A big plus is that Windows actually > can get a wireless system up and running by itself, sans perhaps > supplying the password. Does FreeBSD even support using the WPS Button > on the Wi-Fi Router? Plus, you then have to install a GUI. Now, if you > want to compare a FreeBSD system sans GUI, you have to compare it > against a MS Server, not the regular Windows version design for home or > office users. > > This is not about "hand-holding"; it is about bring the OS into the > modern age. My machine is supposed to be my slave, not the other way > around. Just a small comment on neither side, hopefully. As one clever man said, you will pay, one way or another. With MS Windows system you will pay money for using it. You will also pay money for using 3rd party software - antivirus. MS is the only system vendor I know of who explicitly tells you it is not safe to use their system without 3rd party software (antivirus). With FreeBSD you will pay with your time. You will need some effort requiring some learning to install system, software, and make all work. You will need some effort to plan ahead before purchasing your machine to avid really ugly hardware (Broadcom BCM43xx is example of really ugly one, search about its design; something like 32 bit chip on 64 bit bus may ring the bell; - to the contrary to their great ethernet chips). But once you have everything working, FreeBSD is great, not bloated as majority Linuxes became recently. One more alternative: Linux, and if you have chunks of hardware that need proprietary (binary only, etc) drives ("microcode", "firmware"), great choice would be Ubuntu, which is clone of Debian (the last is great Linux distro staying away from proprietary stuff). With Linux (read: Ubunty), you virtually don't need to invest your time, all will work pretty much out of the box, and you will have less bloated, and definitely more secure system than MS Windows, ("fatter" than FreeBSD would be though). So, one can find what fits one's needs; and each of us can pay credit to one's own choice of system vendor, without ranting about other people system choices ;-) Just my $0.02 Valeri > > Thanks for your comment anyway. > -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F26DA908-F2AC-4CBF-8227-A4C3D21865EE>