Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Jan 2015 21:03:42 +0800
From:      Ernie Luzar <>
Cc:        User Questions <>, Luzar <>
Subject:   Re: IPFilter & FreeBSD-10.1
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <54BF7050.90605@ShaneWare.Biz> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> No, I'm not the original poster of this thread, the problem I have is
> different, I'll describe it later
> Again, my problem is different. Originally after upgrade from 9.3 RELEASE
> to 10.0 RELEASE (shortly after it was released). I started observing too
> many packets (more that 90%) dropped by ipfilter. Network feels like 100
> time slower. All config files are in place. I asked on this list for help
> - no one replied (if my memory doesn't fail me). Then I looked into the
> code of kernel module itself, I noticed it is much slimmer than kernel
> module code on 9.3 (many files are missing, some of the ones that are
> there are noticeably shorter). I moved /usr/src off the way and checked
> out fresh copy: all is exactly the same. After that I just replaced the
> code of ipfilter module with the one from 9.3, rebuilt kernel module,
> unloaded and loaded freshly built module. And my ipfilter problem was
> fixed. I just posted this to the thread I have started, so it looks like
> one of the posts here on this thread just quotes what I did (or maybe
> someone else did and described the same). Note that config files didn't
> change.
> After some time living with 10.0 on that box, that box was upgraded to
> 10.1 RELEASE. Also shortly after it was released. And the same problem
> reappeared: ipfilter when it is on drops majority of packets, connections
> seem to be 100 slower...
> I know, happy people (who do not have problem themselves) ... hm ... not
> always can imagine that problem can be real for somebody else. But I still
> hope someone will be able to answer my questions.
> 1. How can I find website (Documentation) for latest ipfilter? Where is
> new place for it (it appears, developer moved it from where it was in the
> past)
There is no website where the IPF rule documentation is published. There 
is only the "man pages".
> 2. Did the syntax change between versions or not? On 9.3 I have version:
> v4.1.28 (496), whereas on 10.1: v5.1.2 (608). If yes, where do I find
> appropriate documentation. I certainly will be able to rewrite my rules
> myself after reading documentation. After all I wrote them (of course,
> using amazing FreeBSD online documentation ! ;-)
In 10.0  where  ipfilter is stated as new version added gives no warning 
that rule syntax has changed
> Thanks in advance for all your replies.
> Valeri

There is a very long thread dated Apr 15, 2013 with subject "ipfilter(4) 
needs maintainer" in the questions and current mailing lists
Cy Schuert became the maintainer.

He's the person you should be talking to. If you still get no joy then 
file a PR to shine more light on your problem


Want to link to this message? Use this URL: <>