Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Jan 2015 21:03:42 +0800
From:      Ernie Luzar <luzar722@gmail.com>
To:        galtsev@kicp.uchicago.edu
Cc:        User Questions <freebsd-questions@freebsd.org>, Luzar <luzar722@gmail.com>
Subject:   Re: IPFilter & FreeBSD-10.1
Message-ID:  <54C0F52E.2010906@gmail.com>
In-Reply-To: <8292.76.193.18.182.1421893014.squirrel@cosmo.uchicago.edu>
References:  <CAAdA2WMudfd0J9RP_3UL+EMC8Vh3Crks8c-6U5f7AQMBSR0XJQ@mail.gmail.com> <CAOc73CCsrnqskLJKFbQH2W-EYH7yi=AXiSKw8jLYz0O35spJ5g@mail.gmail.com> <CAAdA2WOeiEv2opf4ZMDAf=LvC5TUCbC8+AeE0ecf7Ac+=jQ1-w@mail.gmail.com> <54BF7050.90605@ShaneWare.Biz> <CAAdA2WPr4jjdS3MiuNkuG2JQCA_LAaSndhe=cRxiSHVf9o_yRw@mail.gmail.com> <51264.128.135.70.2.1421883154.squirrel@cosmo.uchicago.edu> <54C0510C.8070408@gmail.com> <8292.76.193.18.182.1421893014.squirrel@cosmo.uchicago.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

>
> No, I'm not the original poster of this thread, the problem I have is
> different, I'll describe it later
>
>   
> Again, my problem is different. Originally after upgrade from 9.3 RELEASE
> to 10.0 RELEASE (shortly after it was released). I started observing too
> many packets (more that 90%) dropped by ipfilter. Network feels like 100
> time slower. All config files are in place. I asked on this list for help
> - no one replied (if my memory doesn't fail me). Then I looked into the
> code of kernel module itself, I noticed it is much slimmer than kernel
> module code on 9.3 (many files are missing, some of the ones that are
> there are noticeably shorter). I moved /usr/src off the way and checked
> out fresh copy: all is exactly the same. After that I just replaced the
> code of ipfilter module with the one from 9.3, rebuilt kernel module,
> unloaded and loaded freshly built module. And my ipfilter problem was
> fixed. I just posted this to the thread I have started, so it looks like
> one of the posts here on this thread just quotes what I did (or maybe
> someone else did and described the same). Note that config files didn't
> change.
>
> After some time living with 10.0 on that box, that box was upgraded to
> 10.1 RELEASE. Also shortly after it was released. And the same problem
> reappeared: ipfilter when it is on drops majority of packets, connections
> seem to be 100 slower...
>
> I know, happy people (who do not have problem themselves) ... hm ... not
> always can imagine that problem can be real for somebody else. But I still
> hope someone will be able to answer my questions.
>
> 1. How can I find website (Documentation) for latest ipfilter? Where is
> new place for it (it appears, developer moved it from where it was in the
> past)
>   
There is no website where the IPF rule documentation is published. There 
is only the "man pages".
> 2. Did the syntax change between versions or not? On 9.3 I have version:
> v4.1.28 (496), whereas on 10.1: v5.1.2 (608). If yes, where do I find
> appropriate documentation. I certainly will be able to rewrite my rules
> myself after reading documentation. After all I wrote them (of course,
> using amazing FreeBSD online documentation ! ;-)
>   
In 10.0  where  ipfilter is stated as new version added gives no warning 
that rule syntax has changed
> Thanks in advance for all your replies.
>
> Valeri
>
>
>   

There is a very long thread dated Apr 15, 2013 with subject "ipfilter(4) 
needs maintainer" in the questions and current mailing lists
Cy Schuert became the maintainer. Cy.Schuert@komquats.com

He's the person you should be talking to. If you still get no joy then 
file a PR to shine more light on your problem



	





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?54C0F52E.2010906>