Search results

What do you mean by it didn't work? Is PF enabled (pfctl -si)? Also check the rules loaded with pfctl -sr (show rules) edit: try to load the rules by hand in verbose mode pfctl -f /etc/pf.conf -vvv

I don't know but tcpdump/wireshark will be your friend to see the traffic.

This looks not good, you should increase "set limit frags" I think. Absolute OpenBSD says: "If a packet cannot be coherently reassembled, PF will drop the pieces. 5 "Normalize" shows how many packets have been dropped after scrubbing. Similarly, the 6 "memory" entry shows how many packets have...

from being "attached" yes (loaded is for the module, attached for the device), ulpt is included in the GENERIC kernel. You can keep the module in /boot/kernel. edit: I'm not sure if in FreeBSD >= 9.X we have to prevent ulpt from being attached. But try it. I've made a documentation that worked...

hplip uses libusb to talk directly to the printer, so if your printer is attached as ulpt there is a conflict. Try to use a kernel without ulpt, you don't need lpd also. HTH

just "pass in proto tcp" For RELATED, only FTP is supported via ftp-proxy(8) Regards

Well it depends of the request. If a packet matches a states this is very fast. If the packet has not state (for example dropped traffic) the rules set must be checked. There was a paper for OpenBSD/PF (a bit outdated) http://www.benzedrine.cx/pf-paper.html On real traffic at work, around...

As this a pseudo interface, I think your expectation is wrong. Also filtering on the CARP interface (with PF) does not work at all, this is in PF's FAQ.

A freebsd.org account is not an award, it is a punishment :-)

Well, there are several simple configurations available using /etc/rc.firewall (using ipfw). I don't remember exactly how and if it still works. Something like: /etc/rc.conf firewall_enabled="YES" firewall_type="workstation" (see /etc/rc.firewall) Regards.

I've not tried it but that looks to be a job for the Postfix anvil daemon. http://www.postfix.org/anvil.8.html

Because I'm an adventurer (from time to time you must be that to run FreeBSD IMO). If I don't try 9, who else will try it for my workload? There are also nice things in 9.X (UFS journal, ada driver)... Regards.

You can try to increase the loglevel of CUPS, LogLevel debug in cupsd.conf.

You can ask the freebsd-net@ mailing list too. There are many recent things in FreeBSD which look very nice (SMP PF, Netmap and so on). You can check this document: http://bsdrp.net/documentation/technical_docs/performance As said, on a router/firewall any TCP/UDP optimizations are useless...

It depends on the number of states, not really on the traffic. Here on a machine with 4GB RAM PF eats around 0.7GB RAM (Max Mem 3.93GB, current 3.19GB). That's on OpenBSD with currently 600 Mbit/s and 400000 states. As far I can see, the free memory stays around 3.2GB after a while (the uptime...

Only you can reply to this. Don't trust anyone. Well. I would prefer to let the router doing NAT, because there is no need to NAT twice and it will be hard to filter the flows coming from "childrens" on "friends" machines (the source address will be the PF box). the table <me> is useless...

If I remember well you need to specify a /32 for a single ipv4 address "##.##.##.###/32" (not sure). Regards.

I think it can do the job but I don't know about Asterisk. I use an atom 425 with 2GB of RAM (looks to be the same as 525 but with half cache), it runs: number of users (family): ~10 - jail with postfix and postgrey - jail with postfix, spam-assassin, courier-imap - jail with apache /...

"Linux, the one and only true Unix" http://www.openbsd.org/lyrics.html#52 song just released :-) Regards.

You don't need root privileges to use dump, you just have to be in the group operator so you can read the device. (I guess this is because in the old time, backups required manual intervention by operators to change tapes and so on) example: $ ls -l /dev/ada0s1a crw-r----- 1 root...