[pf4freebsd] Re: problem with 'user'

jb jb at riseup.net
Wed Sep 15 21:00:51 PDT 2004 

On Sun, Feb 01, 2004 at 07:31:28PM +0100, Max Laier wrote:
> 
> Please let us know if that was the case and we can assume that the user 
> stuff is working correctly now. Anyone else seeing this?

it is possible there's something funny in my setup or something wrong I fail
to see.  I have the following:

bash-2.05b$ sudo pfctl -Fs
states cleared
bash-2.05b$ sudo pfctl -f pf.ping
bash-2.05b$ sudo pfctl -vvsr
@0 pass in on lo0 all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@1 pass out on lo0 all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@2 block drop in log all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@3 block drop out log all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@4 pass out log quick all user = 1003 keep state
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@5 block drop out log proto icmp all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]

# as user 1001:
bash-2.05b$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2): 56 data bytes
64 bytes from 10.0.0.2: icmp_seq=0 ttl=64 time=0.795 ms
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.693 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.730 ms
bash-2.05b$ sudo pfctl -vvsr
@0 pass in on lo0 all
  [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
@1 pass out on lo0 all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]
@2 block drop in log all
  [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
@3 block drop out log all
  [ Evaluations: 1         Packets: 0         Bytes: 0           States: 0     ]
@4 pass out log quick all user = 1003 keep state
  [ Evaluations: 1         Packets: 6         Bytes: 504         States: 1     ]
@5 block drop out log proto icmp all
  [ Evaluations: 0         Packets: 0         Bytes: 0           States: 0     ]

# in the meantime:
bash-2.05b$ sudo  pftcpdump -n -e -ttt -i pflog0
pftcpdump: WARNING: pflog0: no IPv4 address assigned
pftcpdump: listening on pflog0
52. 041780 rule 4/0(match): pass out on sis0: 10.0.0.90 > 10.0.0.2: icmp: echo request

I've applied the patch Pyun sent me in the sources directly.  I may have done
something weird at that moment.  I will re-do things properly from ports/

later'
jb

More information about the freebsd-pf mailing list