Considered BETA now [Re: New PF (OpenBSD 3.7 ***ALPHA-preview***)]

Greg Hennessy Greg.Hennessy at nviz.net
Wed Apr 27 11:50:34 PDT 2005


Hi Max, been meaning to log this, just subscribed today. 


Consider if you will the following, policy excerpts have been running fine
under OBSD 3.4 and your excellent handiwork prior to the 3.7 import on Free.


Pristine CURRENT as of 

~ # uname -a
FreeBSD gw2.local.net 6.0-CURRENT FreeBSD 6.0-CURRENT #38: Tue Apr 26
09:37:04 BST 2005     root at gw2.local.net:/usr/obj/usr/src/sys/GH  i386

PF and ALTQ conf'd in statically. 

~ # cat /etc/pf-nbt.conf
Ext="hme1"
RPC_NBT="{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }"
# Drop NBT on external interface
block quick on $Ext inet proto {tcp,udp} to any port $RPC_NBT
#

~ # grep -i nbt /etc/pf.conf
# Discard unwanted NBT traffic
anchor nbt
load anchor nbt:nbt from "/etc/pf-nbt.conf"
#

Appears to parse & load ok

~ # pfctl -v -a nbt:nbt -f /etc/pf-nbt.conf
Ext = "hme1"
Int = "hme0"
RPC_NBT = "{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }"
block drop quick on hme1 inet proto tcp from any to any port = loc-srv
block drop quick on hme1 inet proto tcp from any to any port = netbios-ns
block drop quick on hme1 inet proto tcp from any to any port = netbios-dgm
block drop quick on hme1 inet proto tcp from any to any port = netbios-ssn
block drop quick on hme1 inet proto tcp from any to any port = microsoft-ds
block drop quick on hme1 inet proto udp from any to any port = loc-srv
block drop quick on hme1 inet proto udp from any to any port = netbios-ns
block drop quick on hme1 inet proto udp from any to any port = netbios-dgm
block drop quick on hme1 inet proto udp from any to any port = netbios-ssn
block drop quick on hme1 inet proto udp from any to any port = microsoft-ds


However, no joy. 

~ # pfctl -v -s Anchors -a nbt:nbt
~ # pfctl -v -s Anchors -a nbt
~ #

Have been running the 3.7 code for a week, if you need other info from me,
just ask. 


Cheers


Greg












 

> -----Original Message-----
> From: owner-freebsd-pf at freebsd.org 
> [mailto:owner-freebsd-pf at freebsd.org] On Behalf Of Max Laier
> Sent: 27 April 2005 19:25
> To: freebsd-pf at freebsd.org
> Subject: Considered BETA now [Re: New PF (OpenBSD 3.7 
> ***ALPHA-preview***)]
> 
> On Wednesday 20 April 2005 01:12, Max Laier wrote:
> > All,
> >
> > at:
> >     http://people.freebsd.org/~mlaier/pf37/
> >
> > you will find the first shot at the long awaited import of a new 
> > version of pf.  This is level with what is likely to be shipped as 
> > OpenBSD 3.7 and includes *most* of the features.
> 
> Until now I have gotten zero feedback concerning this!  If 
> you are not willing to test, you will have to live with the 
> consequences!
> 
> I have done some tests myself, however, and my soekris box 
> seems stable and happy with the code so far.  I consider it 
> to be BETA-stage now and urge everybody - once more - PLEASE 
> TEST THIS AND SEND FEEDBACK, NOW!
> 
> > Updates will be posted to the freebsd-pf mailing list.  Thanks.
> 
> -- 
> /"\  Best regards,                      | mlaier at freebsd.org
> \ /  Max Laier                          | ICQ #67774661
>  X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
> / \  ASCII Ribbon Campaign              | Against HTML Mail and News
> 



More information about the freebsd-pf mailing list