[pf4freebsd] Re: pfaltq-5.1.0.4 problem using fingerprinting
Max Laier
max at love2party.net
Wed Sep 15 20:50:01 PDT 2004
> > All seems to be working fine including AltQ integration. Only a minor
> > glitch when I do ifconfig. (box reboots... works perfectly fine on
> > another 5.1 box. Probably a kernel option. Will do some more research on
> > this...)
> >
> > Anyway, passive fingerprinting may have a bug,
> > This is the important rule in question:
> >
> > #ssh
> > pass in on $ext_if proto tcp from any os Windows to $main_ip port 22
> > modulate state queue(interact_bulk,interact_ack)
> >
> > Without the "os Windows" everything works fine. And I am coming in from
> > a Windows box as tcpdump shows:
>
> To make it clear, it _never_ allows my remote windows box to log in.
.. too late for my reply ... can you provide counters (i.e. "pfctl -gvvsr"
output)? Please send the whole ruleset if you want us to help. Additonal
tcpdump on pflog0 (with some "log spice" in the rule-set) could help as
well. I have not seen problems with OSFP and tried it on a very same
scenario.
Regards,
Max
More information about the freebsd-pf
mailing list