FreeBSD 8.2 + pf + ipfw (dummynet)
Murat SÜRÜCÜ
msurucu at karaelmas.edu.tr
Thu Jul 14 08:26:11 UTC 2011
I think the problem is dummynet corrupts PF state information. What can i do
for prevent it?
Murat
-----Original Message-----
From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org] On
Behalf Of Murat SÜRÜCÜ
Sent: Tuesday, July 12, 2011 8:55 AM
To: 'Ermal Luçi'
Cc: freebsd-pf at freebsd.org
Subject: RE: FreeBSD 8.2 + pf + ipfw (dummynet)
Thanks for reply,
IPFW is kernel module, PF is loadable module in my config.
And this config was normally run when version is 7.2.
Murat
-----Original Message-----
From: ermal.luci at gmail.com [mailto:ermal.luci at gmail.com] On Behalf Of Ermal
Luçi
Sent: Tuesday, July 12, 2011 12:59 AM
To: Murat SÜRÜCÜ
Cc: freebsd-pf at freebsd.org
Subject: Re: FreeBSD 8.2 + pf + ipfw (dummynet)
2011/7/11 Murat SÜRÜCÜ <msurucu at karaelmas.edu.tr>:
> Hello,
>
> I used PF and dummynet together about two years and worked fine.
> Recently i have upgraded the system 7.2 to 8.2 and dummynet doesn't
> work anymore.
> If any packet belong the client IP puts any pipe, it drops and pflog
> says it blocked by last pf rule. But it match previous rule.
> If i disable (flush) the ipfw rules, packets pass normally.
>
> Does anybody have same experience?
You have to make sure ipfw module is loaded first otherwise you will hit pf
states twice which will drop as you see.
>
> http://forums.freebsd.org/showthread.php?t=24947
>
> Thanks.
>
> Murat
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
--
Ermal
_______________________________________________
freebsd-pf at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
More information about the freebsd-pf
mailing list