IPFilter & FreeBSD-10.1
Odhiambo Washington
odhiambo at gmail.com
Thu Jan 22 13:21:42 UTC 2015
I looked at /usr/share/examples/ipfilter/ on FreeBSD-8.4, 9.3, 10.1 and I
did not see anything different in those files.
Now, my rules work quite well on 8.4, 9.3, but fail in 10.1
I have been using these rules forever on many many boxes and all I was
doing is to edit ipnat.conf and ipfilter.conf to change the interface names
and the IPs/subnets for the LAN/WAN.
On 22 January 2015 at 16:03, Ernie Luzar <luzar722 at gmail.com> wrote:
>
>
>> No, I'm not the original poster of this thread, the problem I have is
>> different, I'll describe it later
>>
>> Again, my problem is different. Originally after upgrade from 9.3
>> RELEASE
>> to 10.0 RELEASE (shortly after it was released). I started observing too
>> many packets (more that 90%) dropped by ipfilter. Network feels like 100
>> time slower. All config files are in place. I asked on this list for help
>> - no one replied (if my memory doesn't fail me). Then I looked into the
>> code of kernel module itself, I noticed it is much slimmer than kernel
>> module code on 9.3 (many files are missing, some of the ones that are
>> there are noticeably shorter). I moved /usr/src off the way and checked
>> out fresh copy: all is exactly the same. After that I just replaced the
>> code of ipfilter module with the one from 9.3, rebuilt kernel module,
>> unloaded and loaded freshly built module. And my ipfilter problem was
>> fixed. I just posted this to the thread I have started, so it looks like
>> one of the posts here on this thread just quotes what I did (or maybe
>> someone else did and described the same). Note that config files didn't
>> change.
>>
>> After some time living with 10.0 on that box, that box was upgraded to
>> 10.1 RELEASE. Also shortly after it was released. And the same problem
>> reappeared: ipfilter when it is on drops majority of packets, connections
>> seem to be 100 slower...
>>
>> I know, happy people (who do not have problem themselves) ... hm ... not
>> always can imagine that problem can be real for somebody else. But I still
>> hope someone will be able to answer my questions.
>>
>> 1. How can I find website (Documentation) for latest ipfilter? Where is
>> new place for it (it appears, developer moved it from where it was in the
>> past)
>>
>>
> There is no website where the IPF rule documentation is published. There
> is only the "man pages".
>
>> 2. Did the syntax change between versions or not? On 9.3 I have version:
>> v4.1.28 (496), whereas on 10.1: v5.1.2 (608). If yes, where do I find
>> appropriate documentation. I certainly will be able to rewrite my rules
>> myself after reading documentation. After all I wrote them (of course,
>> using amazing FreeBSD online documentation ! ;-)
>>
>>
> In 10.0 where ipfilter is stated as new version added gives no warning
> that rule syntax has changed
>
>> Thanks in advance for all your replies.
>>
>> Valeri
>>
>>
>>
>>
>
> There is a very long thread dated Apr 15, 2013 with subject "ipfilter(4)
> needs maintainer" in the questions and current mailing lists
> Cy Schuert became the maintainer. Cy.Schuert at komquats.com
>
> He's the person you should be talking to. If you still get no joy then
> file a PR to shine more light on your problem
>
>
>
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
More information about the freebsd-questions
mailing list