DragonFly bugs List (threaded) for 2006-09
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Another panic in 1.6.x

From:	Petr Janda <elekktretterr@xxxxxxxxxxxxxx>
Date:	Sat, 09 Sep 2006 11:21:45 +1000

My pf.conf is just a simple one:

ext_if="fxp0"

table <ssh-bruteforce>
block drop in quick on $ext_if from <ssh-bruteforce>

block in
pass out keep state

pass quick on { lo }
antispoof quick for { lo, fxp0 }

#pass in on $ext_if proto tcp to ($ext_if) port ssh \
#       flags S/SA keep state \
#       (max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global)

pass in on $ext_if proto tcp to ($ext_if) port { ssh, smtp, imap, http, domain } keep state pass in on $ext_if proto udp to ($ext_if) port { domain } keep state

The commented section blocks script kiddies, unfortunately it doesnt work in our PF version. Hence why its commented.

Petr

Gergo Szakal wrote:

Simon 'corecode' Schubert wrote:
Petr Janda wrote:
Have you tried consulting the PF devs?
of course. nobody could tell us the cause, it is not a known problem. something damages the state tables.
Guys, next week I will deploy a filtering bridge running 1.6.1. 20-30k states are expectable. Hope I can crash it and tell you what is wrong. Petr, could you show me your rules file? I recall having freeezes and device incompatibilities if PF under OpenBSD 3.7 (I use 3.8 and 3.9 now) and maybe we have something in common.

Follow-Ups:
- Re: Another panic in 1.6.x
  - From: Gergo Szakal

References:
- Another panic in 1.6.x
  - From: Petr Janda
- Re: Another panic in 1.6.x
  - From: Scott Ullrich
- Re: Another panic in 1.6.x
  - From: Petr Janda
- Re: Another panic in 1.6.x
  - From: Simon 'corecode' Schubert
- Re: Another panic in 1.6.x
  - From: Petr Janda
- Re: Another panic in 1.6.x
  - From: Simon 'corecode' Schubert
- Re: Another panic in 1.6.x
  - From: Gergo Szakal

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]