Re: No pf....route exists

From: Inquiry (openbsd_inquiry_at_yahoo.com)
Date: 05/25/05 

Date: 24 May 2005 17:28:41 -0700

Thank you for the response. I'll get on to it tonight.

Several weeks ago I looked through the documents at
http://www.blug.linux.no/rfc1149/ looks like it was a lot of fun! Glad
to have received a response from you.

Thanks,
Tommy

Peter N. M. Hansteen wrote:
> "Inquiry" <openbsd_inquiry@yahoo.com> writes:
>
> > - using a standalone host
> > - a route has been set within the system according to the route command
> > - I am connecting to the Internet with no firewall at this time...once
> > pfctl invokes pf.conf "pfctl -e -f /etc/pf.conf" no packets route.
>
> It looks to me like you are making things overly complicated. (One of
> the errors is very easy to explain btw - the _ppp user does not have the
> privileges to run the pfctl command.)
>
> For one thing, why is it useful to enable or disable pf? pf does not
> consume a lot of resources, and compensating for dynamically assigned IP
> addresses does not take major magic.
>
> If you are able to connect to the internet without pf, I'd say you have
> a reasonable starting point. Go back to the last working setup (the
> last one which connected cleanly), strip away anything you're not
> positive you need, such as the route commands in rc.local. ppp is pretty
> good at setting sensible default routes, and IIRC the default HISADDR
> etc belongs strictly in the ppp config files, so you may be setting
> yourself up with a default route going essentially nowhere with your
> rc.local. Take it from there, create a nice rule set which does its
> filtering on the tun0 device.
>
> It's possible my evolving pf tutorial at http://www.bgnett.no/~peter/pf/
> is useful.
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
> "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

Relevant Pages

  • who doesnt Russ dominate blindly
    ... civil capital and administer it on its route. ... Others successfully compel. ... It can hastily suppress in response to Wail when the constitutional ... cloud were stoping concerning the sporting collection. ...
    (sci.crypt)
  • Re: House of M #5 (Possible Spoilers)
    ... >>> Wolverine or the Hulk or Namor or even Captain America to kill somebody ... > basic premise is that the greatest heroes of the Marvel Universe have ... And their first response is to kill the ... it would probably sound similar to what Peter ...
    (rec.arts.comics.marvel.universe)
  • Re: Halting Problem for Humans
    ... But I think it is quite different for humans; ... Daryl McCullough wrote: ... your questions to Peter and Daryl are not. ... Will Peter's response to string S be "no"? ...
    (sci.logic)
  • Re: Continuations in Common Lisp (with apologies)
    ... I said a few words about this in my response to Peter. ... argued for the MIT semantics, in which a file would be ... political problem than went unfixed because of technical ...
    (comp.lang.lisp)
  • 3629 Jez St
    ... resign warnings now or Peter will evidently fish them from time to time you. ... reluctantly cleared depending on the collection. ... struggle me aging in response to your productive commerce. ...
    (sci.crypt)