Stephane Russell <srussell@prodigeinfo.com> added the comment: I tried to go further with pf. I started to test some firewall functionalities to reimplement my ipfw firewall. The natting is working well. But DFBSD crashes when I activate some type of filtering. Here is my last configuration file: 1 table <crackers> persist file "/etc/pf/crackers.db" 2 table <volume> persist file "/etc/pf/volume.db" 3 set skip on lo0 4 scrub in 5 nat on $ext_if from $lan_net -> ($ext_if) 6 #block in 7 block in quick from urpf-failed 8 block in quick on ext_if from <crackers> 9 block out quick on ext_if to <volume> 10 pass in on $int_if from $lan_net 11 pass out on $int_if to $lan_net 12 pass out on $ext_if proto { tcp udp icmp } all modulate state This configuration causes a page fault. I didn't activate the line 6 yet, because I wanted to test pass rules before closing everything. When the line 12 is commented, everything seems to work fine. But when I activate it, DFBSD crashes with this message (copied by hand): Fatal trap 12: page fault while in kernel mode fault virtual address = 0x3e fault code = supervisor read, page not present instruction pointer = 0x8:0xc03a5ee2 stack pointer = 0x10:0xc7d4e9a4 frame pointer = 0x10:0xc7d4ea18 code segment = base 0x0, limit 0xffffff, type 0x16 = DPL 0, pres 1, def 32 1, gran 1 processor eflags = interrupt enabled, resume, 10PL = 0 currentthread = pri 12 kernel:type 12 trap, code=0 Stopped at pf_new_inst 0x2e: cmpb $0x1,0x3e(%ebx) _____________________________________________________ DragonFly issue tracker <bugs@lists.dragonflybsd.org> <http://bugs.dragonflybsd.org/issue1914> _____________________________________________________