On 11 Nov 2020 at 20:48, len zaifman wrote:
> Thanks Tom,Aaron: I did 2 things,
>
> 1 re IPs - all ips removed from aggr0 and 1 ip for each vlan
>
> ifconfig -A | grep -A 7 vlan7 | grep -E 'vlan7
> inet' ; ifconfig aggr0 | grep inet
> vlan70: flags=8843 mtu 1500
> inet 10.10.70.1 netmask 0xff
On 28 May 2019 at 15:14, Carlos Aguilar wrote:
> Hi,
>
> I am having lots of problems to execute a shell script at boot time.
>
> My crontab is as follows;
> >>
> SHELL=/bin/ksh
>
> @reboot $HOME/bin/app-ferre
> <<
> My shell script is as follows:
> >>
> #!/bin/ksh
>
> lua=/usr/local/b
at the risk of feeding a troll... see below
On 8 Jan 2017 at 0:02, Martin Hanson wrote:
> ludovic coues said:
>
> > You are free to use OpenBSD code.
> > You are free to copy OpenBSD code.
> > You are free to modify OpenBSD code.
> > You are free to distribute you fork.
> >
> > So unless your di
On 20 Apr 2015 at 0:11, Ton Muller wrote:
> i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD.
>
> SK0 is the internal interface.
> RE0 is the WAN interface
>
> i kept my pf.conf as simple posible to get it start
> START CONFIG ##
> #
> int_if = "sk0"
> e
On 28 Mar 2015 at 8:00, Jeff wrote:
> Hi,
>
> We've been using pf.conf and tables for years but have
> recently embarked on a project to optimize pf.conf.
>
> In reading about tables it's not clear when tables are more
> efficient than individual rules. Is there a definitive point?
k" keyword, which means it
might not be final -- any subsequent rule that also matches will have
execution priority and may introduce state.
> Clearly no state. Is it just ignoring the option? Maybe I have to
> modify my script.
>
> pfctl -t AUTOBLOCK -T add $ip
>
On 18 Feb 2015 at 15:18, Gene wrote:
> To expand on Alexander's point, look at the FAQ:
>
> http://www.openbsd.org/faq/pf/perf.html
>
> If you aren't doing a lot of filtering, just passing traffic over
> multiple interfaces, more cores might be beneficial.
>
> -Eugene
Actually, at this time an
On 3 Dec 2014 at 18:36, dev wrote:
> > > > You are speaking out of turn, basically insulting people who
> want
> > > > to make sure that older architectures do work. The Sun Fire
> V890
> > > > and Niagara machines are not sparc architecture. They are
> > > > sparc64.
> > > >
> > >
> > > Not s
In OpenBSD 5.6, the prototype and man-page for hosts.equiv(5) have
disappeared. However, this file is still referenced in sshd_config(5)
and (if I'm searching the sources correctly) in /usr/src/usr.bin/ssh
auth-rhosts.c which is included in the sshd/Makefile.
Is the removal accidental or an ind
In the description of the -b option:
...
three elliptic curve sizes: 256, 384 or 521 bits.
Is 521 correct or is it supposed to be 512?
The answer to your question is right there in the very manpage
paragraph you quoted below.
On 21 Oct 2014 at 10:24, Alan McKay wrote:
> Anyone?
> Anyone?
> Buehler?
>
> On Fri, Oct 17, 2014 at 9:41 AM, Alan McKay
> wrote:
> > Hi folks,
> >
> > The manpage for relayd.conf has this basic constru
Responding here at the risk of continuing to feed the troll, but in the
interest of setting the record straight (i.e. for the archives).
On 4 Oct 2014 at 13:53, Matti Karnaattu wrote:
> >Many a naïve person believe you can "add" security as an afterthought
> >but I'm not aware of this approach e
On 4 Oct 2014 at 1:41, Matti Karnaattu wrote:
...
> I don't think that is pragmatic to expect people to use computers
> without applications. Or expect users of some software doesn't want to
> use applications.
>
why not be the ultimate pragmatist you preach and go run Windows?
(Isn't that wha
On 3 Oct 2014 at 23:48, Matti Karnaattu wrote:
...
> >etc...and that's not the only way javascript can be used maliciously
>
> These are called security holes.
>
> >There is good reason not to explicitly trust javascript or any other
> >browser plugin that allow the remote site to execute code
No, the one lacking understanding is you -- the fact that 99.9% of the
Internet users are clueless (and even worse, *lax*) about security,
probably never heard of OpenBSD and most likely will never use it
because it interferes with their daily fill of spam and malware is
totally irrelevant for
On 2 Oct 2014 at 18:15, Andy wrote:
> Setup some queues and prioritise your ACK's ;)
>
> The box is fine under the load I'm sure, but you'll still need to
> prioritise those TCP acknowledgments to make things snappy when lots of
> traffic is going on..
All these (otherwise valid) suggestions ar
On 28 Sep 2014 at 8:44, Andy Lemin wrote:
>
> > On 28 Sep 2014, at 05:00, "System Administrator"
> > wrote:
> >
> >> On 27 Sep 2014 at 18:50, Andrew Lester wrote:
> >>
> >> Hey guys,
> >>
> >> I have what I hope is
On 27 Sep 2014 at 18:50, Andrew Lester wrote:
> Hey guys,
>
> I have what I hope is a simple syntax question for pf rules. I have not
> been able to find any example of this online or in the man pages. I
> suspect it is perhaps not possible. Basically I want to allow out
> certain web services, w
On 18 Sep 2014 at 17:33, Stan Gammons wrote:
> On 09/18/14 17:21, Steve Litt wrote:
> > On Thu, 18 Sep 2014 16:54:13 -0500
> > Stan Gammons wrote:
> >
> >> On 09/18/14 16:47, Steve Litt wrote:
> >>> How many ethernet ports does it have? I'd love to use something like
> >>> that as a firewall/rout
On 11 Sep 2014 at 12:23, Scott Bonds wrote:
> On Thu, Sep 11, 2014 at 07:35:47PM +0200, Christer Solskogen wrote:
> > On Thu, Sep 11, 2014 at 7:21 PM, Ingo Schwarze wrote:
> > > Hi Scott,
> > >
> > > Scott Bonds wrote on Thu, Sep 11, 2014 at 09:38:10AM -0700:
> > >
> > >> My daily insecurity emai
If you look at the header line of the dmesg you quoted below, you will
notice that it says "GENERIC" -- that is the official name of the SP
(single processor) kernel. To utilize more than one CPU core, you need
to be running the MP (multi-processor) kernel, as in "GENERIC.MP".
On 1 Sep 2014 at
And what does OP's message have to do with pfSense ??? (especially
since he's clearly indicating currently supported OpenBSD versions 5.4
and 5.5 near the bottom...)
On 30 Aug 2014 at 14:22, Chuck Burns wrote:
> On Saturday, August 30, 2014 8:27:24 AM Tony Sarendal wrote:
> > Good morning,
> >
I need to deploy a BGP router in the next week or so. Generally, I run
stable in production, but having watched on the lists the many
advancements from 5.5 (last release) to current which is about to
become 5.6 release, my question is thus -- is there or soon will be a
stable snapshot that is (
On 30 May 2014 at 13:56, Sebastian Benoit wrote:
> Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.30 11:32:14 +0200:
> > Hi,
> >
> > let's say for example I have web server on internal network, and I
> > have redirected tcp port 80 from firewall to it:
> >
> > pass in on $ext_if inet proto tcp fr
wasn't the "registry database" a dead giveaway???
On 8 Apr 2014 at 17:22, Dag Richards wrote:
> all sarcasm on my part.
> hate the whole /etc/hourly /etc/daily /etc/whim-time cron crap
>
> was happy to see Theo's reaction. Was jerking the list's chain.
>
>
> sven falempin wrote:
> > Look what
On 31 Mar 2014 at 18:13, Chi wrote:
> On Mon, 31 Mar 2014 18:34:39 +0100
> skin...@britvault.co.uk (Craig R. Skinner) wrote:
>
> > Reverse.Net uses OpenBSD on AMD hardware to provide shell
> accounts,
> > website hosting, and domain name hosting.
>
> results to
> Access Denied:
> Because of hi
On 29 Mar 2014 at 22:10, Stéphane Guedon wrote:
> Hello
>
> I am currently trying to run two nameserver on the same Openbsd
> server.
>
> The first one is an autoritative (let's say bind or nsd, no one
> cares).
> the second will be dnsmasq.
>
> You guess the objective of the construction : gi
Hi J. Lewis,
I am not a developer, but I've been lurking on this list for a very
long time and on that basis can tell you that you've committed two
cardinal sins as far as this mailing list is concerned:
1) you failed to do your homework -- had you done some research, in
particular about the O
On 25 Aug 2013 at 10:50, Tony Abernethy wrote:
> josef.win...@email.de wrote
>
> I read fdisk(8) carefully (At least I think so), but I repeatedly failed to
> install two OBSDS on two primary partitions of a HDD.
>
> The idea was to realize a multiboot by toogleing the boot-flag to the primary
>
On 27 Mar 2013 at 16:01, David Ruggiero wrote:
> Thanks to Jan for pointing out I neglected to include the macro defs
> for the nets (though they're vanilla and what you'd expect). Here's
> the full source for the first rule, the one I think should catch the
> bogon packets but doesn't:
>
> int_
On 7 Mar 2013 at 20:24, David Ruggiero wrote:
> I've been using OpenBsd for 8+ years on my main router/firewall (4
> NICs).
> Time to upgrade (I'm back on v3.8, yikes). Past time, really.
> Solots to
> learn / re-learn here. Have patience. First question:
>
> I'll be loading 5.2 on a low-pow
On 9 Feb 2013 at 21:11, Crookedmaze wrote:
> On 02/09/2013 08:42 PM, System Administrator wrote:
> > OpenBSD is all about KISS (simplicity) -- have you tried running the bi-
> > annual release update procedure? have you read (carefully) the FAQ
> > section on upgrading? Many
OpenBSD is all about KISS (simplicity) -- have you tried running the bi-
annual release update procedure? have you read (carefully) the FAQ
section on upgrading? Many users report it takes less than 15 minutes
to perform a *remote* upgrade. Also you need to mind that OpenBSD does
not support ver
Thank you Alexander (and Johan) for confirming what I kinda suspected --
use shared keys if it is a published (ie. failover required) service,
otherwise bind only to dedicated address(es) using dedicated keys.
On 30 Jan 2013 at 18:33, Alexander Hall wrote:
> On 01/30/13 17:56, Sys
To simplify maintenance of a carp firewall cluster, I setup system
replication with rdist(1), which works rather nicely with one notable
exception where cmdspecial fires even when there are no updated files.
It is the only instance of cmdspecial that misfires, it is also the
only instance that
On 30 Jan 2013 at 9:29, Johan Beisser wrote:
> On Wed, Jan 30, 2013 at 8:56 AM, System Administrator
> wrote:
> > I finally got to deploy a CARP firewall cluster (HA failover for now).
> > Using only the official OpenBSD.org documentation, everything went very
> > smooth
I finally got to deploy a CARP firewall cluster (HA failover for now).
Using only the official OpenBSD.org documentation, everything went very
smoothly even though the setup is not quite trivial (14 carp addresses
on 6 active interfaces). I even got system replication going using
rdist(1).
Whi
On 14 Dec 2012 at 16:43, Sha'ul wrote:
> The driver for AR9485 seems to be fully function in libre Linux from
> what I've tried, don't need the vanilla Linux version for at least the
> wifi to work. Would it not be possible to thereby port over the libre
> linux driver version to get some kind of
Looking to build a firewall for a fairly busy (25+mb) site. Hardware is
Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software
is primarily pf(4) and relayd(8).
Not so long ago the recommendation was to use the i386 build for a
slight perfomance and stability benefit. Is that st
On 1 Mar 2010 at 21:01, Thomas Schwarz-Gulden wrote:
> Hi,
>
> Interface re0 of the external firewall is configured as
> 10.1.0.1/16.
That's your problem, see below.
> netstat -rn
> on external firewall lists 10.1/16 with flags UC.
>
> So I think that anything with a destination like
> 10.1.x.
On 12 Feb 2010 at 11:44, Aaron Mason wrote:
> On Fri, Feb 12, 2010 at 9:48 AM, System Administrator
> wrote:
> > On 11 Feb 2010 at 23:15, Dirk Mast wrote:
> >
> >> Daniel Ouellet wrote:
> >>
> >> > On 2/11/10 2:46 PM, Henning Brauer wrote:
>
On 11 Feb 2010 at 23:15, Dirk Mast wrote:
> Daniel Ouellet wrote:
>
> > On 2/11/10 2:46 PM, Henning Brauer wrote:
> >> disk i/o is irrelevant. you will need a very very very fast
> opengl
> >> capable graphics card with loads of memory of course.
> >
> > ???
> >
> > I am sure I am missing somet
d disconnect
> lines at random. I don't really think they are doing that, but sure hell look
> like it however as problem are always with the local loop!
>
> So, this may well works for you and get you want you want to do.
>
> Just a thought anyway for your consideration that
On 22 May 2009 at 16:37, Aaron Martinez wrote:
> > On 22 May 2009 at 15:05, Aaron Martinez wrote:
> >
> >> Hi All,
> >>
> >> I am setting up an openbsd 4.5 stable based pf firewall and was
> >> wondering if there is a way to make it so only certain users could log
> >> in from certain IP addresses
On 22 May 2009 at 15:05, Aaron Martinez wrote:
> Hi All,
>
> I am setting up an openbsd 4.5 stable based pf firewall and was
> wondering if there is a way to make it so only certain users could log
> in from certain IP addresses. I have authpf set up and working well,
> but the problem is if som
On 15 May 2009 at 17:11, Chuck Robey wrote:
> I'm trying to see if there's any way I can get my Raid controller, which is a
> AMCC (3Ware) 9650-4, to work under OpenBSD. The man page for the twe driver
> says it works for several different 3Ware controllers, but it seems to omit
> the
> 9000 con
On 14 May 2009 at 21:29, John Bond wrote:
> On Thu, May 14, 2009 at 9:16 PM, Russell Howe wrote:
>
> > These should work fine - the S518 presents itself as a special ADSL
> > controller on the PCI bus, but AFAIK the 519 is actually an ethernet chip
> > (Realtek 8139?) paired up with an ADSL mode
CUPS and Linux/Windows blobs are so often required because printers
have gone the way of the modems -- i.e. minimal intelligence in the
device with most of the processing happening on the host. If you stick
to real "hardware" printers that provide built-in Postscript (or at
least PCL) language
On 21 Feb 2009 at 0:46, Jean-Francois wrote:
> Hi All,
>
> It looks like my server running since few days has already been hacked.
> It looks like a new user called 'daemon' ID 1 and a new group daemon.
> User's full name 'The devil itself' First time I find out evidence
> of hack on my serv
On 22 Jan 2009 at 14:54, Morris, Roy wrote:
> I know this is more of a general 'huh' kind of thing, but I figured someone
> could kick start my brain for me. Anyone know why this doesn't work? It
> appears to find the files ok but the -exec part thinks it can't?
>
>
> spider:/var/log# find . -na
missed the list when replying...
--- Forwarded message follows ---
On 7 Jan 2009 at 21:59, Toni Mueller wrote:
>
> Hi,
>
> On Sat, 03.01.2009 at 20:51:40 +0300, Kirill S. Bychkov
> wrote:
> > This is a resubmit of apcupsd port.
> > Any comments/oks?
>
> I have no comment on the port
On 27 Dec 2008 at 1:02, fRANz wrote:
> On Fri, Dec 26, 2008 at 7:50 PM, System Administrator
> wrote:
>
> > Here is a hint to simpler life: to avoid assymtric routing make sure
> > that all you redirect (RDR) rules fully traverse the firewall, i.e. the
> > source an
tcp from any to 192.168.100.8 port 3128 keep state
> pass in on $int_if proto {tcp, udp} from to any keep state
> pass in on $int_if proto {tcp, udp} from to any keep state
> pass in on $int_if proto tcp from to any port $out_tcp keep state
> pass in on $int_if proto udp from to any port $out_udp keep state
> pass out keep state
>
>
-
System Administratorad...@bitwise.net
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
This list tends to favor those who do at least some basic homework
before asking redundant questions. Had you read the authpf man page or
searched the list archives, you would have certainly realized that what
you are describing is EXACTLY the intended behavior, in other words,
your system is w
On 2 Dec 2008 at 14:33, Juan Miscaro wrote:
> 2008/12/2 Daniel Ouellet <[EMAIL PROTECTED]>:
> > Juan Miscaro wrote:
> >>
> >> 2008/12/2 Tony Abernethy <[EMAIL PROTECTED]>:
> >>>
> >>> Juan Miscaro wrote:
>
> I turn off those annoying checks and I use the same password.
> Works grea
I have an i386 box that used to be running 4.3-stable and was recently
upgraded to 4.4 using a CD and following the instructions. Everything
seemed to be working fine including rum wireless in its primary
location. However, a previously working configuration in an alternate
location now results
On 16 Nov 2008 at 10:55, Don Jackson wrote:
> My system installation script (similar to install.site, run right after
> the system was installed, and before first boot) attempts to configure a
> user account using sometime pretty much like this:
>
> /usr/sbin/useradd -mv -b /home -c "name of user
On 14 Nov 2008 at 21:50, Stuart Henderson wrote:
> On 2008-11-14, STeve Andre' <[EMAIL PROTECTED]> wrote:
> > On Thursday 13 November 2008 19:54:55 Juan Miscaro wrote:
> >> I'm providing wireless internet access for a small building with
> >> OpenBSD 4.3 (some snapshot) as access point. I'm using
On 14 Nov 2008 at 1:18, STeve Andre' wrote:
> On Thursday 13 November 2008 19:54:55 Juan Miscaro wrote:
> > I'm providing wireless internet access for a small building with
> > OpenBSD 4.3 (some snapshot) as access point. I'm using the ral
> > driver. I regularly need to bring down and then back
can slow down most TCP protocols (such as FTP) by slowing
down the ACKnowledgements of the received packets. But of course the
ACK
packets do not use nearly as much bandwidth as the data packets they
are
acknowledging. The 40x ratio you have observed sounds quite reasonable
gt; >
> > > As a matter of curiosity, has anyone ran an nmap scan against
> an
> > > OpenBSD box with Squid? What did the scan results indicate?
> >
> > The results depend entirely on how you have Squid set up and how PF
> is
> > configured.
> >
and was described earlier on
this thread by Gerardo Santana -- in certain engagements there is a
genuine interest in solving a genuine problem, and you are given the
freedom to choose your own tools (or rope to hang yourself if you over-
reach). If you are successful at picking and solving th
istake in _your_ business venture. (Next time you
start building your dream house, make sure you have a complete and
solid foundation.)
> Go buy yourself a CD set, contribute to the OpenBSD foundation, or
> better still, since you are talking about flying pigs, go code up a
> good applicatio
first active directive in the include file.
Every clue is welcome,
-Jacob.
-----
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
ngle change_ can
> save
> the time of that thousands people. Instead of playing with
> "./configure"
> switches - they could be busy... porting software to OpenBSD, for
> example.
> --
> pozdrawiam / regards
>
>
- anyone has the 7210 running with openbsd or knows if
> it will work?
>
> thanks,
> matthias
>
>
---------
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue
g a cold reboot of a long-running server with a
3ware mirror set, as BOTH drives had developed serious hardware flaws
that the card did not detect until the full reboot! Apparently they do
NOT do SMART monitoring of connected drives...)
-----
Sy
ccording to official Belkin
support page)
> Thanks,
> Luke Eckley
> http://xifos.org
>
>
---------
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel:
accessing
You'll be amazed how much warez and porn can get uploaded in less than
an hour ...
> this system and I do not think that putting forth the effort is worth
> it, especially when I still have 11 other systems to setup and configure
> by May 13th. :)
>
> --
> Thx
>
it old and I could not find any documentation
> > on how to configure and use it.
> >
> > Any recommandations would be much appreciated.
> >
> > Regards,
> > Thierry.
>
>
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
70 matches
Mail list logo
