Re: DNS issues

2007-07-15 Thread Adriaan
On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: Adriaan wrote: > On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: > >> Dear Readers; >> >> I've been using the log feature of pf and have found that, when >> attempting to access my webserver via dns, that pf does not block any >> traff

Re: DNS issues

2007-07-15 Thread Braden Mailloux
Braden Mailloux wrote: Adriaan wrote: On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my "block in quick fr

Re: DNS issues

2007-07-15 Thread Braden Mailloux
Adriaan wrote: On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my "block in quick from urpf-failed" and that

Re: DNS issues

2007-07-15 Thread Adriaan
On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: Dear Readers; I've been using the log feature of pf and have found that, when attempting to access my webserver via dns, that pf does not block any traffic. I also added a log to my "block in quick from urpf-failed" and that has returned no

Re: DNS issues

2007-07-15 Thread Braden Mailloux
Stuart Henderson wrote: On 2007/07/14 21:21, Braden Mailloux wrote: block in quick from urpf-failed I would get a 'log' on here too A follow up, when running the route show command, the routing table prints with excruciatingly slow speed, its been almost 8 minutes and it is stil

Re: DNS issues

2007-07-15 Thread Stuart Henderson
On 2007/07/14 21:21, Braden Mailloux wrote: >> block in quick from urpf-failed I would get a 'log' on here too > A follow up, when running the route show command, the routing table prints > with excruciatingly slow speed, its been almost 8 minutes and it is still > going. It looks up names, tr

Re: DNS issues

2007-07-15 Thread Adriaan
On 7/15/07, Braden Mailloux <[EMAIL PROTECTED]> wrote: Dear Readers; #Default block policy block log all You have a nice "block log all" policy. How about using the debugging capabilities of this policy? Run tcpdump on the pflog0 interface to see the blocked packets. tcpdump -eni pflog0.

Re: DNS issues

2007-07-14 Thread Braden Mailloux
Braden Mailloux wrote: Dear Readers; I'm using 4.1 with the generic kernel. Here is my dmesg: # dmesg OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 552 MHz