On Wed, 24.11.2010 at 21:30:05 +0100, ropers wrote:
> On 23 November 2010 13:52, Toni Mueller wrote:
> > I usually have a use case that can be satisfied
> > with one XOR the other system
>
> So, not with both?
> You have weird use cases.
I don't think so. See eg. these simple examples:
I pref
On 23 November 2010 13:52, Toni Mueller wrote:
> I usually have a use case that can be satisfied
> with one XOR the other system
So, not with both?
You have weird use cases.
On Tue, 23 Nov 2010 21:53:55 +0100
Toni Mueller wrote:
> Hi,
>
> On Tue, 23.11.2010 at 14:09:48 -0500, daniel holtzman
wrote:
> > Perhaps one or more developers would be curious about the crashes? Why
not
> > donate the machines instead of throw them out?
>
> ok. I'm not the owner, only the jani
Hi,
On Tue, 23.11.2010 at 14:09:48 -0500, daniel holtzman
wrote:
> Perhaps one or more developers would be curious about the crashes? Why not
> donate the machines instead of throw them out?
ok. I'm not the owner, only the janitor, for these machines. Unless I
figure out a way to put them back
Hi,
On Tue, 23.11.2010 at 10:55:30 -0500, and...@msu.edu wrote:
> Toni, have you published a list of the hardware thats been causing you
> problems?
sorry, no I didn't think of it, yet. But I have posted to this list
about some of them, most prominently the small PCs with C7 chips.
> My experie
Hi,
On Tue, 23.11.2010 at 17:45:16 +0100, Alexander Schrijver
wrote:
> Why don't you run linux on them? You aren't being very environmentally aware
> are you?
I don't understand what you mean with this remark.
The application that I use these machines for requires OpenBSD, so
there is very lit
On Nov 23, 2010, at 7:50 AM, Toni Mueller wrote:
> Hi,
>
> On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom
wrote:
>> On Oct 23, 2010, at 8:48, Toni Mueller wrote:
>>> Also, Linux is better supported by hardware vendors, and/or much less
>>> picky about hardware than OpenBSD is.
>> If you c
Quoting Toni Mueller :
> Hi,
>
> On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom
> wrote:
>> On Oct 23, 2010, at 8:48, Toni Mueller wrote:
>> > Also, Linux is better supported by hardware vendors, and/or much less
>> > picky about hardware than OpenBSD is.
>> If you consider the garbage th
On Tue, Nov 23, 2010 at 01:50:09PM +0100, Toni Mueller wrote:
> nope. I regularly see hardware which is supposed to be good, and which
> gives no problems under Linux, which causes a lot of problems under
> OpenBSD. I'm just about to throw away a bunch of recent machines that
> worked fine with old
Hi,
On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom
wrote:
> On Oct 23, 2010, at 8:48, Toni Mueller wrote:
> > Also, Linux is better supported by hardware vendors, and/or much less
> > picky about hardware than OpenBSD is.
> If you consider the garbage these vendors call drivers then sure
Hi,
On Sun, 24.10.2010 at 08:20:35 +0530, Siju George wrote:
> On Sat, Oct 23, 2010 at 7:18 PM, Toni Mueller wrote:
> > Also, Linux is better supported by hardware vendors, and/or much less
> > picky about hardware than OpenBSD is.
> Not always is it ?
of course, my statement reflects only my e
On Sat, Oct 23, 2010 at 7:18 PM, Toni Mueller wrote:
> On Wed, 22.09.2010 at 15:47:02 -0400, Brad Tilley
wrote:
>> Either will work fine so long as you purchase good NICs and avoid
>> cutting-edge (untested) hardware. The only things Linux does noticeably
>> better is:
>>
>> * Dealing with
On Oct 23, 2010, at 12:33 PM, Jean-Francois wrote:
> Le Wednesday 22 September 2010 21:29:31, Rikky Taylor a icrit :
>> I was after some general advice. I need to setup a routing firewall with 3
>> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
>>
>> Given identical modern
Le Wednesday 22 September 2010 21:29:31, Rikky Taylor a icrit :
> I was after some general advice. I need to setup a routing firewall with 3
> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
>
>
>
> Given identical modern server hardware would I expect a performance
> differ
On Oct 23, 2010, at 8:48, Toni Mueller wrote:
> On Wed, 22.09.2010 at 15:47:02 -0400, Brad Tilley
wrote:
>> Either will work fine so long as you purchase good NICs and avoid
>> cutting-edge (untested) hardware. The only things Linux does noticeably
>> better is:
>>
>>* Dealing with SMP
>>
On Sat, 23 Oct 2010 15:48:51 +0200
Toni Mueller wrote:
> Also, Linux is better supported by hardware vendors, and/or much less
> picky about hardware than OpenBSD is.
>
Ironically, I've found a system, don't know whether it's bios setup or
what, I haven't put my finger on it yet but I can't bel
On Wed, 22.09.2010 at 15:47:02 -0400, Brad Tilley wrote:
> Either will work fine so long as you purchase good NICs and avoid
> cutting-edge (untested) hardware. The only things Linux does noticeably
> better is:
>
> * Dealing with SMP
> * Dealing with lot's and lot's of RAM
>
On Mon, 27 Sep 2010 16:24:14 +0100
- Tethys wrote:
> On Sun, Sep 26, 2010 at 11:10 PM, Brad Tilley wrote:
>
> > I don't mean this as bashing Linux, just pointing out facts. I think
> > history shows that OpenBSD has a better track record here (if that means
> > anything to anyone).
>
> Does it
Ah the fresh smell of paranoia on a Monday morning!
On Mon, Sep 27, 2010 at 05:00:05PM +0200, Martin Schr?der wrote:
> 2010/9/27 Joachim Schipper :
> > True, but considering some of the "haha Theo suck on this" commentary I
> > recall from the rare case where OpenBSD *did* have an issue, this does
On Sun, Sep 26, 2010 at 11:10 PM, Brad Tilley wrote:
> I don't mean this as bashing Linux, just pointing out facts. I think
> history shows that OpenBSD has a better track record here (if that means
> anything to anyone).
Does it though? The only empirical evidence I've seen is with OpenBSD
runn
2010/9/27 Joachim Schipper :
> True, but considering some of the "haha Theo suck on this" commentary I
> recall from the rare case where OpenBSD *did* have an issue, this does
> not necessarily reflect a total lack of effort.
True, but if you read the reports about stuxnet, you start to wonder
how
On Mon, Sep 27, 2010 at 04:33:03PM +0200, Martin Schrvder wrote:
> 2010/9/27 Brad Tilley :
> >> The absence of reports doesn't prove that the flaws don't exist (and
> >> no, I'm not sitting on a 0day for OpenBSD :).
> >
> > I agree. I only meant that history shows Linux has these and OpenBSD has
>
2010/9/27 Brad Tilley :
>> The absence of reports doesn't prove that the flaws don't exist (and
>> no, I'm not sitting on a 0day for OpenBSD :).
>
> I agree. I only meant that history shows Linux has these and OpenBSD has
> not (or very few in comparison). That does not mean OpenBSD is perfect
No.
Martin Schrvder wrote:
> 2010/9/27 Brad Tilley :
>> How many privilege escalation attacks (normal user getting a root shell)
>> has OpenBSD had during the last five years? There have been several of
>
> The absence of reports doesn't prove that the flaws don't exist (and
> no, I'm not sitting on a
2010/9/27 Brad Tilley :
> How many privilege escalation attacks (normal user getting a root shell)
> has OpenBSD had during the last five years? There have been several of
The absence of reports doesn't prove that the flaws don't exist (and
no, I'm not sitting on a 0day for OpenBSD :).
Best
Ma
On Sep 27 08:30:55, Ross Cameron wrote:
> I also run signed and encrypted binaries, so that even IF you get root
> you're rootkit wont work.
Yo azz be invincible, true dat.
That I will not argue.
BUT that is the risk you take (in my wee opinion) when you run any
"enterprise" aka stable but old and tested from here to next week for
backwards compatability OS like RHEL/SUSE Ent./Oracle Ent./AIX/Solaris/yadda
yadda yadda
The local root exploit in question does not work
On 09/26/2010 04:54 PM, Kevin Chadwick wrote:
> It's occured to me that I think what Theo suggested was actually about
> using more than one architecture, which may be a better method over
> Linux.
How many privilege escalation attacks (normal user getting a root shell)
has OpenBSD had during the
On Sun, 26 Sep 2010 20:53:57 +0100
Kevin Chadwick wrote:
> On Fri, 24 Sep 2010 20:32:27 +0200
> Ross Cameron wrote:
>
> >
> > Thats just my 5c worth and I've always been of the opinion that at least two
> > different skins of firewalls should be deployed, build ontop of different
> > technolog
On Fri, 24 Sep 2010 20:32:27 +0200
Ross Cameron wrote:
>
> Thats just my 5c worth and I've always been of the opinion that at least two
> different skins of firewalls should be deployed, build ontop of different
> technologies.
> Makes life a lot harder for whomever you want to keep out.
>
Indeed, I never said that you CANT do it on OpenBSD,... I just mentioned how
I do it...
That said though the snort+PF combo though is two tools to do the job where
I only need on in the wee Linux distro that I (roll myself) use for
firewalls.
"Opportunity is most often missed by people because
You can to filter layer 7 with snort
By example, detect bittorrent and p2p traffic with snort and drop it
2010/9/24 Ross Cameron
> Depends what you want to do exactly I suppose...
>
> Personally I use Linux based firewalls for many of my sites purely because
> the clients in question want deep
Depends what you want to do exactly I suppose...
Personally I use Linux based firewalls for many of my sites purely because
the clients in question want deep packet inspection (aka OSI layer 7
filtering) done on the network traffic.
But that said they are always the second skin firewalls, sitt
* Rikky Taylor [2010-09-23 20:52]:
> Isnt pretty much all hardware 64bit capable these days?
"capable" doesn't imply "better".
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootser
On 2010-09-23, Rikky Taylor wrote:
>> F.Y.I.
>> I believe PF still? performs better on i386 than it does on amd64.
>
> So if i have a Sun X4100 should I install the i386 version of OpenBSD or
> should I get different hardware for a firewall?
"performs better" depends on how you rate performance.
> F.Y.I.
> I believe PF still? performs better on i386 than it does on amd64.
So if i have a Sun X4100 should I install the i386 version of OpenBSD or
should I get different hardware for a firewall?
Isnt pretty much all hardware 64bit capable these days?
Chris Dukes writes:
> Better metrics are "How hard is it to read my ruleset?"
> "How many nasty side effects can I expect while reloading a tweak of my
> ruleset?" "What's the signal to noise ratio when I ask for help fixing
> my rule set?"
Certainly both the first and for the second one, there'
On Wed, 22 Sep 2010 15:47:02 -0400
Brad Tilley wrote:
> Rikky Taylor wrote:
> > I was after some general advice. I need to setup a routing firewall with 3
> > interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
> >
> >
> >
> > Given identical modern server hardware would I
I know U, rsss
I wrote several rules with netfilter for a long time
until this friend said to me about OpenBSD/PF
Now i forget how write rules with netfilter
Sincerely . I say
PF in Vein !
Regargs
Spawn
2010/9/22 Chris Dukes
> On Wed, 2010-09-22 at 19:29 +, Rikky Taylor wrote:
> > I was a
On Wed, 2010-09-22 at 19:29 +, Rikky Taylor wrote:
> I was after some general advice. I need to setup a routing firewall with 3
> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
Sorry, that's just too vague to have any meaning.
Come back with a topology and numbers for t
On Wed, Sep 22, 2010 at 08:39:36PM -0300, Nenhum_de_Nos wrote:
> On Wed, September 22, 2010 18:56, Luis F Urrea wrote:
> > On Wed, Sep 22, 2010 at 4:11 PM, Fabio Almeida wrote:
> >
> >> "Iptables is ok, until you know PF, after knowing PF you'll never use
> >> Linux, at least for firewalls, anymor
On Wed, September 22, 2010 18:56, Luis F Urrea wrote:
> On Wed, Sep 22, 2010 at 4:11 PM, Fabio Almeida wrote:
>
>> "Iptables is ok, until you know PF, after knowing PF you'll never use
>> Linux, at least for firewalls, anymore".
>>
>> +1
+1
matheus
--
We will call you cygnus,
The God of balanc
On Wed, Sep 22, 2010 at 4:11 PM, Fabio Almeida wrote:
> "Iptables is ok, until you know PF, after knowing PF you'll never use
> Linux, at least for firewalls, anymore".
>
> +1
Hi Rikky,
What I can say to you, as a former Linux user (as firewalls) is:
"Iptables is ok, until you know PF, after knowing PF you'll never use
Linux, at least for firewalls, anymore".
That's is my experience on this subject.
Fabio Almeida
Em Qua, 2010-09-22 C s 19:29 +, Rikky Taylor escr
On Wed, 22 Sep 2010 19:29:31 +
Rikky Taylor wrote:
> I was after some general advice. I need to setup a routing firewall
> with 3 interfaces, moderate traffic and a fair amount of NAT'ing in
> the rules.
>
>
>
> Given identical modern server hardware would I expect a performance
> differen
On 22 September 2010 15:29, Rikky Taylor wrote:
> I was after some general advice. I need to setup a routing firewall with 3
> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
Define a "fair amount of NAT'ing". Twenty machines in one class C,
multiple class B networks fill
Rikky Taylor wrote:
> I was after some general advice. I need to setup a routing firewall with 3
> interfaces, moderate traffic and a fair amount of NAT'ing in the rules.
>
>
>
> Given identical modern server hardware would I expect a performance difference
> between an OpenBSD/PF setup and a Li
47 matches
Mail list logo
