Hello all,
Not sure if I'm missing something here with spamd so I thought I'd ask
the experts. I have it setup with the default config file (snipped) ;
[fw1]# cat /etc/spamd.conf
all:\
:spamhaus:china:korea:
# Mirrored from http://spfilter.openrbl.org/data/sbl/SBL.cidr.bz2
spamhau
inbound and outbound CARP ? (I think I do)
Do I configure CARP on those interfaces aswell as the *internal*
interfaces that I want the failover to work on ?
Is this at all possible ?
Thanks in advance for any advice or help.
Brian.
Otto Moerbeek wrote:
>On Fri, 17 Jun 2005, Brian McKerr wrote:
>
>
>
>>I also have the relevant pf rule in place;
>>
>>[firewall]# pfctl -vsn
>>rdr inet proto tcp from to any port = smtp -> 127.0.0.1 port 8025
>> [ Evaluations: 104628Pa
Otto Moerbeek wrote:
>On Fri, 17 Jun 2005, Brian McKerr wrote:
>
>
>
>>You mean a basic SMTP pass in ?
>>
>>This has been allowing mail to the mailserver for years, its only this
>>week that I tried the Spamd thingo
>>
>>pfctl -sr | grep -i sm
Steve Tornio wrote:
>>
>> FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
>> FEATURE(`dnsbl',`sbl-xbl.spamhaus.org',`Rejected - see
>> http://spamhaus.org/')dnl
>>
>> Jun 17 19:49:29 inetmail sendmail[13126]: ruleset=check_relay,
>> arg1=[210.213.176.247], arg2=127.0.0.4,
or your help Steve, I think Otto is looking at the *real* problem.
Brian.
and I'll submit a more thorough bug report when I get a chance to write
it. So far the mini seems quite fast to me, I doubt you'll have any
issues.
- brian
> Hello list,
>
> i will only do "normal" thinks:- some coding -->
> emacs/terminals/ddd - read ww
stan wrote:
Is there a way to do soemthing like "ntpq -p" with OpenBSD's OpenNTPD? I
really just want a quick way to assure myself that a given machine is "in
synch".
No, but you can send us some code
Only joking ;-)
I'd like that option also.
Hello everyone,
I recently switched to a new mail server (about 3 weeks ago) and at first
I was receiving email from the list but it seems to be about 2 weeks since
the last one.
Is the list real quiet or do I have a local mail issue?
Thanks,
Brian.
lready setup - but I used
OpenBSd to research and test much of this.
Good Luck and hope this helps -
Brian Shackelford
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Raja Subramanian
> Sent: Tuesday, May 16, 2006 5:15 AM
> To: misc@o
an only allowing Active FTP (kind of ironic) behind the firewall and
thereby allowing the ftp-proxy to handle the connections.
Not really an answer on how to solve it - but hope it helps answer the
question. If anyone else has additional insight..
- Brian Shackelford
-Original Message-
Specifically, I currently have a carp based firewall setup and I was
wondering if running both of these as AP could give me AP failover ?
Thanks,
Brian.
uot; rev 0x00 at pci0 dev 12 function 0 not configured
when I try any ifconfig commands related to ath0 they fail, which seems
obvious as the kernel has not picked up any ath devices.
So, whats up with the WG311 or any ath based cards for the amd64 port ?
In fact, according to the hardware support page there appears to be
*no* ath support for amd64.
Is this correct.
Brian.
Hello -
I am currently at the end of my understanding. We have PF working
between two Ethernet cards perfectly - we have absolutely no problems
with it coming up properly and running as needed. What I am having a
problem with is when we use PPP to establish a connection to an ISP via
a dialup
Anyone else notice this performing slowly. I did a tcpdump and it appears
localhost gets queried 2-3 times before a packet goes out.
Brian
The path to a desireable destination
is often more difficult than the path to stay where you are.
I see now there's a patch, apologies for not checking errata first.
Brian
The path to a desireable destination
is often more difficult than the path to stay where you are.
for the OS.
Brian
The path to a desireable destination
is often more difficult than the path to stay where you are.
dns (improper hack) is also needed.
Brian
On Thu, May 10, 2012 at 10:30 AM, Laurence Rochfort <
laurence.rochf...@gmail.com> wrote:
> I want to setup sendmail so that I can send mail from my home network.
>
> I have no experience with sendmail outside a corporate environmen
In freebsd you could use portupgrade or portmaster; I dont know what the
openbsd options are.
On May 21, 2012 6:48 PM, "Richards, Toby"
wrote:
> While my question involves other BSD's as well as Linux systems, I am
> asking this here because OpenBSD's philosophy is the most attractive
> to me.
>
all these years: see the comments to
https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe
"I cannot press the +1 button on your response hard enough. And there
is no +5 button."
If I could be bothered to setup a G+ account I would be right there with
him.
-brian
My loongson patches didn't make 5.1 so either run -current (recommended)
or backport my patches to 5.1
Either way, you won't get JavaScript, so please keep that in mind (or
help me out! :) )
~Brian
If this is a production server I think you want to track the patch branch?
On Jun 19, 2012 4:41 PM, "thunderlight1" wrote:
> Hi!
> I'm quite new to OpenBSD, and just installed 5.1 release which I upgraded
> to -stabel according to instruction described on section 5 in the FAQ.
> My question is:
>
uable book is Kernighan & Ritchie "The C Programming
Language".
-Otto
+1
Pff... that's so 80's...
Cool kids these days want ``C in 21 days'' or some crap like that.
Learn C in 21 years!
Read APUE. If you can't program C after that you are broken.
That may just take 21 years though. :)
-brian
I have an openbsd box plugged into a switch with other things that then
connects to a dsl modem, no problem.
On Jun 25, 2012 8:15 AM, "Zafer DaÅtan" wrote:
> 25.06.2012 18:03 tarihinde, soko.tica yazdı:
>
>> ...
>>
>>
>>
>> I am not sure if the RockSolid cards are supported by OpenBSD. Can
>> a
nd my X is displayed again.
Someone with similar symptoms?
Known issue.
http://marc.info/?l=openbsd-bugs&m=132461653904304&w=2
~Brian
On 6/27/2012 8:07 AM, Tomas Bodzar wrote:
On Wed, Jun 27, 2012 at 12:14 PM, Brian Callahan wrote:
On 6/27/2012 12:28 AM, Tomas Bodzar wrote:
Hi,
on Dell E6320 with
$ sysctl kern.version
kern.version=OpenBSD 5.2-beta (GENERIC.MP) #331: Sun Jun 24 20:04:00 MDT
2012
dera...@amd64
On 06/27/12 20:50, Mr. Cromwell wrote:
On Wed, Jun 27, 2012 at 8:14 PM, Peter Laufenberg
wrote:
Peter Laufenberg [open...@laufenberg.ch] wrote:
Richard's not a web designer; he's a graphic designer. He put his
portfolio on blogspot after I commented that downloading a single, enormous
PDF kin
I would take steps to see if another rule is being matched when you see the
flaw?
Brian
On Jul 9, 2012 12:28 PM, "Peter J. Philipp" wrote:
>
> On Mon, Jul 09, 2012 at 12:47:18PM -0600, Luis Coronado wrote:
> > You need to provide more information about your situation to b
I can't look at the code now but perhaps only allow udp and not tcp from
untrusted hosts? I think tcp is only used for really large transfers, which
a non malicious user wouldn't need. The only exception I can think if is
for a zone transfer between aurhirativw servers.
Brian
On Jul 1
On 07/19/12 10:42, Erling Westenvik wrote:
On Mon, Jul 16, 2012 at 08:45:30PM +0200, [B&G-Consulting] Elmar Bschorer wrote:
What do you mean with "ss20"?
Actually a good question. At least for those old enough to remember the
Soviet era SS-20 intermediate-range ballistic nucelar missiles. Can'
On 07/29/12 16:18, Rob Payne wrote:
On 7/19/12 11:15 AM, Theo de Raadt wrote:
On Mon, Jul 16, 2012 at 08:45:30PM +0200, [B&G-Consulting] Elmar Bschorer wrote:
What do you mean with "ss20"?
Actually a good question. At least for those old enough to remember the
Soviet era SS-20 intermediate-ran
On Mon, Aug 13, 2012 at 6:02 PM, Guido Tschakert <
guido.tschak...@src-gmbh.de> wrote:
> Am 13.08.2012 09:42, schrieb C. L. Martinez:
> > Hi all,
> >
> > I am trying to do some tests with OpenBSD 5.1 and FreeBSD 9.1 beta in
> > my laptop virtual lab based on vmware workstation 8. But I have found
interface
Does anyone have any experience with getting this setup working? I can
provide configurations done on the openbsd boxes but really it's nothing
special that I've done.
-brian
and
restart ospfd.
Interesting and good to know.
-brian
Hello,
I'm trying to do roadwarrior VPN between OSX (mobile) and OpenBSD (gateway)
using certificates for peer identification. Is it possible to list a UFQDN as
a peer? When I try something like this on the gateway:
ike passive from any to any peer u...@host.tld \
main auth hmac-sha1 enc
mplemented! Thoughts? Is there anyone I can speak to about funding a
sub project for OpenBSD SSI? Or is it not even being considered?
Thanks,
Brian
e machine to another.
Thanks,
Brian
From: Otto Moerbeek
To: Brian Empson
Cc:
"misc@openbsd.org"
Sent: Thursday, September 27, 2012 4:38
PM
Subject: Re: SSI
On Thu, Sep 27, 2012 at 01:04:23PM -0700, Brian Empson
wrote:
> Hello OpenBSD world,
>
Wow
This mailing list is crazy
From: noah pugsley
To: Russell Garrison
Cc: misc@openbsd.org
Sent: Friday, September 28, 2012 2:03 PM
Subject: Re: SSI
Before Al Gore invented the internet he invented the Super-Serial
Interface.
On Fri, Sep 28, 2012 at 10
keyboard and mouse.
A usb host cable has the unconnected pin4 of the micro-usb connected
to gnd-pin5. I think they are also sold on Amazon.
Brian
This is with 4.9 GENERIC#48 macppc snapshot from ftp.openbsd.org . I had
originally updated from a 4.8 snapshot yesterday to 4.9-release, then a 4.9
snapshot from a few days prior (downloaded from ftp5.usa.openbsd.org). When I
pointed PKG_PATH to
ftp://ftp5.usa.openbsd.org/pub/OpenBSD/snapshots/p
On Jul 17, 2011, at 12:03 PM, Amit Kulkarni wrote:
>> I guess I missed a step in upgrading from 4.8 to 4.9, or from 4.9 to
-current,
>> but I can't seem to figure out what I missed from reading upgrade49.html
or
>> current.html.
>>
>>
>> Can't install libiconv-1.13p2 because of libraries
>> |libra
On Jul 17, 2011, at 12:24 PM, Amit Kulkarni wrote:
>> I was just doing pkg_add -ui. Individual packages might be attempting to
> upgrade to a specific version though, eh? I was looking for Python 2.7, but
I
> don't see it anywhere. I had previously symlinked /usr/local/bin/python to
> the 2.6 v
On Aug 28, 2011, at 8:00 AM, Tomas Bodzar wrote:
> Hi all,
>
> after reading this thread
> http://mail-index.netbsd.org/netbsd-users/2011/08/22/msg008819.html
> (and main link which caused that
> http://lists.freebsd.org/pipermail/freebsd-arch/2011-August/011412.html)
> I must really say thanks a
Does Openbsd support the Intel Gigabit ET2 Quad Port Server Adapter -
E1G44ET2BLK
I have searched extensively but I cant for the life of me find the chipset
number (usually begining with an 8 for Intel network cards) so I cant cross
check with the supported list at
http://www.openbsd.org/cgi-bin/m
faces are em1 and em2.
If I put IPs on them I can ping the devices that are supposed to talk
through this bridge.
If I put them into a bridge I get nothing.
Anyone know where I should be looking here to figure out why this isn't
working?
-brian
On Nov 23, 2011, at 19:45, Josh Grosse wrote:
> On Wed, Nov 23, 2011 at 04:41:09PM -0500, Brian Hechinger wrote:
>
>> Anyone know where I should be looking here to figure out why this
>> isn't working?
>
> Brian, I don't know if you've received other adv
We are a service company and have removed many heatsinks that had
thermal pads and re-applied using thermal grease (of course this is
after very carefully removing the thermal pad with plastic scraper and
alcohol) and have never had one come back to us with a thermal issue
again. Many times the sy
On May 10, 2010, at 4:52 AM, matteo filippetto wrote:
> Hi all,
>
> today cd arrived in Italy
>
> Thanks!
>
> --
> Matteo Filippetto
>
And California, USA.
Thanks for another great release.
--
bk
On Jan 7, 2010, at 10:23 AM, James Records wrote:
> Justin,
>
> The article doesn't say which option causes this, so its hard to tell, once
> you do find this info though
It's not like it's that difficult. Did you see the post on ptresearch? Just
test sending the 256 possible packets at a lab m
No I'm not using PHP. The only thing I can think of different from stock
httpd.conf is that I turned on Server Side Includes. I have some named-based
virtual hosts, but I can't imagine that's uncommon... Oh, I think I had
ExtendedStatus off before and it's on now.
I'm actually running a snapsho
On Jan 18, 2010, at 3:43 PM, Aaron Mason wrote:
> On Tue, Jan 19, 2010 at 10:31 AM, Brian Keefer wrote:
>> No I'm not using PHP. The only thing I can think of different from stock
>> httpd.conf is that I turned on Server Side Includes. I have some
> named-based
>&g
Hello,
I'm wondering what other folks are using to graph pf data beyond what is
provided by pfstat. The aggregate values are useful and I'd also like to
setup graphs of particular services, particular tables, etc. Is there a way
for pfstat to graph labeled traffic that I have overlooked?
I also
On Feb 15, 2010, at 3:29 PM, Jason Dixon wrote:
> On Mon, Feb 15, 2010 at 03:00:59PM -0800, Brian Keefer wrote:
>> Hello,
>>
>> I'm wondering what other folks are using to graph pf data beyond what is
>> provided by pfstat. The aggregate values are useful and I&#
# make
cc -O2 -pipe -DDEBUG -Wall -Wstrict-prototypes -Wundef -c /usr/src/
usr.bin/aucat/aucat.c
cc -O2 -pipe -DDEBUG -Wall -Wstrict-prototypes -Wundef -c /usr/src/
usr.bin/aucat/abuf.c
cc -O2 -pipe -DDEBUG -Wall -Wstrict-prototypes -Wundef -c /usr/src/
usr.bin/aucat/aparams.c
cc -O2 -
On Jul 26, 2009, at 11:17 PM, Alexandre Ratchov wrote:
On Mon, Jul 27, 2009 at 07:57:58AM +0200, Alexandre Ratchov wrote:
it seems that /usr/include/sndio.h is not up to date. Does
the following help?
cd /usr/src/include
cvs update sndio.h
sudo make install
On Jul 28, 2009, at 7:57 PM, frantisek holop wrote:
morning,
https://www.isc.org/node/474
http://www.kb.cert.org/vuls/id/725188
-f
--
if its stupid and it works - its not stupid
Works great vs. this snapshot:
OpenBSD 4.6-current (GENERIC) #46: Wed Jul 15 20:15:31 MDT 2009
dera...@spa
On Jul 28, 2009, at 8:40 PM, Robert wrote:
On Wed, 29 Jul 2009 04:57:29 +0200
frantisek holop wrote:
morning,
https://www.isc.org/node/474
http://www.kb.cert.org/vuls/id/725188
-f
Hi,
it's late/early so the following comes without warranty.
Compiles, install and works for me on -current
When one enters cvs get commands, like cvs get src, ports, or xenocara,
is one getting stable or current versions of these, how can one tell?
Brian
Dorian B|ttner wrote:
On Thursday 03 September 2009 21:07:52 Brian Whalen wrote:
When one enters cvs get commands, like cvs get src, ports, or xenocara,
is one getting stable or current versions of these, how can one tell?
Brian
Normally you would not guess after fetching, but specifying in
> > Correction, a professional OS that requires its users to be
> > professionals. Not a bunch of whining windows update people that
> > have to call "IT" to launch excel. In case you hadn't noticed we
> > are old school UNIX users that don't mind fixing whatever problem is
at hand.
> > Inclu
omething similar.
Maybe I missed that this is currently possible...if so, great. If not, I
think this could be very useful.
Thanks!
--Brian
--
_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_-=-_
Brian McCann
"I don't have to take this abuse from you -- I've got hundreds of
people waiting to abuse me."
-- Bill Murray, "Ghostbusters"
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of openbsd misc
Sent: Friday, September 18, 2009 2:27 PM
To: misc@openbsd.org
Subject: Re: OT: Old School Unix vs. Modern Day Support "Professionals"
- was (Defending OpenBSD Performance)
>Fact of t
-Original Message-
From: J.C. Roberts [mailto:list-...@designtools.org]
Sent: Friday, September 18, 2009 9:58 PM
To: Brian Shackelford
Cc: misc@openbsd.org
Subject: Re: OT: Old School Unix vs. Modern Day Support "Professionals"
- was (Defending OpenBSD Performance)
On Thu, 17 S
http://www.freenas.org/
That is a lot of ram, you could build quite the vm server with 16gb ram
and over 2 tb of disk space, assuming you keep one as a spare.
Brian
much smackdown for recommending a freebsd solution,
Hhere is a slashdot article
http://geektechnique.org/projectlab/797/openbsd-encrypted-nas-howto
Brian
Yeah - can't wait to reload some of our server test systems in the
office! I must be a geek
- Brian
Might help (haven't tried personally) - one of my goals to test once I
get the new CD Set - maybe today:)
http://parvinderbhasin.blogspot.com/2007/12/openbsd-42-ids-solution-snor
t-and-base.html
Read through the posts at the end.
There are a few others, but they are older.
Thanks,
Received my order of CDs and a t-shirt in New England today!
of the performance tweaks at
https://calomel.org/network_performance.html, but that didn't help
any.
Nothing gets sent to dmesg or /var/log/messages when this happens. I
figure I've got to be missing some sysctl or something to make some
buffer bigger, but I can't figure out w
On Mon, Oct 19, 2009 at 10:48 AM, Brian McCann wrote:
> Hi all. I'm having a problem with relayd under OpenBSD 4.5. I've got
> it configured to load balance web traffic (almost exactly the
> configuration in example 1 at https://calomel.org/relayd.html ). It
> was
8192 too high for this system. Limiting to 1024. Please use '-n' to
force the value."
Does anyone know if there's a system limit somewhere that needs to be
changed? I ran "sysctl -a | grep 1024" and nothing relevant
4.9 GENERIC#626 i386
I write a rule that says this:
pass in on $ext_if inet6 proto ipv6-icmp from any to 2620:0100:900f:c9::/56
and pfctl shows this:
pass in on em2 inet6 proto ipv6-icmp from any to 2620:100:900f::/56 keep
state
Maybe I'm crazy, but it seems 2620:100:900f:: would be /48 (assumin
On Feb 1, 2011, at 11:00 PM, Paul de Weerd wrote:
> On Tue, Feb 01, 2011 at 10:51:00PM -0800, Brian Keefer wrote:
> | 4.9 GENERIC#626 i386
> |
> | I write a rule that says this:
> | pass in on $ext_if inet6 proto ipv6-icmp from any to
2620:0100:900f:c9::/56
> |
> | and pfctl
ve been
made to the host system. Success *may* vary by host system, in this case that
guest lives on an Intel NUC8i5BEH.
Brian Conway
Owner
RCE Software, LLC
ritz box.
> "inet6 autoconf" does not. Is dhcp6leased(8) already supporting this
> kind of client configuration?
>
> Regards,
> --
> Christian
Brian Conway
Owner
RCE Software, LLC
gt;
> How can I diagnose this failures?
You may have a full state table. Try:
pfctl -si
pfctl -ss
Alternatively `pfctl -sa` includes all. If you have run out of available state
tracking, I would spot check what is using up all the state entries and whether
it is expected prior to increasing the limit.
Brian Conway
Owner
RCE Software, LLC
;easily".
https://github.com/openbsd/src/blob/df930be708d50e9715f173caa26ffe1b7599b157/etc/netstart#L29
Good news, though, it's all well-documented in the FAQ:
https://www.openbsd.org/faq/faq6.html
Brian
the DHCP range if I use their own firewall.
Brian
to retain the same mode as auto with no AC power?
>
> Looking at sys/kern/sched_bsd.c this should be a fairly trivial change.
>
> Any thoughts?
>
> Thanks,
> PT
The following is in -current, does it help you or have I misread your intention?
https://github.com/openbsd/src/commit/cc51e07cb96c0af80015d0d86e1e7f01cbaab662
Brian Conway
tate
> pass in on $int_if3 proto icmp all icmp-type echoreq keep state
> pass in on $wifi_if proto icmp all icmp-type echoreq keep state
First, I would suggest reading the PF Users's Guide thoroughly:
https://www.openbsd.org/faq/pf/
In the second section, Lists and Macros, you will see that you can combine many
of your statements into a single line with a list:
pass in on { $ext_if $int_if1 $int_if2 $int_if3 $wifi_if } proto icmp all
icmp-type echoreq keep state
You may also wish to work from the included router example.
Brian Conway
Owner
RCE Software, LLC
e:
https://www.openbsd.org/ftp.html
But yes, as noted, it is currently broken/has a configuration problem.
Brian
; exactly those system requirements are.
>
> Thanks.
https://www.openbsd.org/faq/index.html
First section.
Brian Conway
faq5.html
https://man.openbsd.org/release
They explain more about the care and handling of the obj directories.
Brian Conway
> Philip Guenther wrote:
>
>> Sounds like you have an obj tree dating from a build when that file
>> existed, including a generated whatever.d file with a ref
supplement it with something?
RAID is not a backup, RAID should be supplemented with backups.
Those things all having been said, yes, I am happily using OpenBSD for my local
NAS needs with softraid RAID 1, NFS, and Samba. Clients include a variety of
OpenBSD, macOS, embedded Linux, and Linux VM systems.
Brian
> Richardh Bostrom
By "router", are you referring to a consumer router or gateway? Perhaps your
firewall and router should be the same device or system?
Brian Conway
ing upload bandwidth and also using FQ-CoDel:
queue outq_parent on $ext_if bandwidth 760M max 800M
queue outq parent outq_parent bandwidth 760M flows 1024 qlimit 1024 default
I found I had better results capping upload bandwidth at 10% below my
connection’s stated amount (880M in my case).
Best,
Brian
Is that expected?
>
>
Hi, try 6.9. There is a bugfix to pf that I found also corrects load balancing
with aggr.
Brian
> Today I was dumping files from a wd0 disk to a mountpoint on sd0 disk
> (external USB). I "accidently" unplugged the power cable of sd0 disk and
That is generally considered the proper / pragmatic behavior.
FreeBSD Foundation is sponsoring development to change this behavior to
to some sort of
Jan 2006, Jason Taylor wrote:
Hi Brian,
I did a few more tests this evening and I think you are right about the MTU
issue. In OpenBSD 3.8, you can set the MTU of a GRE interface. I set the mtu
of the GRE tunnel on one end (Perspex, which runs 3.8) and transferred a
large file. It worked wonde
I haven't looked if we have support, but gre(4) w/ ipv6 address and stf(4)
seem to be best options out there for secure v6 tunnels.
That sounds... bizarre.
According to ipv6book.ca, M. Blanchet. It's a good read, except
OpenBSD/NetBSD are neglected (probably becase of the stf(4)/6to4(4)
ab
All:
Do we want to slip this into presently supported branches containing
1.6.9p17? It's a quick patch:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&only_with_tag=SUDO_1_6_9
I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string.
$ more sudo_
Hi,
for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a
local authentication database. It is in the base and it seems very
easy
to configure.
It is.
Is anybody running similar setup in production? Any caveats? Any other
advises before I take a plunge.
Yes I am, with Wi
the pfctl -s rules output.
My question is: Why are pf making 4 identical rules when using
groupnames?
--
Kind regards
Brian S. Vangsgaard
"Lists
A list allows the specification of multiple similar criteria within a
rule.
For example, multiple protocols, port numbers, addresses, etc. So,
instead of
writing one filter rule for each IP address that needs to be blocked,
one rule
can be written by specifying the IP addresses in a lis
Using a single interface (ex. vlan) will only produce one line (as I
expect it to do) in the pfctl -s rules output.
This is probably the simplest fix. The actual packets you want to
filter
show up on the vlan interfaces anyway.
You'r right, this would be the best solution at the momemnt.
M
Stuart Henderson skrev den 2015-04-28 15:55:
Actually this is a bit odd, can't reproduce it here on 5.5 or
-current.
I'm running 5.5 GENERIC.MP
SHA256 (/sbin/pfctl) =
9b84b5b3d846cf2f4c4a189d9711cc5d00c4ea096431df4eaea57ebfcd29de8c
ct IDs are added to the driver manually."
Can anyone tell me how to move on from this point, what steps are
needed to get the id's added manually?
--
Regards Brian
pass out on rl0 inet from vlan309:network to any nat-to rl0
match out on rl0 inet from vlan:309:network nat-to rl0
pass out on rl0
Since you did not submit a full pf.conf, I have no chance of knowing if you do
a later pass that changes the NAT state.
You could use tags for more fine-grained con
venlig hilsen / kind regards
Brian S. Vangsgaard
On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote:
> Hi
>
> I would like to log From:, To: and Subject: fields of
> every SMTP connection to my internal SMTP server
> that is passed by the openbsd firewall.
>
You're better off doing that within your MTA. Courier has a Big Brother
feature:
501 - 600 of 831 matches
Mail list logo
