Re: Calomel.org

2009-05-07 Thread Calomel
. -- Calomel @ https://calomel.org Open Source Research and Reference On Thu, May 07, 2009 at 10:53:18AM -0400, Darrin Chandler wrote: >On Thu, May 07, 2009 at 12:03:23PM +, Stuart Henderson wrote: >> There are some useful things on the site, but please, use with a big >>

Re: max-src-conn-rate rule question

2007-10-23 Thread Calomel
connections over a time interval. The connection rate is an approximation calculated as a moving average. You may also want to use synproxy for ssh and take a look at max-src-states. I have examples here: http://calomel.org/pf_config.html -- Calomel @ http://calomel.org On Tue, Oct 23, 2007 at

Re: max-src-conn-rate rule question

2007-10-24 Thread Calomel
e the handshakes are completed, the sequence number modulators (see previous section) are used to translate further packets of the connection. Synproxy state includes modulate state. (pf.conf man page) -- Calomel @ http://calomel.org On Tue, Oct 23, 2007 at 11:23:05PM -0500, david l goodrich wrote: &g

Re: Help needed to get PF working

2007-10-25 Thread Calomel
back to its previous setting on reboot. OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org On Thu, Oct 25, 2007 at 09:15:22AM +0300, Timo Myyr? wrote: >Hi, > >I'm currently trying to configure small home network: >AD

Re: 4.2/amd64 cannot detect any CDROM even the one from which it was installed

2007-10-26 Thread Calomel
Siju, Has the device name changed? Perhaps to /dev/cd0a -- Calomel @ http://calomel.org OpenSource Research and Reference On Thu, Oct 25, 2007 at 07:12:59PM +0530, Siju George wrote: >Hi, > >I installed OpenBSD 4.2 on CD on my amd64 that was running OpenBSD 4.0 fine. >I tried

Re: Remove escape characters from file

2007-10-26 Thread Calomel
Pieter, To remove the ^M characters at the end of all lines in vi, use: :%s/^V^M//g The ^v is a CONTROL-V character and ^m is a CONTROL-M. When you type this, it will look like this: :%s/^M//g -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Oct 26, 2007 at 03:45

Re: Samba files used logging

2007-10-29 Thread Calomel
You need to use at least samba-2.2.7a and use the audit.so module. The samba source code has what you need. Check out the information in ~samba/examples/VFS/audit.c and in the README file in that directory. -- Calomel @ http://calomel.org OpenSource Research and Reference On Sun, Oct 28, 2007

Re: Where is 'cdrom42.fs'? 4.2 -release

2007-11-01 Thread Calomel
/bootable_openbsd_cd.html -- Calomel @ http://calomel.org OpenSource Research and Reference On Fri, Nov 02, 2007 at 03:12:30AM +0800, Bibby wrote: >Hi, all. > >Part of file: 4.2/i386/INSTALL.i386: >--- > >cdrom42.fsThe i386 boot and installation 2.88MB >flopp

Re: Where is 'cdrom42.fs'? 4.2 -release

2007-11-02 Thread Calomel
Rod, You are absolutely correct. Using the "--reject *iso" directive for wget in the instructions will now filter out all iso files from downloading. The wording on the web page has been cleaned up and clarified. Thanks for your feedback, it is appreciated. -- Calomel @ http://c

Re: Fair Internet Sharing with OpenBSD

2007-11-04 Thread Calomel
% ) queue bulk bandwidth 5% priority 1 qlimit 50 hfsc (realtime 5% default) And use the ack with the queue name on the rules like, "queue (edd, ack)" This might help you out with the directive definitions. http://calomel.org/pf_config.html -- Calomel @ http://calomel.org O

Re: how to create cdrom42.fs?

2007-11-07 Thread Calomel
You can use geteltorito.pl by Rainer Krienke. It will extract what it needs from the "cdemu42.iso" image and make a new cdrom42.fs image. Just takes a second. Check out Step 3, option 2 at Making a bootable OpenBSD install CD http://calomel.org/bootable_openbsd_cd.html -- Calo

Re: how to create cdrom42.fs?

2007-11-08 Thread Calomel
I believe the boot image must be less than 9900 sectors to be used on a bootable cdrom. bsd.rd would be too large. -- Calomel @ http://calomel.org Open Source Research and Reference On Wed, Nov 07, 2007 at 07:45:52PM -0500, Steve Shockley wrote: >Calomel wrote: >>You can use getel

Re: Logging bandwidth usage with PF

2007-11-12 Thread Calomel
ed or most popular ports or ip's. Well NetFlow is what your looking for. NetFlow is an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. http://www.pantz.org/software/flowtools/configflowtoolspfflow.html --

Re: Queuing for my homelan (which scheduler to use?)

2007-11-13 Thread Calomel
Chris, It looks like you have quite a few questions. The obsd list will not write your firewall for you, but this should get you started in the right direction. Hierarchical Fair Service Curve (HFSC) of OpenBSD http://calomel.org/pf_hfsc.html -- Calomel @ http://calomel.org Open Source

Re: Daily insecurity report and drop priv accounts for handling automated tasks

2007-11-13 Thread Calomel
uot; using the backup user. If "ls" is successful, the wrapper in not working. If anyone has any other recommendations I would be interested in hearing about them. There is always room for improvement. -- Calomel @ http://calomel.org Open Source Research and Reference On Tue, Nov 13

Re: Using CBQ with variable upload bandwidth

2007-11-15 Thread Calomel
amount of bandwidth specified by "realtime". See if this link helps you out. Hierarchical Fair Service Curve (HFSC) of OpenBSD http://calomel.org/pf_hfsc.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Nov 16, 2007 at 04:56:51AM +0300, Jonathan S

Re: Using CBQ with variable upload bandwidth

2007-11-16 Thread Calomel
the "altq on $ExtIf bandwidth 744Kb" line to reflect this. If the rest of the queues are setup to use a percentage of the primary bandwidth amount then every thing will fall into line. Lastly, refresh pf for the new settings to take effect. Reference: http://calomel.org/pf_hfsc.html -

Re: Excess interrupts using ALTQ

2007-11-16 Thread Calomel
/4.2 with ALTQ (HFSC) without issue. CPU usage for the interrupts are around 33% on a amd64 2.2GHz. -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Nov 12, 2007 at 02:05:54PM -0300, Fernando Braga wrote: >Hi, > >I've setup a bridge over a 200Mb link, a

Re: Passive ftp problem: 425 error

2007-11-29 Thread Calomel
Try using the ftp-proxy daemon. The proxy will take care of what ports need to be open and close them when they are not needed. It will make your life easier. Ftp-proxy "how to" (forward and reverse) http://calomel.org/ftp_proxy.html -- Calomel @ http://calomel.org Open Source Re

Re: pf + wii

2007-12-25 Thread Calomel
an example. OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Tue, Dec 25, 2007 at 10:22:09AM -0800, Chris Cappuccio wrote: >upnp is also necessary for other multiplayer games like xbox live.

PF, limit remote clients by total bandwidth used over time

2007-12-28 Thread Calomel
hen see clients connect and download 100 meg per minute there is a problem and the ips can be blocked or slowed. Thanks for your time, -- Calomel @ http://calomel.org Open Source Research and Reference

Re: spamd not un-greylisting entries?

2008-01-14 Thread Calomel
r would be around 24-26. What is your grey listed time out? By default I believe it is set at 25 minutes. (-G 25:4:864) Perhaps it is too low or too high? This is probably not your issue, but may give you a place to start. Spamd anti-spam "how to" (spamdb) http://calomel.org/spamd_conf

Re: PF - using overload for port 80 attacks/floods

2008-01-31 Thread Calomel
"how to" ( pf.conf ) http://calomel.org/pf_config.html Hope this helps. -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Jan 31, 2008 at 10:50:43AM -0600, Cache Hit wrote: >Hello, > >I've been successfully using the max-src-conn and max-src-conn-rat

Re: Zombie Network Spam Attack

2008-02-08 Thread Calomel
how to" (spamdb) http://calomel.org/spamd_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Feb 08, 2008 at 11:07:15AM +0100, Raimo Niskanen wrote: >Apparently we (our mail server) got targeted by a zombie network >since suddenly there were s

Re: pf anchors with tag/tagged

2008-02-08 Thread Calomel
ort $SshPort $SynState tagged OPENSSH OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Feb 08, 2008 at 08:35:44AM -0500, S. Scott Sima, CISA, CISM wrote: >(sorry, orig post

Re: pf anchors with tag/tagged

2008-02-08 Thread Calomel
All macros, redirections and rules must be in the that uses it anchor as I understand it. Take a look at the anchors section of this link. OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org Open Source Research and Referenc

Re: : Zombie Network Spam Attack

2008-02-11 Thread Calomel
On Mon, Feb 11, 2008 at 11:17:35AM +0100, Raimo Niskanen wrote: >On Fri, Feb 08, 2008 at 11:20:31AM -0500, Calomel wrote: >> Raimo, >> >> Can you use the spamd.alloweddomains to whitelist email addresses and >> domains you accept mail for? Any email sent to your mail s

Re: Monitoring Bandwidth Usage, based on ports, service, client, etc.

2008-02-15 Thread Calomel
Check out pfflowd. Configuration of NetFlow, Flowtools, pfflowd on OpenBSD http://www.pantz.org/software/flowtools/configflowtoolspfflow.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Feb 15, 2008 at 09:22:33AM -0500, Richard Daemon wrote: >Hi all, >

Re: spamd and freemail hosts

2008-02-25 Thread Calomel
amd_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Feb 25, 2008 at 09:48:20PM -0600, Aaron Martinez wrote: >I've got spamd up and running in the default greylisting mode on a 4.2 >stable system. Things seem to be working great, however I've no

Re: ftp-proxy and carp

2008-03-12 Thread Calomel
anchors are not pfsync states and thus are not transfered to the backup firewall through pfsync. But, if the users issue a reconnect to your ftp server after the firewall fail over they will connect without issue. -- Calomel @ http://calomel.org Open Source Research and Reference On Wed, Mar 12

sftp logging using chroot internal-sftp in -current

2008-03-12 Thread Calomel
rt 22 Protocol 2 StrictModes yes SyslogFacility AUTH TCPKeepAlive yes UseDNS no UsePrivilegeSeparation yes X11Forwarding no ## sftp directives Subsystem sftp internal-sftp Match User ftp ForceCommand internal-sftp ChrootDirectory /ftp_jail http://calomel.org/sftp_chroot.html -- Ca

Re: sftp logging using chroot internal-sftp in -current

2008-03-13 Thread Calomel
yes X11Forwarding no ## sftp directives Subsystem sftp internal-sftp -f AUTH -l DEBUG3 Match User ftp ForceCommand internal-sftp ChrootDirectory /ftp_jail http://calomel.org/sftp_chroot.html -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Mar 13, 20

relayd layer 7 http proxy and filtering questions

2008-03-18 Thread Calomel
;BAD request method" request header expect "GET" request header expect "HEAD" Since it is a work in progress, our full relayd.conf file can be found here for reference: Relayd proxy "how to" (relayd.conf) http://calomel.org/relayd.html -- Calomel @ http://calomel.org Open Source Research and Reference

Re: understanding PF src-limit counter

2008-03-24 Thread Calomel
'src-limit' value in pfctl -si to see how many packets were dropped in this way. I do not believe packets dropped by a rate limited rule are logged as logging a DDOS attack might stress the machine. Hope this helps. OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.o

Re: ssh queue rules

2008-03-26 Thread Calomel
"high" queue. Hope this helps PF Config "how to" (pf.conf) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org/ Open Source Research and Reference On Wed, Mar 26, 2008 at 04:41:01PM -0700, Lord Sporkton wrote: >I have this rule in my PF >and its not wo

Re: problem regarding squid

2008-03-31 Thread Calomel
ode. Note that in some versions, Squid limits dns_children to 32. To increase it beyond that value, you would have to edit the source code. Hope this helps. Squid config "how to" (squid.conf) http://calomel.org/squid.html -- Calomel @ http://calomel.org Open Source Research an

Re: Tool for HD analyzing

2007-10-01 Thread Calomel
ystem rescue cd" and run badblocks from there without removing the drive from the current machine. NON-destructive BadBlock test (1gig ram in machine) badblocks -b 4096 -c 98304 -p 0 -s /dev/hda For a more detailed explanation http://calomel.org/badblocks_wipe.html -- Calomel @ http://c

Re: pf

2007-10-05 Thread Calomel
uld be happy to help. -- Calomel @ http://calomel.org On Fri, Oct 05, 2007 at 08:25:26AM -0400, a.padilla wrote: >ext_if ="rl0" #macro for external interface >int_if ="dc0" #macro for internal interface > >localnet= $int_if:network > >nat on $ext_if from $l

Re: pf

2007-10-05 Thread Calomel
matheus, It is the order. The fist queue is for bulk packets and the second is for ack packets. Daniel Hartmeier has a detailed page with examples that may make this clearer. Prioritizing empty TCP ACKs with pf and ALTQ http://www.benzedrine.cx/ackpri.html -- Calomel @ http://calomel.org

Re: [Newbie] OpenBSD HTTP proxy

2007-10-08 Thread Calomel
Tony, I agree with lars, squid is an excellent choice to proxy http and https. Here are some instructions and a working example if you need them. Squid Proxy (Secure, Paranoid and Non-caching) http://calomel.org/squid.html -- Calomel @ http://calomel.org On Tue, Oct 09, 2007 at 03

Re: Problem with binat and ftp-proxy

2008-09-30 Thread Calomel
proto tcp from $DMZ to any port ftp -> lo0 port 8021 Filtering # pass in log on $DMZIf inet proto tcp from $DMZ to lo0 port 8021 $TcpState $FtpIntIf Ftp-Proxy "how to" (forward and reverse proxy) https://calomel.org/ftp_proxy.html

Re: relayd layer 7 http proxy and filtering questions

2008-04-02 Thread Calomel
proxy "how to" (relayd.conf) http://calomel.org/relayd.html -- Calomel @ http://calomel.org Open Source Research and Reference On Tue, Mar 18, 2008 at 05:07:53PM -0400, Calomel wrote: >We are looking to do some URL path and request method filtering with relayd >if possible. M

Re: script to process spamd and generate html

2008-04-03 Thread Calomel
We use a simple Perl script to analyze the spamd logs and generate HTML output. Spamd Statistics Script (annoying spammers) http://calomel.org/spamd_stats.html -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Apr 03, 2008 at 10:19:18AM -0300, Jose Fragoso

Re: Pfstat - issue

2008-04-03 Thread Calomel
You also need to tell pfstat what action you want to do. You can query to collect the pf interface statistics, generate new graphs or clean up the database. See if our page can help you out. Pfstat "how to" ( pfstat.conf ) http://calomel.org/pfstat.html -- Calomel @ http://c

Re: selective state flush

2008-04-03 Thread Calomel
e argument "-k" to drop connections dependent on ip address. For example, If we wanted to drop all states from any ip to our internal server at 10.10.10.22 we could execute: pfctl -k 0.0.0.0/0 -k 10.10.10.22 Hope this helps. PF Config "how to" (pf.conf) http://calomel.or

Re: CARP and pfsync weird behaviour

2008-04-10 Thread Calomel
re the firewalls overloaded? You are welcome to check out some of the "how to's" I have at http://calomel.org if you need to. -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Apr 10, 2008 at 12:35:17PM +0100, openbsd firewall wrote: >Hello, >

Re: spamd in modified greylisting mode.

2008-04-15 Thread Calomel
email from new potential clients all the time then this method is not really that helpful. If anyone has any other ideas on this topic I would also be interested in hear them. Hope this helps. Spamd tarpit/greylisting anti-spam "how to" http://calomel.org/spamd_config.html -- Calo

Re: PF ssh bruteforce logging and blocking

2008-04-15 Thread Calomel
ou want to dump those ips from the table to the text file you can always do "pfctl -t bruteforce -T show >> /etc/bruteforce" Hope this helps. OpenBSD Pf Firewall "how to" ( pf.conf ) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org Open Source

Re: Is there a "badblocks"-equivalent for OpenBSD?

2008-04-18 Thread Calomel
Ropers, You can find the badblocks utility prepackaged in "e2fsprogs". Hope this helps, BadBlocks Hard Drive Validation and/or Destructive Wipe http://calomel.org/badblocks_wipe.html -- Calomel @ http://calomel.org Open Source Research and Reference On Fri, Apr 18, 200

Re: Multiple FTP servers behind firewalls

2008-06-04 Thread Calomel
olutions I would also be interested in hearing about them. -- Calomel @ https://calomel.org Open Source Research and Reference On Wed, Jun 04, 2008 at 05:02:45PM +0100, Joe Warren-Meeks wrote: >Hey guys, > >I have a a pair of OpenBSD firewalls, using carp+pf protecting all >our se

Re: OpenSSL On Openbsd help

2008-06-14 Thread Calomel
helps. Guide to SSL Certificates https://calomel.org/ssl_certs.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sun, Jun 15, 2008 at 03:02:48AM +1000, Damien Miller wrote: >On Sat, 14 Jun 2008, Khalid Schofield wrote: > >> Hi, >> I need to

Re: simple PF question

2008-06-20 Thread Calomel
flags S/SA Hope this helps, OpenBSD Pf Firewall "how to" ( pf.conf ) https://calomel.org/pf_config.html -- Calomel @ https://calomel.org Open Source Research and Reference On Fri, Jun 20, 2008 at 02:10:52PM -0700, Robert Gilaard wrote: >Hi folks, > >All the time I had the fo

Re: question on spamd.alloweddomains

2008-06-21 Thread Calomel
Juan, You can use email addresses, domains or partial domains in your spamd.alloweddomains file. Spamd tarpit/greylisting anti-spam "how to" (spamdb) https://calomel.org/spamd_config.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sat, Jun 21, 200

Re: Light HTTP servers.

2008-07-20 Thread Calomel
clients. Nginx web server "how to" https://calomel.org/nginx.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sun, Jul 20, 2008 at 03:14:40PM +0100, Nuno Magalh??es wrote: >I have an old Compaq Armada 1500c with 32MB of RAM i want to use as a >webs

pf ALTQ bandwidth limited to a 32bit value (4294Mb)

2011-07-06 Thread Calomel Org
to 8590Mb the value flips twice and we are left with 65.41Kb. altq on $ExtIf bandwidth 8590Mb hfsc queue { ack, web} queue root_em0 on em0 bandwidth 65.41Kb priority 0 {ack, web} Thanks. -- Calomel @ https://calomel.org Open Source Research and Reference

Re: pf ALTQ bandwidth limited to a 32bit value (4294Mb)

2011-07-07 Thread Calomel Org
them out. -- Calomel @ https://calomel.org Open Source Research and Reference On Thu, Jul 07, 2011 at 09:28:13AM -0400, Ermal Lu?i wrote: >On Wed, Jul 6, 2011 at 5:25 PM, Calomel Org > wrote: >> ALTQ using hfsc is limited to a maximum parent bandwidth of 4294Mb. >> Thi

Re: PF Tables scoping.

2010-06-02 Thread Calomel Org
Addresses: 12 Cleared: Wed Dec 31 19:00:00 1969 pfctl -a games -vvs Tables --a-r-C BLOCKTEMP games Addresses: 0 Cleared: Wed Jun 2 16:40:14 2010 -- Calomel @ https://calomel.org Open Source Research and Reference On Wed, Jun 02, 2010 at 04:23:54PM -0400

Re: pf and ftp-proxy active/passive problems

2010-06-02 Thread Calomel Org
Connected to openbsd.sunsite.ualberta.ca. ftp> ls 227 Entering Passive Mode (129,128,5,191,214,178) 150 Opening ASCII mode data connection for '/bin/ls'. total 8 drwxr-xr-x 2 0 0 512 May 4 2009 etc drwxr-xr-x 3 0 0 512 Jul 21 2009 pub 226 Transfer complete. Was this the probl

Re: pf and ftp-proxy active/passive problems

2010-06-03 Thread Calomel Org
our ps3 and NHL10 rules in an anchor to clean things up. How about adding QOS so the gamers get higher network priority? :) -- Calomel @ https://calomel.org Open Source Research and Reference On Thu, Jun 03, 2010 at 02:14:53AM -0400, Teemu Rinta-aho wrote: >On Jun 3, 2010, at 3:51 AM,

Re: PF BINAT on entire /24 subnet

2010-06-05 Thread Calomel Org
modified is 10.0.0.50, then the resulting address will be 192.0.2.50. If the address pool is 192.0.2.1/25 and the address being modified is 10.0.0.130, then the resulting address will be 192.0.2.2. http://www.openbsd.org/faq/pf/pools.html -- Calomel @ https://calomel.org Open Source Research

Re: PF cluestick please - low priority queue spills over into normal queue

2010-01-06 Thread Calomel Org
follows: Root Queue (2Mbps) Queue A (1Mbps) Queue B (500Kbps) Queue C (500Kbps) Also, you can use HFSC queueing for this as well. Hierarchical Fair Service Curve (HFSC) of OpenBSD https://calomel.org/pf_hfsc.html -- Calomel @ https://calomel.org Open Source Research and

Re: possible to configure PF to simulate latency and 1% packet loss?

2010-01-22 Thread Calomel Org
probability value only. For ex- ample, the following rule will drop 20% of incoming ICMP packets: block in proto icmp probability 20% I do not believe you can add latency timings using PF. I agree, this would be very helpful for testing. -- Calomel @ https://calomel.org Open Source

Re: AMD power reduction

2010-02-05 Thread Calomel Org
/apm_control.html -- Calomel @ https://calomel.org Open Source Research and Reference On Fri, Feb 05, 2010 at 11:37:16AM -0500, Jean-Francois wrote: >Le vendredi 05 fivrier 2010 11:17:51, vous avez icrit : >> On 04/02/2010 23:02, Jean-Francois wrote: >> > All, >> > &

Re: online documentation for new smtpd

2009-07-21 Thread Calomel Org
. OpenSMTPD "how to" (smtpd.conf) https://calomel.org/opensmtpd.html -- Calomel @ https://calomel.org Open Source Research and Reference On Tue, Jul 21, 2009 at 12:23:31PM -0400, Lars Nooden wrote: >I find the two manpages, smtpd(8) and smtpd.conf(5), in current. > >I