Intel hyperthreading w/ Atom E6xx & OpenBSD 5.2?

I've been using OpenBsd for 8+ years on my main router/firewall (4 NICs). Time to upgrade (I'm back on v3.8, yikes). Past time, really. Solots to learn / re-learn here. Have patience. First question: I'll be loading 5.2 on a low-power, Atom E640-based box (the Soekris net6501). That chip has

Re: Intel hyperthreading w/ Atom E6xx & OpenBSD 5.2?

as a "don't forget to allow this" kind of reminder. thx D On Thu, Mar 7, 2013 at 8:51 PM, System Administrator wrote: > On 7 Mar 2013 at 20:24, David Ruggiero wrote: > > > I've been using OpenBsd for 8+ years on my main router/firewall (4 > > NICs). &g

empty pf log / pflogd not starting?

I'm playing with the latest 5.3 snapshot and I'm getting an always-empty /var/log/pflog. I'm wondering if there's a problem with the snapshot (unlikely) or something I did wrong in my configuration (much more likely). ps -aux shows "pflogd" is not running, which I assume is the source of the probl

Re: empty pf log / pflogd not starting?

Jan: Your question is ignoring what I wrote, which is that pflogd is not started at all, so logging will not happen regardless of my ruleset. But yes, logging in enabled in pf.conf and yes, I can see the rules are being executed that should log via pf.control. I didn't think as a reasonably exper

Re: empty pf log / pflogd not starting?

gs can break and you can report them. Or, conversely, why you don't run snapshots. :) -d- On Sun, Mar 24, 2013 at 10:13 AM, David Ruggiero wrote: > I'm playing with the latest 5.3 snapshot and I'm getting an > always-empty /var/log/pflog. I'm wondering if there's

bad rule, or special filtering needed for bootp packets?

The very, very first rule in my pf ruleset is part of a fairly vanilla anti-spoof/sanity check set, intended to catch incoming bogon/martian packets: table const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, !$int_net, !$wls_net, !$ptr_net, 169.254.0.0/16, 127.0.0.0/8, 192.0.2.0/24, 0.0.0.0/32,

Re: bad rule, or special filtering needed for bootp packets?

m to any label "block unroutable ip" The rest of the question below remains the same. thankee much /david/ On Wed, Mar 27, 2013 at 10:12 AM, David Ruggiero wrote: > The very, very first rule in my pf ruleset is part of a fairly vanilla > anti-spoof/sanity check set, in

Re: bad rule, or special filtering needed for bootp packets?

Thanks! No, it didn't occur to me, so very appreciated. I didn't remember that you could do that form of the table command to show explicit members in a list, so that's also really helpful. FWIW, though..I would not have expected that pf would silently drop - without any warning message or co