Re: Ramifications of blocking SYN+FIN TCP packets

Henning Brauer skrev: not sure wether it wouldn't be smarter to just have pf scrub drop these as well. --- pf_norm.c Sat Mar 21 12:17:44 2009 +++ pf_norm.c.orig Sat Mar 21 12:16:56 2009 @@ -782,11 +782,8 @@ flags = th->th_flags; if (flags & TH_SYN) { /* Ill

Re: Low power OpenBSD machine

Timothy Hume skrev: Hi, My current PC is not very healthy. I am considering building a new low power consumption machine. I want something a bit more powerful than a Soekris, but it doesn't have to be the fastest machine around. I will be using the machine for web browsing, Email, managing my di

Problems with authpf

Hi, Just installed a new firewall using flashdist and 4.2. When trying to authenticate by authpf we get the following error: pfctl: /dev/fd/4: Permission denied Unable to modify filters ls -la /dev/fd/4 crw-rw-rw- 1 root wheel 22, 4 Nov 6 17:03 /dev/fd/4 Don't now if this is a related pr

Re: Solved - Problems with authpf

Johan Linner skrev: Hi, Just installed a new firewall using flashdist and 4.2. When trying to authenticate by authpf we get the following error: pfctl: /dev/fd/4: Permission denied Unable to modify filters ls -la /dev/fd/4 crw-rw-rw- 1 root wheel 22, 4 Nov 6 17:03 /dev/fd/4 Don'

Supermicro PDSMi-LN4+

Hi, Just installed 4.0 on a Supermicro PDSMi-LN4+, see dmesg below. Seems to work fine, just concerned about these messages: cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu1: unknown Core FSB_FREQ value 0 (0x4208) ioapic0: pin 16 shares different IPL interrupts (40..50), degraded perf

pf route-to vs reply-to

Hi, I am trying to understand the differences between route-to and reply-to in pf. Have not found any good examples in man(pf.conf) or Google. 2 wan connections, I want the traffic from the internal lan ($lan) to go through the wan1 ($wan1) connection via NAT. Wan1 is not the default route,

Re: Binary kernel and base update

Maurice Janssen skrev: On Thursday, April 19, 2007 at 23:45:51 +0200, Maurice Janssen wrote: Some progress was made in the last couple of days. First results are up at ftp://ftp.su.se/pub/mirrors/openbsd_stable/ I hope to add amd64, alpha and hppa in the near future. I don't have the hardware

Re: pf - 1 firewall 2 wans

Joel Knight skrev: --- Quoting Johan L on 2007/04/25 at 14:31 +0200: Hi, We have two internet connection with 2 different firewalls that we want to merge into a new single pf based firewall. . . . You should order a 4.1 CD, install it, and then do 'man pf.conf' and then 'man route'. Look

Re: RDR rule on PF

Is IP forwarding enabled? # sysctl net.inet.ip.forwarding=1 /Johan

Re: Problems with chrooted Apache and PHP exec() function

Stuart Henderson skrev: On 2007/09/05 17:57, Johan L wrote: We are trying to get the PHP exec() function to work in a chrooted Apache environment (4.1-stable MP ACPI enabled, PHP 5.1.6). could be wrong, but iirc it needs /bin/sh Yep, copy /bin/sh to /var/www/bin made it all work. Now both P

Reboot (ACPI?) problems on a Fujitsu Siemens RX100 S3

Hi, We've just installed 4.1-stable on a Fujitsu-Siemens RX100 S3. When we try to reboot or shutdown the server, it hangs after the "Syncing Disks... Done." message. Only way to continue is to hit the power switch. Tried bsd and bsd.mp with and without acpi enabled without any luck, plus a lot

Re: thinkpad x40 - Bad hardware?

Edd Barrett skrev: Hi, On Sat, Sep 13, 2008 at 5:05 PM, STeve Andre' <[EMAIL PROTECTED]> wrote: Thats a bad hard disk. I've gotten used laptops, but have always changed the disk out for a new one. Sometimes errors like this disappear, but do not trust it, replace it. Newegg here in the US i

pf and 1-1 static nat

olve this? Thanks Johan Linner

pf and FR tcp flags

Hi! We are running a pretty nice commercial firewall which obviously is based on a stripped version of OpenBSD and pf ;) (yes I know... we are planning on switching to our own OpenBSD installation as soon as possibly, still in the learning process though). Anyway we get alot of warnings abou

Re: Problems with 3.8 and Intel 6300ESB

Stuart Henderson skrev: On 2006/01/26 16:17, Alexander Yurchenko wrote: On Thu, Jan 26, 2006 at 02:13:33PM +0100, Johan L wrote: Hi! We are trying to install OpenBSD 3.8 on a Fujitsu-Siemens PRIMERGY RX100 S2 server. The install CD boots fine, but we get warnings about the Intel 6300ESB: vend

Re: Quad-Gigabit 1U mini-itx board recommendations?

Paul Suh skrev 2011-08-30 00:38: Folks, I'm looking for a mini-ITX motherboard with at least 4 x Gig-E ports. I would like to fit two of them into a 1U, dual mini-ITX case to have a CARP/SASYNC pair with connections to external, internal, and DMZ zones.

Re: DNS lookups for hostnames in PF tables

$ echo 'match to facebook.com' | pfctl -nvf - match inet from any to 69.63.189.11 match inet from any to 69.63.181.12 match inet from any to 69.63.189.16 it takes all records from the response, but doesn't track updates. If we blocked Facebook at work in Sweden, all employees would leave in a

Re: Does Atom dual-core work with SMP?

Douglas Maus skrev: Does anyone have experience whether dual core actually gets better OpenBSD SMP performance between the Intel Atom 230 (single core) and Atom 330 (dual core)? (such as between the Supermicro SYS-5015A-L and Supermicro SYS-5015A-H) Is the Atom 330 worth the extra bucks? Thank

Re: set nano as deafult when editing crontab

Orestes Leal R. skrev 2010-12-23 22:48: I want to edit the crontab with nano but by default vi it's invoked when I do 'crontab -e' export VISUAL="nano -w"