Is it possible to write a rule based on a arbitrary ip rule instead
using a full subnet as source address like this?
hosts_allowed="{ 192.168.0.21-40 }"
And even using a single host on this following rule, i get a syntax
error. Can someone point what is wrong?
host_allowed="192.168.0.21"
im_se
Tks Kapetanakis and Vadis for your help. I'll try this out.
Kapetanakis Giannis wrote:
On 26/02/10 19:23, Leonardo Carneiro - Veltrac wrote:
Is it possible to write a rule based on a arbitrary ip rule instead
using a full subnet as source address like this?
hosts_allowed="{ 192.1
longgest useless thread EVER!!! a bit funny, however :D
Jason George wrote:
Actually two of the top linux kernel developers answered my email
directly to them when I had some questions. There was no ridicule or
belittling.
If so, you got ripped off. You should hear us over beer.
Oh, and
Hi everyone. I'm trying to get some control of the MSN protocol in my
network.
My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz.
What i'm trying to do is:
1. Allow some hosts to use MSN;
2. Redirect the MSN connections of some hosts from the LAN interfaces to
a MSN proxy in the DMZ
Tks again
Lars Nooden wrote:
On 04/19/2010 08:43 PM, Leonardo Carneiro - Veltrac wrote:
Hi everyone. I'm trying to get some control of the MSN protocol in my
network.
Upgrade to XMPP (jabber).
http://xmpp.org/about/
If you need client software, pidgin is one option available in p
don't go :)
Lars Nooden wrote:
On 04/19/2010 09:12 PM, Leonardo Carneiro - Veltrac wrote:
... I already have a XMPP server on my network, and it
replaces MSN in almost every task, but the gateway features does not
work 100% yet (at least in the server that i use)...
Which features and wh
Shane Lazarus wrote:
Heya
On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac
mailto:lscarne...@veltrac.com.br>> wrote:
My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz.
What i'm trying to do is:
1. Allow some hosts to use MSN;
2. R
everyone to the proxy,
the rdr rules used to work, but with this more selective rule, it's not
working at all.
Tks in advance.
Leonardo Carneiro - Veltrac wrote:
> Shane Lazarus wrote:
>> Heya
>>
>> On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac
>>
Leonardo Carneiro - Veltrac wrote:
> Hi Shane, Heya and others. I tried a new setup, using tables (look more
> eficient than using a thousan rules to each variable). But is still
> failing :(
>
> # tables
> table persist const file "/etc/pf.conf.d/msn-rdr"
Leonardo Carneiro - Veltrac wrote:
> Leonardo Carneiro - Veltrac wrote:
>
>> Hi Shane, Heya and others. I tried a new setup, using tables (look more
>> eficient than using a thousan rules to each variable). But is still
>> failing :(
>>
>> # tables
&g
Lars Nooden wrote:
On 04/19/2010 09:12 PM, Leonardo Carneiro - Veltrac wrote:
... the gateway features does not work 100% yet (at least in the
server that i use)
There are additional solutions. One is to work with the contacts to
get them set up with XMPP clients, since the gateway
Stuart Henderson wrote:
On 2010-04-20, Leonardo Carneiro - Veltrac wrote:
I'm well aware that nat occurs before the filtering, but what about
redirections that does not involve nat?
translation = NAT = Network Address Translation = nat and rdr and binat rules.
Shane Lazarus wrote:
Heya
Seems to me that you should probably allow traffic out to the $proxy
via the $dmz_if at some point...
For that matter, allow from the $proxy back in through the $dmz_if and
out...
Something like:
# tables
table persist const file "/etc/pf.conf.d/msn-rdr"
table pe
Hello everyone.
I have a table in my pf.conf:
table persist const file "/etc/pf.conf.d/ips_allowed"
If I add or remove IPs from this file mannualy, will the firewall be
aware of such changes or do i need to reload pf? Also, pf do map this
file in memory or does it read from the disk for ever
Gregory Edigarov wrote:
On Thu, 29 Apr 2010 10:15:08 -0300
Leonardo Carneiro - Veltrac wrote:
Hello everyone.
I have a table in my pf.conf:
table persist const file "/etc/pf.conf.d/ips_allowed"
If I add or remove IPs from this file mannualy, will the firewall be
aware of su
Otto Moerbeek wrote:
On Thu, Apr 29, 2010 at 10:15:08AM -0300, Leonardo Carneiro - Veltrac wrote:
this file in memory or does it read from the disk for every packet?
Neither. The addresses are loaded in kernel memory via pfctl.
-Otto
Tks. This info is very important to me
Lars Nooden wrote:
On Thu, 29 Apr 2010, Leonardo Carneiro - Veltrac wrote:
Tks. This info is very important to me 'cause my disk sucks,
Look at the manual page for mount_mfs(8) and the option -P you can
load a directory and the files in it into memory.
and i'll have to create s
Hi list.
Why do we get spam on this list? Does it allow to unsubscribed users to
email us or the spam is comming from subscribers?
This is ***not*** a flame war start about spam. I'm just curious.
--
Leonardo Carneiro
Tks.
John Cosimano wrote:
--- Leonardo Carneiro - Veltrac [Tue, May 04, 2010 at 08:54:38AM -0300]: ---
Hi list.
Why do we get spam on this list? Does it allow to unsubscribed users to
email us or the spam is comming from subscribers?
This is ***not*** a flame war start about spam. I&#
There is a way to do time-based rules on pf? Something like "this packet
will /pass/ from 10h to 13h" or "this packet will /pass/ until 22h, 13
june". I mean, there is a built-in mechanic to do this in pf or i'll
need to write a script in cron to add and remove rules?
Tks in advance
--
Stuart Henderson wrote:
On 2010-05-17, Johan Beisser wrote:
Build an anchor, have a ruleset loaded to it by cron, and removed at
the specified time later.
there might be more than that; unless you don't mind long-running
sessions continuing, you have to flush the states too.
Tks St
Axel Rau wrote:
Hi all,
I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
+---+ +--+
| | | |
+fw1+--+ +-+ |
carp0| |carp1 | | em0| |
| | | |
Congratulation to all OpenBSD Team.
Bob Beck wrote:
May 19, 2010.
We are pleased to announce the official release of OpenBSD 4.7.
This is our 27th release on CD-ROM (and 28th via FTP). We remain
proud of OpenBSD's recor
Christiano F. Haesbaert wrote:
We all know openbsd isn't the most popular OS in the planet, it's the best, but
far from being the most popular.
Great words.
+rep for this.
Marco Peereboom wrote:
bad advice. Don't do it, there is a reason it isn't disabled.
send oga some beer for c2k10 instead he might feel more pressure that
way :-)
On Thu, May 27, 2010 at 11:01:58AM +0100, Peter Kay (Syllopsium) wrote:
From: "Siju George"
On Thu, May 27, 2010 at 3:22 PM, P
Marco Peereboom wrote:
On Thu, May 27, 2010 at 11:13:36AM -0300, Leonardo Carneiro - Veltrac wrote:
Marco Peereboom wrote:
bad advice. Don't do it, there is a reason it isn't disabled.
send oga some beer for c2k10 instead he might feel more pressure that
way :-)
On Thu, Ma
Janne Johansson wrote:
2010/5/27 Leonardo Carneiro - Veltrac
Forgive me for the noob question (i'm a newbie at openbsd), but if i want
to build, for example, a large squid cache using openbsd, in a server with
BIIIG ram (12gb+), i will no be able to use the full memory spac
LeviaComm Networks NOC wrote:
... hell the word troll is in the URL.
LOL!
and in the last day, god said: "DON'T FEED THE TROLLS!"
Sure thing!
On 06/16/2010 05:28 PM, Martin Schrvder wrote:
2010/6/12 E.T:
mother card PIII, is compatible: usb2, usb3, e-sata, sata2, sata3,
firewire800, raid0, raid1, raid6
...
And I'd love to see your face when your PIII system rebuilds your
10TB RAID6 array... :-)
On 06/17/2010 09:57 AM, Kevin Chadwick wrote:
On Wed, 16 Jun 2010 23:30:58 +0200
Martin SchrC6der wrote:
2010/6/16 Kevin Chadwick:
I heard intel have postponed usb3 for atleast 6 months too.
Even worse: Their PCIe is too slow for usb3.
Best
Martin
Maybe if you'
"... conscience to forgive me for the awful things I have done to the
Slashdot community.
AT 15:35
TAGS: TROLLING"
On 07/02/2010 11:31 PM, Josh Rickmar wrote:
On Sat, Jul 03, 2010 at 10:21:00AM +0800, Brent Shumacher wrote:
http://www.trollaxor.com/2010/06/why-i-almost-gave-openbsd-1000
On 07/12/2010 03:38 PM, Chris Bennett wrote:
On 07/12/10 14:10, bofh wrote:
And what is your opinion of people who run sshd on non-standard
poorts? I recently had to smack one of my guys for that momentary
brilliance.
OK, this is the second time I've seen someone say this.
What is the differe
On 07/12/2010 05:01 PM, J Sisson wrote:
On Mon, Jul 12, 2010 at 2:46 PM, Leonardo Carneiro - Veltrac
mailto:lscarne...@veltrac.com.br>> wrote:
I ONLY run the sshd that are allowed to connect from the Internet
in non-standard ports. Anyone that matters to know knows on witch
On 07/12/2010 04:33 PM, Chris Bennett wrote:
On 07/12/10 15:01, J Sisson wrote:
On Mon, Jul 12, 2010 at 2:46 PM, Leonardo Carneiro - Veltrac<
lscarne...@veltrac.com.br> wrote:
I ONLY run the sshd that are allowed to connect from the Internet in
non-standard ports. Anyone that matters t
34 matches
Mail list logo
