Yes, it's in the man page for pf.conf. Search for "user".
This just seems like a bad troll. What high-end CAD product (or any
commercial CAD product) runs natively on OpenBSD?
On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot
wrote:
Hello,
no carp is used at this time.
pfsync needs to be used with carp... without it you're just playing
whack-a-mole with your session table.
On Wed, 03 Jul 2013 07:40:08 -0500, Loïc Blot
wrote:
It's not possible to sync pf table without CARP ?
In order to answer that I'll need to understand what you believe the "pf
table" is.
On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot
wrote:
For me pf table is (sorry for the missing precisions) the pf state
stable for stateful operations
First of all, the states of node 1 being synced to node 2 and vice versa
is worthless because they have different IP addresses; the states
My apologies for just being noise; I missed his first full post with
much more detail. I was picturing him trying to run redundant servers
without CARP and running into issues of states disappearing.
On Wed, 24 Oct 2012 15:33:55 -0400
Simon Perreault wrote:
> I'm going to wait a long time for a firmware update that makes my
> IPv4-only printer speak IPv6.
My brother wifi printer from... 5 years ago?? supports ipv6. Sometimes I enable
it and publish it in IRC and see how many wonderful prin
On Thu, 1 Nov 2012 20:49:39 +0100
Jan Stary wrote:
> After cleaning my spamdb on the first of last month,
> I see that there are 572 WHITE hosts now.
>
> Only a handfull of those are legitimate (my mailserver
> is very low traffic, basically just mail for my family).
>
> Looking at the logs, I
On Wed, 2 Jan 2013 13:39:25 +0100
Toni Mueller wrote:
> A: 5.1 (IPv4: master)
> B: 5.0 (IPv4: backup)
> C: 5.2 (IPv4: master, IPv6: backup)
Didn't the CARP protocol change between these releases? I don't think it's
compatible. I'm sure someone else will chime in with the details, but I belie
On Mon, 14 Jan 2013 09:02:54 -0600, Florenz Kley wrote:
is anyone here using a SunFire V215?
http://www.openbsd.org/sparc64.html says it's a supported machine.
I'd be grateful for your observations if you run such a machine, I'm
considering to get two to run a firewall cluster.
I think I in
On Tue, 19 Feb 2013 18:18:54 -0600, Matthias Appel
wrote:
If I buy a car, and don't know how to operate it, and cause harm, nobody
would blame the manufacturer.
You of course need a license / permit to operate that car legally. That
process also teaches you how to use it safely. Nobody i
On Wed, 20 Feb 2013 17:41:20 -0600, patrick keshishian
wrote:
Privilege vs right discussions are way too off topic here. That said,
you are falsely assuming people with government endorsed licenses "do
the right thing". Get serious.
Licensed drivers aren't perfect but they do have to maste
Iptables allows me to rewrite the address of outgoing traffic. PF does
not allow this functionality. Is this a missing/broken feature, or is
there a reason why this is not allowed?
Example: I absolutely need traffic sent to 10.10.10.10 to be rewritten
to 192.168.1.1. There is no way around it, it
I completely understand what you're doing there, but that isn't what I'm
trying to do. Perhaps I'll give you a simple scenario that shows how to
make my needs easier to understand.
My home network is 192.168.1.0/24. A host on my network is
192.168.1.10. There is NO host at 192.168.1.200.
I want t
On Tue, 22 May 2012 08:59:28 -0500, Matthew Weigel
wrote:
To be clear, they are probably different people; it just amused me.
Conspiracy Theory: He called it MicroEvil so when you Google his name and
Microsoft an OpenBSD thread doesn't show up which is not really going to
look so good t
On Thu, 21 Jun 2012 16:34:51 -0500, Ryan Kirk wrote:
In my limited experience with ipv6, this has been the case. The
provider has you on a /64 of their own (not part of your /48), so your
WAN interface would have one of their IP's on it, and they should tell
you exactly what it should be. Just
On Thu, 21 Jun 2012 17:28:05 -0500, Michael Lambert
wrote:
There is a school of thought that says point-to-point links should be
allocated /64s, just like LAN subnets. Not everyone agrees. I like
/120s to
keep things octet-aligned for reverse DNS.
I was under the assumption that all cu
On Thu, 21 Jun 2012 18:39:24 -0500, Rod Whitworth
wrote:
It is not a "school of thought" - it is how it is. I have seen one /126
out in the wild but it is very lonely.
I work at an ISP/datacenter. We use /126s for the link net. Handing out
/64's "because you can" is stupid in my worthless
On Thu, 21 Jun 2012 20:00:17 -0500, Daniel Ouellet
wrote:
Have fun, but please read the RFC and don't suggest assignment based on
school of thought. Try to do it right from the start and save you pain
down the road now.
The number of customers asking for IPv6 right now I can probably c
On Thu, 21 Jun 2012 20:00:17 -0500, Daniel Ouellet
wrote:
You cold read the RFC 5375 for example, or a few more like 4291, 3587,
and other like it.
Interesting. RFC 6547 moves "Use of /127 Prefix Length Between Routers
Considered Harmful" (RFC 3627) to Historic status to reflect the upda
On Fri, 22 Jun 2012 08:38:04 -0500, Simon Perreault
wrote:
This is ridiculous. You should be allocating all your PtP links out of a
single prefix protected by an ACL at your border. All packets to the PtP
prefix need to be dropped. You should be doing this no matter the size
of your Pt
On Fri, 22 Jun 2012 17:34:39 -0500, Paul de Weerd
wrote:
"It makes renumbering easier" is a very poor argument. Renumbering is
just as easy wether you use /64s or /126s. Simply replace the first
64 bits and .. tadaa.wav .. you've renumbered.
I can't seem to grasp why anyone is worried abo
That's odd... I swear my wife's macbook has had functional IPv6 for quite
a while... unless the recent Lion update nuked it and I didn't notice?
Please report your findings -- I'd love to fix this at home if it's broken.
On Wed, 01 Aug 2012 15:55:36 -0500, Tobias Ulmer wrote:
After watching, you may understand why he's writing his own stuff
instead of using the awesome PulseAudio.
I really hope you're using the word "awesome" in an ironic / sarcastic way
Hi all,
I work at an ISP and we are very interested in running OpenBGPD on the
edges talking to our transport routers. They won't be routing traffic, but
really just act as an internal BGP cache. Right now our Cisco equipment is
not pulling its weight. When we have flaps with an upstream pro
On Mon, 14 Mar 2011 02:56:09 -0500, Gregory Edigarov
wrote:
Not really sure (claudio@ will certainly correct me), but I know that
OpenBGPD in FreeBSD's ports is never fresh enough. And there was
changes afecting the behaviour of OpenBSD's version.
So I think you should just install OpenBSD
On Mon, 14 Mar 2011 14:46:28 -0500, Stuart Henderson
wrote:
Make sure your nexthops are valid: bgpctl sh nex
I worked with my coworker on it this afternoon and he discovered the
nexthops issue. We have resolved the problem for now.
Out next step is to figure out how to make OpenBGPD be
On Wed, 16 Mar 2011 13:30:21 -0500, R0me0 *** wrote:
Please, someone can indicate the right direction to resove this ?
The first step in troubleshooting this is checking the switch or router
your OpenBSD machine plugs into. Make sure you set the duplex on both the
switch/router and OpenBS
On Wed, 16 Mar 2011 16:29:13 -0500, R0me0 *** wrote:
The structure is :
OBSD 1-AP-AP___APAP--OBSD2**
|___ AP 2 and 3 are linked
with Cable ( Ubiquiti *Rocket M5 ) four AP's
Can you manually set the duplex o
On Sat, 30 Apr 2011 13:31:37 -0500, Kraktus wrote:
Try to imagine a more mundane scenario.
All of your scenarios are ridiculous. Just share the files in an encrypted
archive and get over it. Any time you allow your "super secret" files to
exist on a computer you don't own or maintain you
You're missing the point.
I don't see what your point is at all. The whole time you've been asking
for block level encryption that is cross platform instead of addressing
why using an encrypted archive for transportation is not sufficient. This
should cover 99% of your needs. If you have t
On Sun, 15 May 2011 16:10:21 -0500, Andreas Bartelt
wrote:
Is there a way to do this correctly via /etc/hostname.gif0 ?
Best regards
Andreas
Not sure if this helps, but as far as I know this is the way you're
supposed to do it for a 6to4 tunnel:
Sanitized, but you'll get the point:
$
Claudio,
It was not possible to send out LS updates larger then the MTU.
Change the code in such a way that single huge LSA get fragmented
but avoid IP fragmentation when packing multiple ones.
Problem found and fix tested by Benjamin Papillon.
If I understand this correctly, there was an iss
On Wed, 25 May 2011 14:26:08 -0500, Amit Kulkarni
wrote:
all bugfixes go in current and only serious bugfixes or outright
security breaches are backported to the current release and current
release-1 branches, this is in the FAQ
Is there a reason why an OSPF update larger than 1500 bytes w
Theo, come on man... I really don't understand the hostility here. My goal
here is not to get people worked up. I understand you get harassed a lot
and people constantly beg for this and that, but I just wanted
clarification as I have seen no strict guidelines on what actually becomes
"Erra
35 matches
Mail list logo
