Safe bruteforce rule for mobile-friendly website

Hi, Turns out this (http://home.nuug.no/~peter/pf/en/long-firewall.html) bans any IP connecting from mobile devices: pass in on $ext_if inet proto tcp from any to any port 80 keep state (max-src-conn 100, max-src-conn-rate 15/5, overload flush global) Works fine when connecting from regular PCs

Re: Safe bruteforce rule for mobile-friendly website

Currently it's all the same content. I'm planning to use Nginx to redirect to a dedicated mobile site later on though. Thank you! Mikkel 2013/2/6 Peter N. M. Hansteen > Mikkel Bang writes: > > > Turns out this (http://home.nuug.no/~peter/pf/en/long-firewall.html) > bans &

Re: Safe bruteforce rule for mobile-friendly website

> I forget if mobiles do more prefetching on dns and/or tcp on mobiles but > perhaps that's worth considering as a culprit. My God Kevin, that's gotta be it! > Does the page have more than 15 links? Yep, like 16-17 or so :) Mikkel 2013/2/7 Kevin Chadwick > > I had to disable it as soon as I

Re: Safe bruteforce rule for mobile-friendly website

So is there any point in having bruteforce for httpd? Especially now that "mobile is the future"? Mikkel 2013/2/7 Mikkel Bang > > I forget if mobiles do more prefetching on dns and/or tcp on mobiles but > > perhaps that's worth considering as a culprit. > >

The ultimate OpenBSD email server

I'm trying to configure "the ultimate email server" for this webapp that needs to send and receive / forward emails to and from thousands of users. But with so many people recommending so many different tools, it gets hard to come to a conclusion. Looks like I'm finally arriving at this though: po

Re: The ultimate OpenBSD email server

2012/8/15 Peter N. M. Hansteen > > I beg to differ. spamd(8) in any configuration is a lot more lightweight > than > content filtering. You most likely will need content filtering in addition > to greylisting+greytrapping, but stopping them earlier is a real plus. > See eg http://undeadly.org/cgi

NSD vs BIND

Hello! For authoritative nameservers - which do you guys prefer, NSD or BIND? I've been using BIND all these years, but after Googling around, NSD seems extremely attractive. Plus it follows BIND's zonefile format so I don't really have to redesign my configs, how about that? Mikkel

OpenBSD init script (rails+nginx+unicorn)

Can/should this init script be rewritten/simplified for OpenBSD? https://gist.github.com/3447050 (an application-specific init scriptfor a rails+nginx+unicorn setup) I like how Ope

Re: OpenBSD init script (rails+nginx+unicorn)

For what it's worth, here she is: https://gist.github.com/3447050 the Linux version sure is jealous now :-) Mikkel 2012/8/24 Mikkel Bang > Can/should this init script be rewritten/simplified for OpenBSD? > > https://gist.github.com/3447050 (an application-specific init

More sensible and consistent rc.conf.local

Hello! Is there a way to make my rc.conf.local more sensible and consistent, i.e. not pf=YES sshd="" named_flags="" but rather pf=YES sshd=YES named=YES? Thanks! Mikkel

Re: More sensible and consistent rc.conf.local

"it's been like this for ages", but it's 2012 - it's time to make some power moves. If OpenBSD was on Git / at GitHub, youngins like me would have patched this baby up a long time ago. Mikkel 2012/8/29 Stuart Henderson : > On 2012-08-25, Mikkel Bang wrote: >>

Re: 5.2 PRE-ORDERS

Can't you just put up a Spree shop or something? I'd like some cups and stickers too, and maybe a teddybear version of that fish for my kid. Some OpenBSD underwear for the wife would be great too. Thanks. Mikkel 2012/10/7 OpenBSD Europe : > Excellent - if you need anything just let us know :-) >