Re: Does DNS need TCP?

2020-09-20 Thread Nicolai
s that are visibly broken. Just a related PSA: please don't block ICMP either. It's important, necessary, and good. Nicolai

sysupgrade fun

2019-10-19 Thread Nicolai
user feel that way, especially when they're kind of used to the casually miraculous - I still get a little lift of spirits just thinking about pledge/unveil. Thank you to all the developers, contributors, supporters, artists, and anyone involved in making OpenBSD a joy to use. Enjoy your weekend, Nicolai

Re: OpenBSD Puffy Stickers

2017-11-30 Thread Nicolai
you can accomplish your goal of funding OpenBSD - you don't need to debate anyone here. Just do it. Theo said he won't do it. You may as well argue with him about what his favorite music is or something else that's entirely up to him... these kinds of things aren't debatable issues. Un-asked for advice is nearly always bad advice. Nicolai

Re: acme-client No registration exists matching provided key

2018-02-05 Thread Nicolai
em, and a valid cert was issued successfully. Perhaps what you were experiencing was a separate, local issue. Glad you got it worked out though! And thanks to Jordan for the heads-up. Nicolai

Re: Seeking GUI refuge

2013-05-24 Thread Nicolai
d be very much appreciated, I feel trapped and it sounds > weird to say this but I am really a bit depressed about the idea of > heading back to Windows. Personally if I had to use Windows I would just quit using computers. Don't jump! Nicolai

Re: Is down??

2013-06-13 Thread Nicolai
It appears may have been down for a while. I had errors downloading some spamd files for a stretch of time in the last 10 hours. Seems fine now. Nicolai

Re: IDE disk erasing/zeroing at ~2.4MB/s

2013-07-12 Thread Nicolai
On Fri, Jul 12, 2013 at 03:50:58PM -0600, Nathan Goings wrote: > However, when I run `dd if=/dev/zero of=/dev/wd0c bs=1M' After 3-4 > hours, it's only running at ~2.4MB/s. CPU usage is about 30%. Do instead: dd if=/dev/zero of=/dev/rwd0c bs=1M Nicolai

Re: Post-quantum cryptography

2013-08-10 Thread Nicolai
nts them (or uses existing implementations) once thoroughly tested and reviewed by the cryptographic community. And at the moment, pqcrypto is not sufficiently far advanced to be anywhere near that status. At the moment, the site already mentioned covers the state of the art. Nicolai

Re: Post-quantum cryptography

2013-08-10 Thread Nicolai
tta what-have-you's. Lotta bits to keep in the cache. Luckily I'm adhering to a pretty strict constant-time regimen to keep my output limber. Nicolai

Re: OpenBSD site SSL

2013-10-12 Thread Nicolai
objectives, different formations. Their only connection is that the English word "open" is in both names. Nicolai

Re: DNS Hosting & Managed DNS

2013-10-24 Thread Nicolai
curity, you'd get far more by choosing 1) a registrar without a history of compromises, and 2) a DNS provider that uses something other than BIND. NSD is in base. Nicolai

Re: adduser setting permissions wrong

2013-10-26 Thread Nicolai
On Sun, Oct 27, 2013 at 02:50:23PM +1100, John Tate wrote: > Here is a new user: > drwxr-xr-x 3 test test 512 Oct 26 20:42 test > > I'd really like them to be 770 chmod 770 /etc/skel Nicolai

Re: A detail about pf.conf

2016-10-29 Thread Nicolai
ying to do, but try this instead: table persist file "/path/to/file" block in quick from to any I'm assuming the file contains a list of IP addresses, one per line, that you want to block. BTW, there are generally better options for handling bruteforce traffic. What kind of bruteforce traffic are you trying to stop? Nicolai

Re: OpenBSD httpd and HTTP/2

2017-04-01 Thread Nicolai
happen is for Google to punish bloated websites. THAT will get people to care. Nicolai

Re: Upgrading 3.8 to current

2012-10-13 Thread Nicolai
fired? You may need to rewrite some pf rules and familiarize yourself with a few changes, such as the rc.d system, DUIDs, and lots of other improvements. Nicolai

Re: spammers getting less stupid?

2012-11-01 Thread Nicolai
isted - thus working themselves > around the whole premise of greylisting. Lots of spammers use snowshoe hosts now, which run normal MTA software. Nicolai

Re: spammers getting less stupid?

2012-11-02 Thread Nicolai
ective than the Spamhaus zen or sbl-xbl lists by a good margin (remember not to use both, as the former contains the latter). Also it seems that the gulf is widening, making spamd even more valuable than before. But everyone's traffic is different. Nicolai

Re: Replacing Apache with nginx

2012-11-20 Thread Nicolai
x27;', or to the home directory of user in nginx.conf. The -u option disables this behaviour, and returns nginx to the original "unsecure" behaviour. This is the same approach as in OpenBSD's Apache. Don't use the "-u" flag unless you know what you're doing and have an excellent reason. Nicolai

Re: Are pthreads hopeless in 5.0?

2013-01-20 Thread Nicolai
include some of the most common packages and their dependencies, so you can just pkg_add huge swaths destined to /usr/local from the mounted CD. Nicolai

Re: Legal Question: OpenBSD Spin-off

2013-02-09 Thread Nicolai
will still be OpenBSD it will just have a slightly different default > configuration. Consider distributing a shell script instead. Have your users install OpenBSD normally, then run your shell script to do local configuration. Nicolai

Re: bootable OpenBSD USB stick from windows?

2013-02-11 Thread Nicolai
loppy drive, you can rawrite floppy52.fs to a floppy disk. The FTP mirrors have rawrite.exe in /pub/OpenBSD/5.2/tools. Otherwise maybe you could try rawriting bsd.rd to a USB stick. Nicolai

Re: Pre-orders for 5.3

2013-03-25 Thread Nicolai
On Sun, Mar 17, 2013 at 05:13:02PM -0600, wrote: > Pre-orders for 5.3 are activated! Cool, ordered! Love the theme... re-reading the book now. BTW, there's a typo in tshirts.html Nicolai Index: tshi

Re: httpd.conf problem with defaults

2013-04-06 Thread Nicolai
On Fri, Apr 05, 2013 at 02:18:42PM +1100, John Tate wrote: > I'm getting these warnings: What's the output of 'apachectl configtest' ? Nicolai

Re: order site down?

2013-04-13 Thread Nicolai Pick whichever's closest! Nicolai

Re: test tool to load pf rules

2014-06-14 Thread Nicolai
turn code, and then either mv the file to pf.conf and load it upon success, or report an error and exit, leaving the good rules in place. Nicolai

Re: Donations to OpenBSD

2014-08-14 Thread Nicolai
7;s as simple as possible. Nicolai

Re: provide public gpg key(s) by the install-isos

2014-09-08 Thread Nicolai
untrusted comment: openbsd 5.5 base public key RWRGy8gxk9N9314J0gh9U02lA7s8i6ITajJiNgxQOndvXvM5ZPX+nQ9h Nicolai

Re: provide public gpg key(s) by the install-isos

2014-09-08 Thread Nicolai
oment -- and if it happens then perhaps there's more to say on the issue. Nicolai

Re: OT: Old version of CD still available

2014-10-06 Thread Nicolai
omplete your collection. Good luck! Nicolai

Re: OpenBSD DNS/Web Infrastructure

2013-11-19 Thread Nicolai
not say) how you did it and that it works correctly with real OpenBSD machines of various configurations. That will get more attention. Actually this should always be the route for making suggestions. DIY and then show and tell. Nicolai

Re: dnscrypt-proxy

2013-12-31 Thread Nicolai
OpenDNS supports both: DNSCrypt from you to them, and DNSCurve, when available, from their recursive resolvers to remote authoritative servers. > Any help would be greatly appreciated. Install it and see for yourself. :-) Nicolai

Re: Request for Funding our Electricity

2014-01-14 Thread Nicolai
good. I'm super excited about the 5.5 release, which should be the most amazing in years. Options to pay with Paypal, credit card, check... Who else has donated today? Nicolai

OpenNTPD and NTP reflection attacks

2014-01-15 Thread Nicolai
it correct to say that OpenNTPD is immune from generating large amplifications? (Recent articles on the subject mention 100x amplification factors!) Nicolai

Re: NIST-free crypto, autociphering, and libsodium (NaCl)

2014-01-16 Thread Nicolai
a recent Chromium and play with QUIC. Read about MinimaLT. Strong, fast encryption is coming. And I think OpenBSD 5.5 will be light years ahead when it's released in May. Nicolai

Re: OpenBSD war stories for "OpenBSD: your best IT investment" story

2014-01-18 Thread Nicolai
project. Great idea and initiative! Sent you a mail off-list. I'm looking forward to reading what everyone comes up with. Nicolai

Re: APU firmware

2014-04-03 Thread Nicolai
out. To misc@ in general, a friendly word of support for the new BIOS could help (I did): If they hear from other customers there's a reasonable chance of getting the new BIOS. Take a minute and let them know. Nicolai

Re: Fsck_ffs seems to have trashed /usr/local

2022-02-12 Thread Nicolai
sole" from the VULTR dashboard. If the machine is sitting at a fsck prompt, I would do what it suggests. Otherwise if the machine has booted and /usr/local isn't mounted, then run fsck_ffs on its partition. It's hard to tell what state your VM is in. It may be necessary to create a new VM and rsync your files to the new VM. Nicolai

Re: Trusting the Installation

2012-02-28 Thread Nicolai
tial source and ports trees, and loads of packages. Having the official CDs not only funds the project but also saves you a bunch of time on installs and upgrades. Nicolai

Re: rsync screams about read-only filesystem

2012-03-04 Thread Nicolai
non-obfuscated info about your setup 3. Copy and paste the actual commands you typed and their output 4. Tell us what you expected (or hoped) to happen instead. This results in quick success 99% of the time. It's in your best interest to meet us halfway. Nicolai

Re: Ftpd chroot in a user folder name

2012-05-07 Thread Nicolai
directory... so what is the login directory? Is ftpd chrooting to the user's home directory? If so, it is doing exactly what you told it to do. Nicolai

Re: OpenBSD 5.1 i386- ports vs packages

2012-05-13 Thread Nicolai
ne has a 386 CPU. Type this and see for yourself: $ dmesg | grep ^cpu You'll get the best performance by leaving the kernel alone and instead running better software, e.g. a light window manager instead of Gnome, xxxterm instead of Firefox, etc. Nicolai

Documentation for Apache-SSL key creation

2012-05-16 Thread Nicolai
(no linkspam), which works fine with both xxxterm and Firefox. Any problems with this? Nicolai --- faq10.html.orig Tue May 1 09:42:54 2012 +++ faq10.html Wed May 16 14:20:36 2012 @@ -486,7 +486,7 @@ OpenSSL: -# openssl genrsa -out /etc/ssl/private/server.key 1024 +# openssl genrsa -out

Re: puffy copyright infringement?

2012-05-23 Thread Nicolai
explicitly > forbidden in the statement above. Agreed. And it makes me wonder if anything else was ripped off for the game. Microsoft has a contact page here: "Marketplace" seems like the most appropriate contact. Nicolai

Re: spamd greylisting: false positives

2012-05-25 Thread Nicolai
mail... that's just not possible because spamd returns a 4xy/5xy after DATA. There's no reason to narrate when logs tell a better story. Nicolai

Re: Documentation for Apache-SSL key creation

2012-05-25 Thread Nicolai
equivalent to 128-bit symmetric or 256-bit ECC. So RSA-3072 is equivalent to other cryptographic defaults in the system (256-bit ECDSA, 128-bit AES-CTR). 2048 is an acceptable default, and 3072 is preferable IMO. 4096 is expensive... but that's RSA. Nicolai

Re: puffy copyright infringement?

2012-06-10 Thread Nicolai
like, which is explicitly > forbidden in the statement above. Microsoft still hasn't taken this down. Nicolai

Re: ssh tunneling with -D option

2012-07-18 Thread Nicolai
wn. > So, can I use ssh to proxy my http without dsocks or not? Yes, if by http you mean web surfing. Use dsocks for lynx and wget and and use Firefox's built-in options for FF. Nicolai

Re: How to stress (performance?) test my PF rules?

2012-09-22 Thread Nicolai
n't block all of icmp because you're scared of it -- this will break things). You'll get far greater returns. The pf.conf manpage is a Unix treasure and incidentally it explains what you're looking for. Nicolai

Re: spam filtering misc spams

2012-10-08 Thread Nicolai
no longer hitting my inbox. As an aside, it's nice to see someone addressing a problem that's within their realm of control rather than complaining about it to the list. Nicolai

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

2011-04-21 Thread Nicolai
to have hard media around. And on the fun side, the "themes" are highly entertaining. (Who does the artwork? They've got real talent!) The shirts are durable and geeky, can't go wrong there either. Since you're going to get clothes anyway, it just makes sense to get some cool OpenBSD shirts. Nicolai

Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic

2020-04-10 Thread Peter Nicolai Mathias Hansteen
> 10. apr. 2020 kl. 11:51 skrev Martin : > > I'm looking for relatively cheap VPS with OpenBSD installation support and > with ~1Tb of unfiltered traffic. In any words all in/out VPS ports must be > opened by default. > Any recommendations? I would personally recommend the place where bsdly.n

Re: Can openbsd run Linux binaries?

2020-04-11 Thread Peter Nicolai Mathias Hansteen
> 11. apr. 2020 kl. 11:57 skrev Nikita Stepanov : > > Can openbsd run Linux binaries? > No. The legacy Linux emulation support was removed in OpenBSD 6.0, roughly four years ago. I had to look it up, but the removal was even noted in the mainstream IT press -

Re: Virtualbox guest add-ons for OpenBSD?

2020-04-11 Thread Peter Nicolai Mathias Hansteen
> 11. apr. 2020 kl. 11:58 skrev Nikita Stepanov : > > Virtualbox guest add-ons for OpenBSD? > According to , no such addons exist. That said, in my experience OpenBSD in VirtualBox on Linux at least works

Re: Wine for OpenBSD?

2020-04-11 Thread Peter Nicolai Mathias Hansteen
> 11. apr. 2020 kl. 12:15 skrev Nikita Stepanov : > > Wine for OpenBSD? > Oh, OpenBSD goes well with most kinds of wine, just don’t overdo it. Same with beer, liquors as always. All the best, — Peter N. M. Hansteen, member of the first RFC 1149 implementation team

Re: Optimizing pf.conf

2020-05-06 Thread Peter Nicolai Mathias Hansteen
> 6. mai 2020 kl. 22:00 skrev Lars Bonnesen : > > Is it no longer important to group block/pass in/out for speed optimization? > > I see many "modern" pf.conf where everything is mixed more or less randomly My advice would be to write your pf.conf in a way that makes sense in your environment

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > You can save the list of IPs in a table and reload it after a reboot as > described here: I have a similar setup at , only I dump the tables to file and run expiry v

Re: Restore pf tables metadata after a reboot

2020-05-29 Thread Peter Nicolai Mathias Hansteen
> 29. mai 2020 kl. 19:23 skrev Walter Alejandro Iglesias : > Could you summarize here which part of these articles of yours answer my > original question, please? > > For example, this list you share (linked in your article): > > > > It would

Re: Restore pf tables metadata after a reboot

2020-05-30 Thread Peter Nicolai Mathias Hansteen
> 30. mai 2020 kl. 11:54 skrev Walter Alejandro Iglesias : > > The problem is most system administrators out there do very little. If > you were getting spam or attacks from some IP, even if you report the > issue to the respective whois abuse@ address, chances are attacks from > that IP won't

Re: - offline or powered off?

2020-06-27 Thread Peter Nicolai Mathias Hansteen
> 27. jun. 2020 kl. 13:32 skrev Ruslanas Gžibovskis : > > ok, cause I found it on or shth like that. > > is there a way, how to get openbsd tshirts, or just get it on aliexpress > with images of openbsd? There is such a thing as

Re: how to mount phone?

2020-07-14 Thread Peter Nicolai Mathias Hansteen
> 13. jul. 2020 kl. 23:39 skrev Justin Muir : > > Hi, > > Just wishing to mount my phone to access photos. > > Here's the output from dmesg: > > ugen0 at uhub0 port 3 "Alcatel U50? Alcatel U50?" rev 2.00/3.10 addr 2 > > Any ideas on how this might be mounted?? I believe I have at some poin

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

2020-07-21 Thread Peter Nicolai Mathias Hansteen
> 21. jul. 2020 kl. 17:42 skrev marfabastewart : > > pf.conf set state-defaults pflow seemingly not exporting traffic > > My money is on state-defaults working and I just am doing something > wrong, but I can't figure out what it is. > > The sensor's information: > OpenBSD 6.7 (GENERIC.MP) #4:

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

2020-07-21 Thread Peter Nicolai Mathias Hansteen
> 21. jul. 2020 kl. 19:06 skrev Daniel Jakots : >> Your ‘modulate state’ overrides the default. As you have seen, on >> non-default rules you need to add any options explicitly. > > Are you sure? > I have a working (AFAIK) pflow setup and I also have > pass out log on $ext_if proto { tcp, udp }

Re: Microsoft's war on plain text email in open source

2020-08-26 Thread Peter Nicolai Mathias Hansteen
> > “It is a fairly specific workflow that is a challenge for some newer > developers to engage with. As an example, my partner submitted a patch to > OpenBSD a few weeks ago, and he had to set up an entirely new mail client > which didn’t mangle his email message to HTML-ise or do other things

Re: How to split install.wim

2020-09-01 Thread Peter Nicolai Mathias Hansteen
> 2. sep. 2020 kl. 07:33 skrev Predrag Punosevac : > > Hi All, > > I am using my desktop > > predrag@oko$ uname -a > OpenBSD 6.7 GENERIC.MP#5 amd64 > > to create a bootable Windows 10 USB flash drive. It is a paid job > although I would not be surprised that my consent to

The EuroBSDCon 2019 videos are available

2019-10-27 Thread Peter Nicolai Mathias Hansteen
The EuroBSDCon channel at Youtube now has the EuroBSDCon 2019 videos online. The best way to start is with Patricia Aas' excellent Embedded Ethics talk - and just go on. — Peter N. M. Hansteen

Re: Tools for writers

2019-11-02 Thread Peter Nicolai Mathias Hansteen
> 2. nov. 2019 kl. 16:00 skrev Oliver Leaver-Smith : > > What tools do people find useful for writing on OpenBSD? By writing I mean > long form such as novels and technical books, including plot and character > development, outlining, and formatting for publishing (not all the same > applica

Re: The OpenBSD talk at 36c3

2019-12-29 Thread Peter Nicolai Mathias Hansteen
> 29. des. 2019 kl. 13:29 skrev Henry Jensen : > > Summary: There are a lot of claims. The speaker basically said, that > some mitigations are "cool", but other, more or less, useless. > > Further accusations are, that OpenBSD still uses e-mail and cvs and not > more advanced CI tools. > > I ca

Re: Going back to release from current installation p

2019-12-29 Thread Peter Nicolai Mathias Hansteen
> 29. des. 2019 kl. 10:41 skrev > > Hi, > I have done the mistake to go back to release from current. > I thought I'd just reinstall installed packages. But it doesn't work that > way. I do receive error messages like the following for rspamd: > > pkg_add: Unknown element: @so

Re: Hyperbola Gnu Linux changing to Bsd

2019-12-30 Thread Peter Nicolai Mathias Hansteen
[ as always, speaking only for myself but with some years’ experience in the OpenBSD end of things ] > 30. des. 2019 kl. 20:31 skrev SOUL_OF_ROOT 55 : >> >> *This will not be a "distro"*, but a hard fork of the OpenBSD kernel and >> userspace including new code written under GPLv3 and LGPLv3 to

Re: Hardware for Access Point on OpenBSD

2020-01-01 Thread Peter Nicolai Mathias Hansteen
> 1. jan. 2020 kl. 16:54 skrev List : > > Hi *, > I am currently building a home router based upon OpenBSD. > I therefore need some kind of WIFI Hardware. This piece of hardware > needs to be connected over usb. > Do you have any suggestions or recommendations ? As far as I can see > it's pretty

Re: What is you motivational to use OpenBSD

2020-01-11 Thread Peter Nicolai Mathias Hansteen
> 28. aug. 2019 kl. 16:32 skrev Mohamed salah : > > I wanna put something in discussion, what's your motivational to use > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work > fine on openbsd and you love this os so much what will do? > You’ll find a bunch of testimonia

Re: strange dmesg

2020-02-08 Thread Peter Nicolai Mathias Hansteen
> 8. feb. 2020 kl. 11:28 skrev > > Hi, > I have some strange output from dmesg, what could be ? > At the follwoing link I've posted some screenshots: > Is this running on bare metal, or under a hypervisor of some sort? I vaguely re

Call for papers and presentations for EuroBSDCon 2020 (Vienna, AT 2020-09-17 - 202-09-20) is open

2020-02-15 Thread Peter Nicolai Mathias Hansteen
The EuroBSDCon 2020 call for papers and presentations is now open, with submissions accepted until May 24th, 2020. Please see the full call for papers text at for details and instructions on how to subm

Re: Advice on using intrusion detection

2020-11-22 Thread Peter Nicolai Mathias Hansteen
> 22. nov. 2020 kl. 02:02 skrev Predrag Punosevac : > OpenBSD is all about prevention and exploit mitigation. Code simplicity, > correctness, and code audit are all examples of intrusion prevention > methods. They don't sound very sexy :-) If you are super new to OpenBSD > Peter just gave a rea

Re: Security & Compliance - A/V

2020-11-25 Thread Peter Nicolai Mathias Hansteen
> 25. nov. 2020 kl. 23:10 skrev Brogan Beard : > > In the enterprise context, there are often extensive security compliance > rules, which include but are not limited to anti-virus software > requirements. There are, of course, exceptions to these rules but generally > policies drive the techno

Re: pf.conf parser/lint

2020-12-19 Thread Peter Nicolai Mathias Hansteen
> 19. des. 2020 kl. 14:50 skrev Aham Brahmasmi : >>> >> >> Always put your interfaces into groups. Identify based upon the groups. > > In case there are more such simple rules of thumb, could you please > share them? I think that piece of advice is one of the more important ones you’re likel

Re: pf: brute-force ssh defence no longer working in OpenBSD 6.8

2021-01-10 Thread Peter Nicolai Mathias Hansteen
> 10. jan. 2021 kl. 14:47 skrev Steve Fairhead : > > Hi folks, > > I hope I'm just missing something stupid. It's been a while since I deployed > public OpenBSD servers, but I've done plenty. I always use a defence in > pf.conf against brute-force SSH attacks, which has served me well in the

Re: Secure by default

2021-02-13 Thread Peter Nicolai Mathias Hansteen
Hi, > 13. feb. 2021 kl. 20:14 skrev sivasubramanian muthusamy > <>: > > Hello, > > I am an ordinary computer user, installed 6.8 without connecting to > the Internet yet, (a friend and a technical expert recently advised me > in a different context: do not expose your machin

Re: Windows Host

2021-02-23 Thread Peter Nicolai Mathias Hansteen
> 23. feb. 2021 kl. 18:11 skrev Brandon Helsley : > > > I installed OpenBSD on Vbox and when I remove the installation media and > restart this is what returns. All my other BSD vms are working from this > method except for OpenBSD > > Using drive 0, partition 3, > No O/S > - > Anybody can h

The EuroBSDCon 2021 Call for papers is on

2021-03-15 Thread Peter Nicolai Mathias Hansteen
The EuroBSDCon 2021 call for papers is on. See, or go directly to paper submission at if you have your submission ready to go already. See you in Vienna or online depending on the known unknowns! All the best, Peter N. M. Ha

Re: blacklistd analogue

2021-03-24 Thread Peter Nicolai Mathias Hansteen
> 24. mar. 2021 kl. 19:33 skrev jeanpierre > : > > Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon? > > For the sake of completeness: blacklistd is a daemon that, using pf > anchors, blocks connections from abusive hosts to parctiular services > (e.g. sshd) until they star

Re: spamd IPv6 listener 6.9amd64

2021-05-12 Thread Peter Nicolai Mathias Hansteen
> 12. mai 2021 kl. 15:24 skrev Martin : > > Hi list, > > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one. > > Is it possible to set spamd(8) to listen on both IPv4 and IPv6? Unfortunately spamd is IPv4 only. Back in the day (2014ish?, about the time I was finishi

Re: pf: antispoof with dynamic IP address?

2021-05-22 Thread Peter Nicolai Mathias Hansteen
> 22. mai 2021 kl. 17:02 skrev Mogens Jensen : > > > Let's say I'm assigned dynamic IP address from my ISP on > external interface em0. > > antispoof em0 inet > > Expands to: > > block drop in on ! em0 inet from to any > block drop in inet from to any >

Re: pf rules after crash

2021-07-10 Thread Peter Nicolai Mathias Hansteen
> 10. jul. 2021 kl. 05:11 skrev Allan Streib : > > Hi, > > I have a KVM host running OpenBSD 6.9 for a few days. It crashed today for > some reason, and when I logged in and realized the uptime had changed, I > checked the pf rules out of curiosity since I have been experimenting with > pf.

Re: pf state-policy floating to if-bound

2023-06-15 Thread Peter Nicolai Mathias Hansteen
> On 15 Jun 2023, at 16:26, Kapetanakis Giannis > wrote: > After applying some keep state (if-bound) on major rules, I 've already found > a problem. > > pfsync. > > It copies the interface. The interfaces are different on the backup firewall > so the states will not match if I demote maste

Call for Talk and Presentation Proposals for EuroBSDCon 2019 is open

2019-03-14 Thread Peter Nicolai Mathias Hansteen
EuroBSDcon 2019: Lillehammer, Norway The Call for Talk and presentation proposals for EuroBSDCon 2019 is now open. EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference will take place September 19-22 2019 in Lillehammer, Norway. The tutor

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

2019-03-19 Thread Peter Nicolai Mathias Hansteen
> 19. mar. 2019 kl. 20:59 skrev > > I'm trying to run OpenBSD on a Clevo W840SU laptop. After a successful install > and starting the machine the BIOS hangs. That is, when the booting drive is > connected via SATA/mSATA. When connected via USB, it works just fine. Odd. I vagu

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

2019-03-21 Thread Peter Nicolai Mathias Hansteen
> 21. mar. 2019 kl. 22:55 skrev > > Dear Peter and all. > > Unfortunately I celebrated to early it seems. :-/ > > In my last post I described a hack in which I let the OpenBSD partition > start at "sector 0" in order to avoid BIOS hangup. > > When I now tried this way of se

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

2019-03-21 Thread Peter Nicolai Mathias Hansteen
> 22. mar. 2019 kl. 07:16 skrev Peter Nicolai Mathias Hansteen > : >> Dear Peter, can you remember more details how you got OpenBSD to work on that >> Clevo W840-SU by any chance? Did you use SSD or HDD for the booting disk? > > I considered it fairly obvious that I wan

Re: Security of OpenBSD

2019-06-03 Thread Peter Nicolai Mathias Hansteen
> 4. jun. 2019 kl. 00:32 skrev Josef Pospisil : > > Can someone be that kind and explain to me if the whole code of OpenBSD > was checked at least once since the openBSD was founded? That there are > no backholes like i was describing? Code auditing (aka ‘reading the code like the devil reads th

EuroBSDCon 2019 program published

2019-06-08 Thread Peter Nicolai Mathias Hansteen
The EuroBSDCon 2019 program is now available at - all the more reason to come join us at Lillehammer, Norway September 19-22! Registration will start soon. - Peter — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspo

Re: TCP wrapper alternative?

2019-07-09 Thread Peter Nicolai Mathias Hansteen
> 9. jul. 2019 kl. 20:03 skrev Thomas Smith : > > Hi, > > I'm considering an option to evaluate connecting IPs before they're evaluated > by `pf` in order to make some decisions about the "reputation" of a > connecting IP. Then if that reputation is low enough, some action could > either be

Re: Support

2021-09-07 Thread Peter Nicolai Mathias Hansteen
[ redirecting to misc@ which I think is more appropriate ] > 6. sep. 2021 kl. 20:45 skrev Brian O'Loughlin : > > Hi > > I am a fan of the OpenBSD philosophy and execution. > > I have tried to install OpenBSD 6.9 via USB/checksums on a Kingston120gb SSD > and just when the sets have been instal

Re: setting up an email server in a recent version of OpenBSD

2021-09-27 Thread Peter Nicolai Mathias Hansteen
> 27. sep. 2021 kl. 19:42 skrev Teno Deuter : > > Dear group, > > anyone could point to some recent online resources how to setup an email > server in OpenBSD? What I found from Google was a bit thin. So I'm > wondering if I was missing something out there. I think there a re a few. One usef

Re: pf block port scanning

2021-10-09 Thread Peter Nicolai Mathias Hansteen
> 7. okt. 2021 kl. 15:58 skrev Barbaros Bilek : > > Hello misc, > > I try to block port scanning attempts with OpenBSD 6.9/amd64 + PF. > At the top of my pf.conf i've added these lines but it didn't work. > > block in quick proto tcp all flags SF/SFRA label bps1 > block in quick proto tcp all

Re: You have installed OpenBSD. Now for the daily tasks (blog post)

2024-09-02 Thread Peter Nicolai Mathias Hansteen
> On 3 Sep 2024, at 00:11, Andreas Kähäri wrote: > > Tiny correction: The text currently says this: > > For -current or snapshots, syspatch is not really relevant anymore. > Instead you run the sysupgrade command with the -s flag: > > $ doas sysmerge -s > > There's a misma

Re: Syntax error for pf.conf loading during restart.

2025-03-20 Thread Peter Nicolai Mathias Hansteen
> On 20 Mar 2025, at 12:46, Kihaguru Gathura wrote: > > Hello, > > Using parentheses around the interface (from to ($ext_if) port > ssh modulate state) name tells pf to re-resolve the address dynamically > whenever the interface is ready during the reboot giving time for pf rule