Hi,
Was there any bugfixes between 5.0 and 5.1 that would allow certain packets
through the pf filter? I have a case where I cannot block a certain IP on
a 5.0 box. I tested that same IP on an 5.1 box with a spoofer and I found
my same rules to catch, so it's not my logic I don't think.
I tes
will do. Upgrade. Perhaps by next week even. I'll let you know if the
problem persists then, and perhaps I'll even get an OK to share the hardware
data by then.
I understand you can't help me much more, thanks anyways...
Regards,
-peter
> On Mon, Jul 9, 2012 at 12:34 PM,
On Mon, Jul 09, 2012 at 10:21:47PM +0200, Peter Hessler wrote:
> Use 'pfctl -vvss' to see which rule it is matching on. I bet you have a
> rule that matches that traffic.
That was the hint I needed. Thanks! It did cross my mind and I did dump
the states before but I must have missed that IP in
Hi,
I have built some skeleton code (it's ugly) for a proxy for dns based on
my wildcarddnsd. I'm using divert(4) sockets but whenever I put the pf
rules on the reinjection doesn't work for me. Here is my pf rules:
# pfctl -srules
pass all flags S/SA
block drop in on ! lo0 proto tcp from any to
On Tue, Jul 10, 2012 at 09:34:04PM +0200, Peter J. Philipp wrote:
> # pfctl -srules
> pass all flags S/SA
> block drop in on ! lo0 proto tcp from any to any port 6000:6010
> block drop in on re0 inet from to any
> pass in on re0 inet proto udp from any to any port = 53 scrub (re
On Mon, Jul 16, 2012 at 11:01:10PM +0300, Kostas Zorbadelos wrote:
> "Peter J. Philipp" writes:
>
> > I did this rather fast hoping to get it in for someone I know who is being
> > used for a DNS amplifier attack but the final tests broke the hope of
> > stopp
On Fri, Jul 01, 2011 at 10:29:09AM -0300, Christiano F. Haesbaert wrote:
> Thanks a lot, I'll read it with love.
>
> Is there any other alternatives I should know of ?
Hi Christiano,
you don't specify where the IPv4 host is (local network or outside), but I
did some playing with faithd(8) in the
On Thu, Aug 11, 2011 at 10:35:16AM -0600, Jeff Ross wrote:
> I'm logging into a remote server and on the remote end I see this in the
> logs:
>
> 2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address
> 71.37.181.185 maps to heinlein.openvistas.net, but this does not map
> back to the ad
On Thu, Aug 11, 2011 at 11:18:05AM -0600, Jeff Ross wrote:
> >>2011-08-11 10:20:34.701069500 auth.info: sshd[20129]: Address
> >>71.37.181.185 maps to heinlein.openvistas.net, but this does not map
> >>back to the address - POSSIBLE BREAK-IN ATTEMPT!
> Yes, that was it. I'd changed the name of
The new systrace in openssh is great. Good work djm! How would someone go
about putting that into inetd? Since inetd is only 1 root process you can't
attach a child to it. Can you just make a policy without attaching a child
process?
-peter
Hi,
I was wondering if anyone here is using sipgate.de? They have a VPN function
for IPsec for the sipphones and I want to encrypt my traffic to them. If
anyone has a config they use to sipgate and want to share it'd save me an
afternoon of toying with this. I already contacted them and they
On Mon, Aug 29, 2011 at 04:02:17PM -0600, Diana Eichert wrote:
> A search through the misc@ archives would show other people have used
> vpnc to connect to sipgate, most likely related to xauth authentication.
>
> g.day
Super! Thanks a lot eh! I used the config someone posted on this mailing
l
On Tue, May 31, 2011 at 12:51:27PM +0200, Marc Espie wrote:
> People not following development too closely may not be aware of it,
> but we've had a lot of fun with amd64 recently.
>
> Specifically, Ariane committed a new vmmap implementation that tends to
> actually use the 64 bits address space,
On Wed, Aug 18, 2010 at 12:10:47PM +0300, Gregory Edigarov wrote:
> Agreed. That left us to only the choice between sendmail/OpenSMTPD :)
> I would definitelly advise for Opensmtpd, but not yet, at least not
> before the 4.8 rel will be rolled, though in 4.7 it is quite stable,
> and runs perfectly
On Wed, Aug 18, 2010 at 07:00:25PM +0200, Robert wrote:
> On Wed, 18 Aug 2010 11:19:10 +0200
> "Peter J. Philipp" wrote:
> > It works at home too, with a bit of hackery by myself. A while ago I
> > noticed
> > OpenSMTPD didn't deliver to aliases, but I&#
On Wed, Aug 18, 2010 at 08:47:43PM +0200, Robert wrote:
> On Wed, 18 Aug 2010 19:42:09 +0200
> "Peter J. Philipp" wrote:
> > Thanks. I'm trying to interpret that marc archive right. Was it that you
> > had your /etc/mailer.conf not updated to the opensmtpd bin
On Wed, Oct 06, 2010 at 01:14:37PM -0500, Jacob Yocom-Piatt wrote:
> On 10/06/10 00:22, Theo de Raadt wrote:
> >Just for fun.
> >
>
>
> since i don't bother with freebsd much i have to guess this is a result
> of the project being US-based and containing integrated crypto.
I have several small
On Sun, Nov 22, 2009 at 09:20:46PM +0100, Toni Mueller wrote:
> Hi,
>
> for several releases of OpenBSD, I now have encountered the problem
> that I can say "shutdown -r now", or "halt", or "reboot", and nothing
> appears to happen, except for some messages on the associated
> terminals.
>
> Some
I've switched from postfix to opensmtpd. I have a small question. How do
I alias the outgoing domain to the From: address?
Something along the lines of postfix's:
myorigin = $mydomain
Pretend the From is "r...@caliban.solarscale.de" (caliban doesn't exist, but
it's the hostname of this host
Hi,
I see you already bought the book, perhaps an online primer could help you
too. I have dabbled in writing a C primer on Hackepedia at
http://www.hackepedia.org/?title=C_Primer
You can read it, and you can modify it and add other parts if you wish.
The C examples have a line number in front
On Wed, Dec 08, 2010 at 09:23:49AM +0100, LEVAI Daniel wrote:
> I don't remember having a 2GiB filesize limit anywhere near, but the old
> extfs. What am I missing here?
Hi,
I think it is enforced here (in the file /sys/ufs/ext2fs/ext2fs_inode.c:
--
int
ext2fs_setsize(struct inode *ip, u_int64_t
401 - 421 of 421 matches
Mail list logo
