Re: pf state-policy floating to if-bound

> On 15 Jun 2023, at 16:26, Kapetanakis Giannis > wrote: > After applying some keep state (if-bound) on major rules, I 've already found > a problem. > > pfsync. > > It copies the interface. The interfaces are different on the backup firewall > so the states will not match if I demote

Re: pf block port scanning

> 7. okt. 2021 kl. 15:58 skrev Barbaros Bilek : > > Hello misc, > > I try to block port scanning attempts with OpenBSD 6.9/amd64 + PF. > At the top of my pf.conf i've added these lines but it didn't work. > > block in quick proto tcp all flags SF/SFRA label bps1 > block in quick proto tcp all

Re: setting up an email server in a recent version of OpenBSD

> 27. sep. 2021 kl. 19:42 skrev Teno Deuter : > > Dear group, > > anyone could point to some recent online resources how to setup an email > server in OpenBSD? What I found from Google was a bit thin. So I'm > wondering if I was missing something out there. I think there a re a few. One

Re: Support

[ redirecting to misc@ which I think is more appropriate ] > 6. sep. 2021 kl. 20:45 skrev Brian O'Loughlin : > > Hi > > I am a fan of the OpenBSD philosophy and execution. > > I have tried to install OpenBSD 6.9 via USB/checksums on a Kingston120gb SSD > and just when the sets have been

Re: pf rules after crash

> 10. jul. 2021 kl. 05:11 skrev Allan Streib : > > Hi, > > I have a KVM host running OpenBSD 6.9 for a few days. It crashed today for > some reason, and when I logged in and realized the uptime had changed, I > checked the pf rules out of curiosity since I have been experimenting with > pf.

Re: pf: antispoof with dynamic IP address?

> 22. mai 2021 kl. 17:02 skrev Mogens Jensen : > > > Let's say I'm assigned dynamic IP address 192.0.2.5/24 from my ISP on > external interface em0. > > antispoof em0 inet > > Expands to: > > block drop in on ! em0 inet from 192.0.2.0/24 to any > block drop in inet from 192.0.2.5 to any

Re: spamd IPv6 listener 6.9amd64

> 12. mai 2021 kl. 15:24 skrev Martin : > > Hi list, > > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one. > > Is it possible to set spamd(8) to listen on both IPv4 and IPv6? Unfortunately spamd is IPv4 only. Back in the day (2014ish?, about the time I was

Re: blacklistd analogue

> 24. mar. 2021 kl. 19:33 skrev jeanpierre > : > > Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon? > > For the sake of completeness: blacklistd is a daemon that, using pf > anchors, blocks connections from abusive hosts to parctiular services > (e.g. sshd) until they

The EuroBSDCon 2021 Call for papers is on

The EuroBSDCon 2021 call for papers is on. See https://2021.eurobsdcon.org/cfp/, or go directly to paper submission at https://registration.eurobsdcon.org/ if you have your submission ready to go already. See you in Vienna or online depending on the known unknowns! All the best, Peter N. M.

Re: Windows Host

> 23. feb. 2021 kl. 18:11 skrev Brandon Helsley : > > > I installed OpenBSD on Vbox and when I remove the installation media and > restart this is what returns. All my other BSD vms are working from this > method except for OpenBSD > > Using drive 0, partition 3, > No O/S > - > Anybody can

Re: Secure by default

Hi, > 13. feb. 2021 kl. 20:14 skrev sivasubramanian muthusamy > <6.inter...@gmail.com>: > > Hello, > > I am an ordinary computer user, installed 6.8 without connecting to > the Internet yet, (a friend and a technical expert recently advised me > in a different context: do not expose your

Re: pf: brute-force ssh defence no longer working in OpenBSD 6.8

> 10. jan. 2021 kl. 14:47 skrev Steve Fairhead : > > Hi folks, > > I hope I'm just missing something stupid. It's been a while since I deployed > public OpenBSD servers, but I've done plenty. I always use a defence in > pf.conf against brute-force SSH attacks, which has served me well in the

Re: pf.conf parser/lint

> 19. des. 2020 kl. 14:50 skrev Aham Brahmasmi : >>> >> >> Always put your interfaces into groups. Identify based upon the groups. > > In case there are more such simple rules of thumb, could you please > share them? I think that piece of advice is one of the more important ones you’re

Re: Security & Compliance - A/V

> 25. nov. 2020 kl. 23:10 skrev Brogan Beard : > > In the enterprise context, there are often extensive security compliance > rules, which include but are not limited to anti-virus software > requirements. There are, of course, exceptions to these rules but generally > policies drive the

Re: Advice on using intrusion detection

> 22. nov. 2020 kl. 02:02 skrev Predrag Punosevac : > OpenBSD is all about prevention and exploit mitigation. Code simplicity, > correctness, and code audit are all examples of intrusion prevention > methods. They don't sound very sexy :-) If you are super new to OpenBSD > Peter just gave a

Re: How to split install.wim

> 2. sep. 2020 kl. 07:33 skrev Predrag Punosevac : > > Hi All, > > I am using my desktop > > predrag@oko$ uname -a > OpenBSD oko.int.bagdala2.net 6.7 GENERIC.MP#5 amd64 > > to create a bootable Windows 10 USB flash drive. It is a paid job > although I would not be surprised that my consent

Re: Microsoft's war on plain text email in open source

> > “It is a fairly specific workflow that is a challenge for some newer > developers to engage with. As an example, my partner submitted a patch to > OpenBSD a few weeks ago, and he had to set up an entirely new mail client > which didn’t mangle his email message to HTML-ise or do other

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

> 21. jul. 2020 kl. 19:06 skrev Daniel Jakots : >> Your ‘modulate state’ overrides the default. As you have seen, on >> non-default rules you need to add any options explicitly. > > Are you sure? > I have a working (AFAIK) pflow setup and I also have > pass out log on $ext_if proto { tcp, udp }

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

> 21. jul. 2020 kl. 17:42 skrev marfabastewart : > > pf.conf set state-defaults pflow seemingly not exporting traffic > > My money is on state-defaults working and I just am doing something > wrong, but I can't figure out what it is. > > The sensor's information: > OpenBSD 6.7 (GENERIC.MP)

Re: how to mount phone?

> 13. jul. 2020 kl. 23:39 skrev Justin Muir : > > Hi, > > Just wishing to mount my phone to access photos. > > Here's the output from dmesg: > > ugen0 at uhub0 port 3 "Alcatel U50? Alcatel U50?" rev 2.00/3.10 addr 2 > > Any ideas on how this might be mounted?? I believe I have at some

Re: Openbsdstore.com - offline or powered off?

> 27. jun. 2020 kl. 13:32 skrev Ruslanas Gžibovskis : > > ok, cause I found it on openbsd.org/tshirt or shth like that. > > is there a way, how to get openbsd tshirts, or just get it on aliexpress > with images of openbsd? There is such a thing as https://teespring.com/stores/openbsd

Re: Restore pf tables metadata after a reboot

> 30. mai 2020 kl. 11:54 skrev Walter Alejandro Iglesias : > > The problem is most system administrators out there do very little. If > you were getting spam or attacks from some IP, even if you report the > issue to the respective whois abuse@ address, chances are attacks from > that IP won't

Re: Restore pf tables metadata after a reboot

> 29. mai 2020 kl. 19:23 skrev Walter Alejandro Iglesias : > Could you summarize here which part of these articles of yours answer my > original question, please? > > For example, this list you share (linked in your article): > > https://home.nuug.no/~peter/pop3gropers_full.txt > > It would

Re: Restore pf tables metadata after a reboot

> 28. mai 2020 kl. 19:09 skrev Bruno Flueckiger : > > > You can save the list of IPs in a table and reload it after a reboot as > described here: https://www.bsdhowto.ch/savepftables.html I have a similar setup at bsdly.net , only I dump the tables to file and run expiry

Re: Optimizing pf.conf

> 6. mai 2020 kl. 22:00 skrev Lars Bonnesen : > > Is it no longer important to group block/pass in/out for speed optimization? > > I see many "modern" pf.conf where everything is mixed more or less randomly My advice would be to write your pf.conf in a way that makes sense in your

Re: Wine for OpenBSD?

> 11. apr. 2020 kl. 12:15 skrev Nikita Stepanov : > > Wine for OpenBSD? > Oh, OpenBSD goes well with most kinds of wine, just don’t overdo it. Same with beer, liquors as always. All the best, — Peter N. M. Hansteen, member of the first RFC 1149 implementation team

Re: Virtualbox guest add-ons for OpenBSD?

> 11. apr. 2020 kl. 11:58 skrev Nikita Stepanov : > > Virtualbox guest add-ons for OpenBSD? > According to https://www.virtualbox.org/wiki/Guest_OSes , no such addons exist. That said, in my experience OpenBSD in VirtualBox on Linux at least

Re: Can openbsd run Linux binaries?

> 11. apr. 2020 kl. 11:57 skrev Nikita Stepanov : > > Can openbsd run Linux binaries? > No. The legacy Linux emulation support was removed in OpenBSD 6.0, roughly four years ago. I had to look it up, but the removal was even noted in the mainstream IT press -

Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic

> 10. apr. 2020 kl. 11:51 skrev Martin : > > I'm looking for relatively cheap VPS with OpenBSD installation support and > with ~1Tb of unfiltered traffic. In any words all in/out VPS ports must be > opened by default. > Any recommendations? I would personally recommend the place where

Call for papers and presentations for EuroBSDCon 2020 (Vienna, AT 2020-09-17 - 202-09-20) is open

The EuroBSDCon 2020 call for papers and presentations is now open, with submissions accepted until May 24th, 2020. Please see the full call for papers text at https://2020.eurobsdcon.org/call-for-papers/ for details and instructions on how to

Re: strange dmesg

> 8. feb. 2020 kl. 11:28 skrev whistlez...@riseup.net: > > Hi, > I have some strange output from dmesg, what could be ? > At the follwoing link I've posted some screenshots: > https://postimg.cc/gallery/1o4wsaw74/ Is this running on bare metal, or under a hypervisor of some sort? I vaguely

Re: What is you motivational to use OpenBSD

> 28. aug. 2019 kl. 16:32 skrev Mohamed salah : > > I wanna put something in discussion, what's your motivational to use > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work > fine on openbsd and you love this os so much what will do? > You’ll find a bunch of

Re: Hardware for Access Point on OpenBSD

> 1. jan. 2020 kl. 16:54 skrev List : > > Hi *, > I am currently building a home router based upon OpenBSD. > I therefore need some kind of WIFI Hardware. This piece of hardware > needs to be connected over usb. > Do you have any suggestions or recommendations ? As far as I can see > it's pretty

Re: Hyperbola Gnu Linux changing to Bsd

[ as always, speaking only for myself but with some years’ experience in the OpenBSD end of things ] > 30. des. 2019 kl. 20:31 skrev SOUL_OF_ROOT 55 : >> >> *This will not be a "distro"*, but a hard fork of the OpenBSD kernel and >> userspace including new code written under GPLv3 and LGPLv3 to

Re: Going back to release from current installation p

> 29. des. 2019 kl. 10:41 skrev n...@web.de: > > Hi, > I have done the mistake to go back to release from current. > I thought I'd just reinstall installed packages. But it doesn't work that > way. I do receive error messages like the following for rspamd: > > pkg_add: Unknown element: @so

Re: The OpenBSD talk at 36c3

> 29. des. 2019 kl. 13:29 skrev Henry Jensen : > > Summary: There are a lot of claims. The speaker basically said, that > some mitigations are "cool", but other, more or less, useless. > > Further accusations are, that OpenBSD still uses e-mail and cvs and not > more advanced CI tools. > > I

Re: Tools for writers

> 2. nov. 2019 kl. 16:00 skrev Oliver Leaver-Smith : > > What tools do people find useful for writing on OpenBSD? By writing I mean > long form such as novels and technical books, including plot and character > development, outlining, and formatting for publishing (not all the same >

The EuroBSDCon 2019 videos are available

The EuroBSDCon channel at Youtube https://www.youtube.com/channel/UCO570reC1zAvYbwIU9ubGGw now has the EuroBSDCon 2019 videos online. The best way to start is with Patricia Aas' excellent Embedded Ethics talk - https://www.youtube.com/watch?v=HfNIiitVFtc and just go on. — Peter N. M.

Re: TCP wrapper alternative?

> 9. jul. 2019 kl. 20:03 skrev Thomas Smith : > > Hi, > > I'm considering an option to evaluate connecting IPs before they're evaluated > by `pf` in order to make some decisions about the "reputation" of a > connecting IP. Then if that reputation is low enough, some action could > either be

EuroBSDCon 2019 program published

The EuroBSDCon 2019 program is now available at https://2019.eurobsdcon.org/program/ - all the more reason to come join us at Lillehammer, Norway September 19-22! Registration will start soon. - Peter — Peter N. M. Hansteen, member of the first RFC 1149 implementation team

Re: Security of OpenBSD

> 4. jun. 2019 kl. 00:32 skrev Josef Pospisil : > > Can someone be that kind and explain to me if the whole code of OpenBSD > was checked at least once since the openBSD was founded? That there are > no backholes like i was describing? Code auditing (aka ‘reading the code like the devil reads

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

> 22. mar. 2019 kl. 07:16 skrev Peter Nicolai Mathias Hansteen > : >> Dear Peter, can you remember more details how you got OpenBSD to work on that >> Clevo W840-SU by any chance? Did you use SSD or HDD for the booting disk? > > I considered it fairly obvious that

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

> 21. mar. 2019 kl. 22:55 skrev fink...@dismail.de: > > Dear Peter and all. > > Unfortunately I celebrated to early it seems. :-/ > > In my last post I described a hack in which I let the OpenBSD partition > start at "sector 0" in order to avoid BIOS hangup. > > When I now tried this way of

Re: OpenBSD 6.5 on Clevo W840SU: BIOS hangs when booted via (m)SATA

> 19. mar. 2019 kl. 20:59 skrev fink...@dismail.de: > > I'm trying to run OpenBSD on a Clevo W840SU laptop. After a successful install > and starting the machine the BIOS hangs. That is, when the booting drive is > connected via SATA/mSATA. When connected via USB, it works just fine. Odd. I

Call for Talk and Presentation Proposals for EuroBSDCon 2019 is open

EuroBSDcon 2019: Lillehammer, Norway The Call for Talk and presentation proposals for EuroBSDCon 2019 is now open. EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference will take place September 19-22 2019 in Lillehammer, Norway. The