Re: pf 'synproxy state' broke for me with 5.0 - 5.1 upgrade
Hi try : pass in on $ext_if proto tcp to $ext_ip port imap synproxy state @plus 2012/7/24 LEVAI Daniel l...@ecentrum.hu Hi! I've upgraded two 5.0 boxes to 5.1, and noticed that my long standing pf rules with 'synproxy state' stopped working. This is an example: block all [...] antispoof quick for $ext_if [...] pass in on $ext_if inet proto tcp from any to $ext_ip port imap \ synproxy state \ (source-track rule, max-src-nodes 150, max-src-states 50, \ max-src-conn-rate 50/1, overload abuse_imap) \ queue imap [...] With this rule I only get a TCP reset [1] in response to a connection to the imap port. I can safely fix this by replacing 'synproxy' with 'keep', but I've remained curious about why doesn't the old rule working (not just with imap, but with all the other services too, eg.: ssh, http, smtp, etc...). If someone could enlighten me about this issue, I'd be grateful (I didn't find anything regarding this on upgrade51.html). I can provide the full pf ruleset if needed, but I must massage it first... [1] Jul 24 09:17:35.429490 client.2245 ext_ip.143: S 2258140835:2258140835(0) win 65535 mss 1452,nop,nop,sackOK (DF) Jul 24 09:17:35.429566 ext_ip.143 client.2245: S 1742119500:1742119500(0) ack 2258140836 win 0 mss 1452 (DF) [tos 0x10] Jul 24 09:17:35.450975 client.2245 ext_ip.143: . ack 1 win 65535 (DF) Jul 24 09:17:35.450997 ext_ip.143 client.2245: R 2552847796:2552847796(0) ack 1543259791 win 0 (DF) [tos 0x10] Thanks, Daniel -- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Broken pfctl ..... ? I not understand my
HI I'm problem with pfctl and the syntax. Line error is : *block in quick on msk0 proto tcp port ssh* * pfctl -nf /etc/pf.conf * is broken, no exit My book is update is 15/05/2012, the site web update is 19/05/2012. One soluce, please ? Cordialy
I need your comeback with reverse-proxy
Hi For protected my server web, I'm use one reverse-proxy. Two good choice : choice 1 : Varnish choice 2 : Nginx My webserver is Yaws. Depending on your returns, the best couple is Yaws- Varnish or Yaws-Nginx. Actuces and thank you for your feedback. Cordialy
Antimalware for server mail and filesystems protect
Hi all I'm searching one soluce for protected my data ... . I'm look Clamav ( it's a good idea ?), ESET is good antimalware for BSD. You soluce and hack, help please. Cordialy
Re: new song released: sonate aux insomniaques
I'm sorry, I'm prefered the tee-shirt . Le 1 avril 2012 19:49, Alexandre Ratchov a...@caoua.org a icrit : Today we are releasing the second extra song which can be found on the 11-release celebration audio CD. It is called Sonate aux insomniaques. Amongst the MP3 and the OGG files, you can find a short description of it at: http://www.openbsd.org/lyrics.html#audio_extra51b and few details on how the song was produced at: http://undeadly.org/cgi?action=articlesid=20120401171457 Of course, the best version of the song is on the audio CD :) You can order it by following the link below: https://https.openbsd.org/cgi-bin/order?CDA1=2CDA2%2b=Add -- Alexandre
Re: new song released: sonate aux insomniaques
Re Bug Busters is very good, cool and crazy :). Le 2 avril 2012 09:44, Gilles Chehade gil...@poolp.org a icrit : You, sir, have no taste :-) Perfect music for hacking Gilles On Mon, Apr 02, 2012 at 09:05:59AM +0200, hvom .org wrote: I'm sorry, I'm prefered the tee-shirt . Le 1 avril 2012 19:49, Alexandre Ratchov a...@caoua.org a icrit : Today we are releasing the second extra song which can be found on the 11-release celebration audio CD. It is called Sonate aux insomniaques. Amongst the MP3 and the OGG files, you can find a short description of it at: http://www.openbsd.org/lyrics.html#audio_extra51b and few details on how the song was produced at: http://undeadly.org/cgi?action=articlesid=20120401171457 Of course, the best version of the song is on the audio CD :) You can order it by following the link below: https://https.openbsd.org/cgi-bin/order?CDA1=2CDA2%2b=Add -- Alexandre -- Gilles Chehade https://www.poolp.org | http://pool.ps @poolpOrg
Re: Phone openBSD ?
Hi No geek and hacker, run open in the phone ? Best regards 2011/11/29 hvom .org hvom@gmail.com Hi I want a smartphone compatible openbsd, you return with the Nokia N7 and E7. best regards
Phone openBSD ?
Hi I want a smartphone compatible openbsd, you return with the Nokia N7 and E7. best regards
DNS Google ?
Hi DNS Google NS 1 : 8.8.8.8NS 2 : 8.8.4.4 Good alternative or Bad alternative ? Best regards
Certificat AES or Camelia
Hi all I'm search one soluce for my server and for a the best performance ssl. Low ressources and speed performance Best regards
Sparc Openbsd install
Hi all I'm one server sunfire V100 for 10$, i'm look list hardware openbsd is good, v100 is supported. I'm not installed, no VGA, no CD, four ethernet. Help me, install OpenBSD please ? Tanks !
Adress private and PF
Hi all I'm one IP private, i'm block IP no-route with PF. PF block my IP. it's very good and very bad :) :( My IP is type : 10.0.0.0/8. I'm made table with the man 4.9. Would you, one soluce for my problem, please. Cordialy
Problem pf 4.9 ( grrrrr )
Hi I very problem with packet-filter OpenBSD 4.9 ! I read in /etc/pf.conf : scrub in all syntax error scrub in syntax error match in all scrub syntax error scrub in all on $re0 syntax error I become crazy, help me please !!!
Reverse-proxy PF ?
Hi all I look the doc, ftp-proxy, no reverse-proxy PF ?. Varnish, ultimate soluce ? Cordialy
ARM or SPARC ?
Hi all I need best performance processor, I used firewall and rountig/load-balancing. I look models ARM and SPARC, ARM it's the best SPARC. The machin turned OpenBSD 4.9. Tank you for help Cordialy