Re: No Blob without Puffy
Please take this up on lists where it is more relevant. OpenBSD is not going to participate in a campaign that calls non-free things free. We don't tell lies like the other BSD's do. On Mon, Mar 19, 2007 at 06:04:12PM +0100, Ingo Schwarze wrote: Hi Pawel, Pawel Jakub Dawidek schrieb am Mon, Mar 19, 2007 at 03:02:47PM +0100: On Fri, Mar 16, 2007 at 12:38:05PM -0600, Theo de Raadt wrote: So isn't it rather hypocritical to have a anti-Blob campaign, backed by projects which embrace the Blob? So isn't it rather hypocritical to claim GPL license is bad and BSD license is good and ship operating system with GPLed code? How do you feel about having pro-GPL operating system? Why do you lie to your users by having 'BSD' in operating system's name? Your analogy does not apply at all: [...] Unfortunately you miss the point of my analogy. We have GPLed code. We would like to get rid of it, but this is not possible just yet. Does that automatically means that we are pro-GPL? That we lie having 'BSD' in OS name? No, it means this is one of our goals, it is just not high priority and we don't feel guilty. This is how it is. The same for binary-only drivers. We would love to have everything open-source, but this is not possible currently. We want to move in this direction, of course, but we also want our users to use their hardware, to have stable, scalable OS, etc. I'm one of those users with my atheros-based wireless card I'm using right now. I know what I'm doing. I don't feel less safe. I don't audit every single driver I use. And I'm happy to use OS which gives me the choice. Hearing all those insults from Theo about all those great BSD people is just sad. Sam Leffler is one of the most valuable open-source developers in the history of BSD and UNIX in general, keep that in mind. I just can't belive how easy people forget about all this. Ah, right, this is called fanaticism. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [demime 1.01d removed an attachment of type application/pgp-signature]
Re: No Blob without Puffy
On Mon, Mar 19, 2007 at 05:43:19PM +0100, Timo Schoeler wrote: in the sense of freedom, FreeBSD (among others) is a ultra-cheap whore, as this fat pengiun is. Hehe:) As Borat use to say very nice:) The problem is that in world's history the worst and the biggest source of evilness ever is fanaticism (religious, political and now what? software?). -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [demime 1.01d removed an attachment of type application/pgp-signature]
A request for your input.
Hello My name is Lara Thynne and I am a PhD candidate at Deakin University Australia. I am currently researching the boundary between work and leisure activities directly related to the open source community and open source program development. As part of this I am running a survey at the following address. https://dcarf.deakin.edu.au/surveys/oss/ The survey is completely confidential and looks at your views and motivations to use Open Source software and to participate in the community. It will only take a five to ten minutes to complete and your contact details will not be recorded. You can withdraw your participation at any stage. I sincerely apologize for the spammish nature of this e-mail - I don't mean to abuse this list. I am trying to collect responses from as many open source developers and users as possible and a mailing list like can be the only way to reach many developers. Thanks again Lara P.S The program that I am using is open source, of course (www.phpsurveyor.org)!
Re: strange output on openbsd C code
On Mon, 19 Mar 2007, Matthew R. Dempsky wrote: On Mon, Mar 19, 2007 at 09:55:04PM -0400, Paul D. Ouderkirk wrote: And because I love to reply to myself, if I compile it with -O3, I can reproduce your results: -O3 enables -fstrict-aliasing, which this program violates. The man page explains in more detail. Yep, it's a bit sad to see all the attempts at explaining the bug. But this one hits the mark. Additionally, while stock gcc enables -fstrict-aliasing with -O2, on OpenBSD -fstrict-aliasing is not enabled with -O2, since experience shows violations of pointer aliasing rules are seen a lot in the wild. See man gcc-local: - The -O2 option does not include -fstrict-aliasing, as this option causes issues on some legacy code. -fstrict-aliasing is very unsafe with code that plays tricks with casts, bypassing the already weak type system of C. So don't play tricks like that unless you really understand the issues involved. -Otto
Re: No Blob without Puffy
On Mon, Mar 19, 2007 at 06:04:12PM +0100, Ingo Schwarze wrote: Hi Pawel, Pawel Jakub Dawidek schrieb am Mon, Mar 19, 2007 at 03:02:47PM +0100: On Fri, Mar 16, 2007 at 12:38:05PM -0600, Theo de Raadt wrote: So isn't it rather hypocritical to have a anti-Blob campaign, backed by projects which embrace the Blob? So isn't it rather hypocritical to claim GPL license is bad and BSD license is good and ship operating system with GPLed code? How do you feel about having pro-GPL operating system? Why do you lie to your users by having 'BSD' in operating system's name? Your analogy does not apply at all: [...] Unfortunately you miss the point of my analogy. We have GPLed code. We would like to get rid of it, but this is not possible just yet. Does that automatically means that we are pro-GPL? That we lie having 'BSD' in OS name? No, it means this is one of our goals, it is just not high priority and we don't feel guilty. This is how it is. The same for binary-only drivers. We would love to have everything open-source, but this is not possible currently. We want to move in this direction, of course, but we also want our users to use their hardware, to have stable, scalable OS, etc. I'm one of those users with my atheros-based wireless card I'm using right now. I know what I'm doing. I don't feel less safe. I don't audit every single driver I use. And I'm happy to use OS which gives me the choice. Hearing all those insults from Theo about all those great BSD people is just sad. Sam Leffler is one of the most valuable open-source developers in the history of BSD and UNIX in general, keep that in mind. I just can't belive how easy people forget about all this. Ah, right, this is called fanaticism. -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! [demime 1.01d removed an attachment of type application/pgp-signature]
Re: No Blob without Puffy
What a steaming pile, On Tue, Mar 20, 2007 at 08:07:19AM +0100, Pawel Jakub Dawidek wrote: On Mon, Mar 19, 2007 at 06:04:12PM +0100, Ingo Schwarze wrote: [...] Unfortunately you miss the point of my analogy. We have GPLed code. We would like to get rid of it, but this is not possible just yet. Does that automatically means that we are pro-GPL? That we lie having 'BSD' in OS name? No, it means this is one of our goals, it is just not high priority and we don't feel guilty. This is how it is. The same for I don't know how this involves GPL at all, the two issues have nothing at all to do with each other. One can still read the GPL code, one can still distribute GPL code with some annoying restrictions, a blob is an entirely different matter. binary-only drivers. We would love to have everything open-source, but this is not possible currently. We want to move in this direction, of course, but we also want our users to use their hardware, to have stable, scalable OS, etc. I'm one of those users with my atheros-based Please you imply that one cannot have a functional system without using blobs, which is patently false. By choosing to use blobs, your project is actively hindering the development of proper drivers, and as such should be called on it. wireless card I'm using right now. I know what I'm doing. I don't feel less safe. I don't audit every single driver I use. And I'm happy to use OS which gives me the choice. Hearing all those insults from Theo about all those great BSD people is just sad. Sam Leffler is one of the most valuable open-source developers in the history of BSD and UNIX in general, keep that in mind. I just can't belive how easy people forget about all this. Ah, right, this is called fanaticism. Whining, name calling grow up.
Re: No Blob without Puffy
On Mon, 2007-03-19 at 10:54 -0500, Matthew Weigel wrote: No, there's not a difference. Theo said he was willing to take the emails public; this Daniel guy took him at his word, and made them public. The only foul I see is Theo threatening to take Daniel's emails public in the first place. I disagree. I think it was appropriate in this case to show the world exactly how hypocritical this supposed no blob campaign really is. Sometimes sunlight really is the best disinfectant. It wouldn't have been the first time Theo published e-mails; from what I have observed, he doesn't do so without good cause. -- Shawn K. Quinn [EMAIL PROTECTED]
is the Thinkpad T30 supported?
Hello. I am looking for a laptop to replace my old, but excellent, Dell Latitude CPi R400GT (this computer has a broken hinge right now). The OpenBSD/i386 laptop page (http://www.openbsd.org/i386-laptop.html) has a lot of information on Thinkpads (from the earliest models to the most recent units), but the Thinkpad T30 is missing. I would like to buy one, or two, used (better surplus) units of the Thinkpad laptops (T23, T30, and T40 up to T43p are being considered). Sadly, it is not easy to get a unit of these models and I need to see what is available for sale and choose a machine that is not broken. Is the T30 as well supported as the T23 and T40-T43p Thinkpads? I just want to make sure that any T23-T43p is right for OpenBSD (I know that the Lucent Technologies softmodem available on some units is not supported... I cannot understand how Lucent Technologies made these proprietary devices). Cheers, Igor.
Re: No Blob without Puffy
On Tue, 20 Mar 2007 03:54:41 -0400, Gordon Willem Klok wrote: I'm one of those users with my atheros-based wireless card I'm using right now. I know what I'm doing. I don't feel less safe. I don't audit every single driver I use. And I'm happy to use OS which gives me the choice. I'm one of the other users with an atheros wireless card in an IBM Thinkpad I'm using right now on another desk. And I know what I'm doing and I feel really safe because I'm happily using an OS which really gives me lots of choice and doesn't force blobs down my throat. OpenBSD. BTW the fact that some people are great programmers doesn't mean that they are great judges of ethics or art or politics or anything outside their area of expertise. Judging their nous about other subjects by their code is like taking corporate investment advice from a teenage rockstar. That comment doesn't imply that they cannot have any other skills like being clueful about really open code. It is just the case that you cannot imply it where no evidence exists. R/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: OpenBGPD and private-as
On Mon, Mar 19, 2007 at 04:25:25PM +, Jon Morby wrote: Might be a dumb question, but what's the equivalent of neighbor ip address remove-private-as in OpenBGPD I've just noticed we're advertising prefixes 65xxx to our upstream providers when we should be stripping them from our advertisements. OpenBGPD can not strip AS numbers from AS pathes at the moment. Is it enough to remove only one particular AS or do you realy need to use the heavy artillery? -- :wq Claudio
Re: strange output on openbsd C code
On 2007/03/19 19:12, Gustavo Rios wrote: I am writing a very simple program but the output change for the c variable value change every time i run it. It doesn't do this on any system I've tried it on - i386, amd64: x:8589934593 0,1:1,2 c:2 sparc64: x:8589934593 0,1:2,1 c:2
Re: PF: Redirect traffic to server in public internet
On 2007/03/19 09:33, Matiss Miglans wrote: Maybe this is newbie question, but i cant find answer. What I do wrong, or maybe that is impossible ? http://www.openbsd.org/faq/pf/rdr.html Redirection and reflection applies here. One of the methods given there is probably suitable. In 4.1, you will have another choice: hoststated.
Re: NOOP and Spamd
On 2007/03/19 20:39, Lyndon Nerenberg wrote: You will also find the command sequence RSET+NOOP used to delimit transactions when an SMTP client reuses an established SMTP session to send multiple messages. That (reusing an established session) won't happen whilst talking to spamd.
Re: Is OpenBSD VuXML broken?
On 3/19/07, Markus Bergkvist [EMAIL PROTECTED] wrote: http://flirble.disruptiveproactivity.com/rss/ Thanks a million Markus :-) Kind Regards Siju
passing to inside interface
this is on OpenBSD 4.0 Generic I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping from outside i can hit the shadow server, ssh, ping, etc from outside i can not hit the firewall with anything, ssh, ping, etc from inside i can hit the firewall with pings from inside i can not hit the firewall with ssh xl0 and xl1 are in a bridge together xl0 faces the rest of the network xl1 is set up as a transparent fireall for the 192.168.25.0/24 network xl0 has no ip address xl1 has an ip of 192.168.25.253/24 switch1 ip 192.168.25.1 switch2 ip 192.168.25.253 switch1 - firewall1 - switch2 - ext_if=xl0 int_if=xl1 set block-policy drop set skip on lo0 #set loginterface xl0 block return in on $ext_if from any to any block drop in on $int_if from any to any #allow management #firewall pass in on $ext_if from any to 192.168.25.253 #switch pass in on $ext_if from any to 192.168.25.252 pass in on $int_if from 192.168.25.252 to any #allow shadow pass in on $ext_if from any to 192.168.25.201 pass in on $int_if from 192.168.25.201 to any -- -Lawrence
Re: No Blob without Puffy
Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! It is right there in the signature.
Re: OpenBGPD and private-as
On 20 Mar 2007, at 10:03, Claudio Jeker wrote: On Mon, Mar 19, 2007 at 04:25:25PM +, Jon Morby wrote: Might be a dumb question, but what's the equivalent of neighbor ip address remove-private-as in OpenBGPD I've just noticed we're advertising prefixes 65xxx to our upstream providers when we should be stripping them from our advertisements. OpenBGPD can not strip AS numbers from AS pathes at the moment. Is it enough to remove only one particular AS or do you realy need to use the heavy artillery? Well was hoping there would be a catch all ... but removal of individual ones that we know about is fine ... until we find one we don't know about :) -- :wq Claudio
Re: passing to inside interface
On 2007/03/20 04:41, Lawrence Horvath wrote: I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping You don't pass out anything, either directly or via keep state. Also see the Notes section of bridge(4).
Re: No Blob without Puffy
Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! It is right there in the signature. Come on Marco, real evil persons do not need to brag about it in their signature. He's, at best, a misguided minor evil. Miod
adding X11 libraries after the fact
I excluded X11 from an installation of OpenBSD 4.0 and now find that some packages I would use seem to depend on some of the X11 libraries. What is the best way to resolve package dependencies and/or install X11? I recall in the installation there were some sets that could be chosen. Or else, how can that process be revisited without going through the whole install? -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: passing to inside interface
On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 04:41, Lawrence Horvath wrote: I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping You don't pass out anything, either directly or via keep state. Also see the Notes section of bridge(4). then why can i get to the servers on the inside of the FW they dont have pass out, or keep state either? -- -Lawrence -Student ID 1028219 -CCNA
Re: OpenBSD speed on desktops
On Mon, Mar 19, 2007 at 03:59:06PM +0100, Karel Kulhavy wrote: I have also a feeling that deleting huge files or large directories with loads of tiny files in subdirectories is slower. I have a different feeling. /t -- Tell me about your mother.
Re: adding X11 libraries after the fact
On 3/20/07, Lars D. Noodin [EMAIL PROTECTED] wrote: I excluded X11 from an installation of OpenBSD 4.0 and now find that some packages I would use seem to depend on some of the X11 libraries. What is the best way to resolve package dependencies and/or install X11? I believe this is covered in the FAQ..but you can simply boot an install cd. Also check the archives for misc@ Regards, Jason
Re: No Blob without Puffy
I second that. danno -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chefren Sent: Monday, March 19, 2007 7:34 PM To: misc@openbsd.org Subject: Re: No Blob without Puffy On 3/19/07 4:48 PM, Marco Peereboom wrote: You are so uninformed that it isn't even funny to pick on you. Karel clocks on the wrong edge and is by far the worst educated asocial asshole I have met on this list. +++chefren
Re: adding X11 libraries after the fact
On Tue, Mar 20, 2007 at 09:37:04AM -0400, Lars D. Nood??n wrote: I recall in the installation there were some sets that could be chosen. Or else, how can that process be revisited without going through the whole install? http://www.openbsd.org/faq/faq4.html#AddFileSet -- stefan http://stsp.in-berlin.de PGP Key: 0xF59D25F0
Re: adding X11 libraries after the fact
On Tue, Mar 20, 2007 at 09:37:04AM -0400, Lars D. Nood??n wrote: I excluded X11 from an installation of OpenBSD 4.0 and now find that some packages I would use seem to depend on some of the X11 libraries. What is the best way to resolve package dependencies and/or install X11? I recall in the installation there were some sets that could be chosen. Or else, how can that process be revisited without going through the whole install? FAQ 4.10, Adding a fileset after install is what you're looking for. Here's a handy link: http://openbsd.rt.fm/faq/faq4.html#AddFileSet
Re: No Blob without Puffy
On 3/20/07, Daniel Ouellet [EMAIL PROTECTED] wrote: This discussion is for the most part not going anywhere and looks like dirty laundry between various party. Yes. I already post proof on this list a few months ago of how bad BLOB are with proof that if push to shove, I would argue that even the stock exchange commission might be interested to know in some cases. You mean this right: http://archives.neohapsis.com/archives/openbsd/2006-04/1157.html ? In my own case, I discover in my expensive commercial product purchase a few years ago and fully licenses with yearly 20% purchase price recurring support cost on it, that without my knowledge and even my explicit agreement, that private informations were send to that company each night! When raise hell on it, was send left and right with no clear answer, but keeping pushing was told that it will be disable in my license. Now a few months later, after all daily data is block, I get from that same company emails saying To ensure your * platform is performing properly, .. to view the performance of your system. You will be contacted . Support engineer to access your respective system to capture performance data. Now tell me. Are they really interested in making sure my systems are working properly??? Draw your own conclusions? My gosh, what company is this? There's no reason to protect them, tell us. -Nick
Découvrez toutes les nouveautés pour stimuler vos ventes et augmenter votre CA. Obtenez un devis en 48 Heures
Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez ici. [IMAGE] GESTION D'ENTREPRISE MARKETING ET COMMUNICATION NOUVELLES TECHNOLOGIES GESTION DU PERSONNEL LOGISTIQUE ET EQUIPEMENT VEHICULES ET UTILITAIRES BOUTIQUE EN LIGNE [IMAGE] A LA RECHERCHE D'UN PRESTATAIRE ? TROUVEZ LE BON PRESTATAIRE EN QUELQUES CLICS AVEC LE GUIDE DES PRESTATAIRES. POUR TOUS VOS PROJETS D'ACHATS, D'IQUIPEMENTS OU DE CHOIX STRATIGIQUES DANS LA GESTION DE VOTRE ENTREPRISE. NE PERDEZ PLUS DE TEMPS @ RECHERCHER UN PRESTATAIRE OU UN FOURNISSEUR ! RECEVEZ VOTRE DEVIS EN 48 HEURES. NOS CONSEILLERS SONT A VOTRE DISPOSITION DU LUNDI AU VENDREDI DE 09H A 18 H POUR VOUS RENSEIGNER ET VOUS ORIENTER DANS LE CHOIX DE VOS PRESTATAIRES. [IMAGE] PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7 LE SITE DU GUIDE DES PRESTATAIRES :www.guidedesprestataires.com LES INCONTOURNABLES Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous L\'e-mailing ` la portie des petites entreprises! L'emailing est aujourd'hui l'outil de communication le plus puissant du marchi . Il vous permet de toucher directement en un temps riduit votre cible de prospects ou clients ! Optimisez vos envois d'e-mailing avec une solution professionnelle! SERVIPHONY est un centre d\'appels international pour toutes vos missions de tilimarketing ! Centre d'appel international, SERVIPHONY est prisent dans le monde pour rialiser vos opirations marketing par tiliphone aussi bien en imission d'appels qu'en riception d'appels. Un professionnel ` votre icoute ! Vos cadeaux d\'affaires, calendriers et objets publicitaires. Incitez vos prospects ` passer commande chez vous en ichange d'un cadeau d'affaire! Fidilisez votre clienthle, motivez vos employis grbce ` des cadeaux! Tee shirt, stylos, calendriers,sous-main... Offrez-vous les compitences d'un directeur marketing pour vous conseiller et mettre en place une viritable politique marketing et commerciale dans votre entreprise sans avoir les contraintes d'un salairi ! Externalisez votre ptle marketing en toute confiance! CREASYWEB, criation de site E-Commerce. Vous avez le projet de crier un site e-commerce, un site marchand ? Nous avons la solution ! Criez votre site cli en main ( graphisme, outil d'administration, hibergement) pour seulement 349 ht / an !! criez votre site Web de la conception ` la mise en ligne en toute liberti! VISIBLESITE: Les solutions de Rifirencement! Avoir son site internet c'est une chose, le placez en premihre page des moteurs de recherche c'est mieux . Votre site internet peut vous rapporter de nouveaux clients, pour cela il doit jtre vu par les internautes ! Amiliorez votre visibiliti sur les principaux moteurs de recherche! Afin d'obtenir un devis GRATUIT dans les 48 heures de la part de nos prestataires labellisis. Merci de remplir ce formulaire ou de contacter nos conseillers par tiliphone au numiro Gratuit suivant : 0 805 16 26 26 Sociiti : * [IMAGE] 1. Des fournisseurs labellisis par nos soins 2. L'assurance du meilleur prestataire possible. 3. Demande de devis gratuit sous 48h 4. Des conseillers vous informent et vous guident gratuitement au : [IMAGE] Civiliti : * Nom : * Prinom : * Tiliphone : * Email : * Je souhaite recevoir les offres des partenaires Guidedesprestataires.com *Champs obligatoires Le Guide Des Prestataires est une activiti de la sociiti Midia Tilecom SAS - Rcs Criteil 482 024 825 == - Premihre visite - Acchs membres - Devenir Prestataire - Conditions ginirales d'utilisation - Qui sommes nous - Plan du site - News-letters- Partenaires ) Midia Tilicom SAS 2007 Afin de vous tenir informi des offres de nos prestataires sans vous occasionner de gjnes,nous vous informons que vous recevrez uniquement 2 lettres d'informations par semaine. Seules les personnes qui disirent s'inscrire GRATUITEMENT ` nos lettres d'informations en recevront une par jour.Conformiment ` la loi Informatique et Libertis du 6 janvier 1978, vous binificiez d'un droit d'acchs, de modification, de suppression et d'opposition aux donnies vous concernant.Si vous souhaitez exercer ces droits, veuillez vous adresser ` MEDIA TELECOM SAS , service marketing, Voie Felix Eboui- 94 000 - Criteil- ou icrire ` [EMAIL PROTECTED] Nous nous engageons ` ne pas communiquer ` des tiers les informations vous concernant sauf si vous nous en
Re: adding X11 libraries after the fact
Thanks. That's it. I was even looking in right part (#4) of the FAQ, but needed that direct pointer. -Lars On Tue, 20 Mar 2007, Josh Grosse wrote: FAQ 4.10, Adding a fileset after install is what you're looking for. Here's a handy link: http://openbsd.rt.fm/faq/faq4.html#AddFileSet On Tue, 20 Mar 2007, Chris Kuethe wrote: sudo tar -C / -zxpPf /path/to/xbase41.tgz Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: passing to inside interface
On 2007/03/20 06:18, Lawrence Horvath wrote: On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 04:41, Lawrence Horvath wrote: I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping You don't pass out anything, either directly or via keep state. Also see the Notes section of bridge(4). ahh, I missed that you have a default pass out since your default blocks are only for inbound. tcpdump on various interfaces (including pflog0 with the relevant log keywords adding to pf.conf) will help you see how it works. Some things depend on which interface has the IP address. The advice in bridge(4) about passing/skipping traffic on one of the interfaces makes things easier to follow.
Re: No Blob without Puffy
Shawn K. Quinn wrote: It wouldn't have been the first time Theo published e-mails; from what I have observed, he doesn't do so without good cause. Sure. I was addressing only the point that *Daniel* did something wrong by publishing the private emails, after Theo indicated he was willing to take the whole matter public. Now, the exchange as posted by Daniel appears to me to simply affirm Theo's initial description of the exchange, so I don't understand *why* he posted it... -- Matthew Weigel hacker [EMAIL PROTECTED]
Re: External Router
2007/3/19, Almir Karic [EMAIL PROTECTED]: use route tables, set the getaway 10.30.9.253 for the subnet on which your other office is, and use your ISP's getaway as default getaway. you can manipulate route tables with route(8). On 3/19/07, Ricardo Lucas [EMAIL PROTECTED] wrote: Hello ppl from misc, I have an issue, I have a little lan with a oBSD box that connect to my ISP and bring the Internet to this lan, but I have another router inside that lan that connects me to my another office, and I have a win2000 machine that is the DNS for this router, so, if I want to connect to my other office I have to set the machines configurations to gateway - 10.30.9.253, the router and DNS 10.30.9.250, the win2000 machine, and if I want to use the internet i have to use set the machines configurations to gateway - 10.30.9.254, the oBSD box and DNS are from my ISP. So what I want is that the oBSD handle this job, I mean, I want use only the oBSD as a router and when the traffic is for the other office the oBSD send the traffic to the 10.30.9.253 router and when the the traffic is for the Internet the oBSD send the traffic trough it's connection to my ISP. So, that's it... -- Best regards Ricardo Lucas -- almir # macros int_if = rl0 ext_if = tun0 vpn_if = tun1 tcp_services = { 22, 113 } icmp_types = echoreq liberados = { 10.30.9.100, 10.30.9.250, 10.30.9.123, 10.30.9.124, 10.30.9.125 } priv_nets = { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } # options set block-policy return set loginterface $ext_if # scrub scrub in all #altq on $ext_if cbq bandwidth 960Kb \ # queue { down, net, cpd } #queue net bandwidth 10% cbq(default) #queue cpd bandwidth 80% priority 7 #queue down bandwidth 10% priority 1 # nat/rdr # nat on $ext_if from $int_if:network to any - ($ext_if) nat on $ext_if from $liberados to any - ($ext_if) rdr pass on $ext_if proto tcp from any to any port 5900 - 10.30.9.100port 5900 rdr pass on $ext_if proto tcp from any to any port 5800 - 10.30.9.100 port 5800 rdr pass on $ext_if proto tcp from any to any port 23942 - 10.30.9.100port 23942 rdr pass on $ext_if proto tcp from any to any port 44277 - 10.30.9.100port 44277 rdr pass on $ext_if proto udp from any to any port 21632 - 10.30.9.100port 21632 #rdr pass on $ext_if proto tcp from any to any port 6346 - 10.30.9.200port 6346 # filter rules pass quick on lo0 all pass quick on tun1 all block log all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state #pass out on $ext_if from 10.30.9.200 to any queue down #pass out on $ext_if from 10.30.9.123 to any queue down #pass out on $ext_if from 10.30.9.100 to any queue cpd # pass in on $ext_if inet proto { tcp, udp } from any to any port 80 keep state pass in on $ext_if inet proto { tcp, udp } from any to any port 22 keep state pass in on $int_if route-to { $int_if 10.30.9.253 } from any to 192.168.26.6 pass out on $int_if from any to any keep state here is my pf.conf, with that two last lines the traffic from my lan trying to access the 192.168.26.6 will be redirected to the router from my lan with the IP 10.39.9.253. is that correct? because is not working!!! -- Ricardo Lucas
use OpenBSD to blacklist phone calls?
OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Even though we are on the 'do not call' registry we still get 4-10 calls a day at home, and at work its just phone spam spam spam Thinking about adding a modem that recognizes callerID to my home openbsd firewall/server to have it also monitor the phones and intercept telemarketing calls between ring 1 and 2 and if a match then give a false fax signal, message or just hangup signal. Has anyone else setup an openbsd server to hangup phone calls by callerid? I looked through /usr/ports/comms and /usr/ports/telephony I think this could be done with the port package asterisk, but it does look complex and I wondered if another package was more appropriate than a VOIP package? I did google some notes for [EMAIL PROTECTED] but I did not read that it is the same as the port ASTERISK. -TIA.
Re: passing to inside interface
is there a way to tag the packets going to pflog, i can see the packets being blocked with tcpdump on /var/log/pflog, but i would like to know what rule is blocking them i changed my rules a little bit here is the output of pfctl -s rules, i was hoping that explictly defining some of these would help but same result block return in log on xl0 all block drop in log on xl1 all pass in on xl0 inet from any to 192.168.25.253 keep state pass in on xl1 inet from 192.168.25.253 to any keep state pass out on xl0 all pass out on xl1 all pass in on xl0 inet from any to 192.168.25.33 pass in on xl1 inet from 192.168.25.33 to any pass in on xl0 inet from any to 192.168.25.69 pass in on xl1 inet from 192.168.25.69 to any pass in on xl0 inet from any to 192.168.25.84 pass in on xl1 inet from 192.168.25.64 to any pass in on xl0 inet from any to 192.168.25.100 pass in on xl1 inet from 192.168.25.100 to any pass in on xl0 inet from any to 192.168.25.201 pass in on xl1 inet from 192.168.25.201 to any pass in on xl0 inet from any to 192.168.25.252 pass in on xl1 inet from 192.168.25.252 to any On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 06:18, Lawrence Horvath wrote: On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 04:41, Lawrence Horvath wrote: I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping You don't pass out anything, either directly or via keep state. Also see the Notes section of bridge(4). ahh, I missed that you have a default pass out since your default blocks are only for inbound. tcpdump on various interfaces (including pflog0 with the relevant log keywords adding to pf.conf) will help you see how it works. Some things depend on which interface has the IP address. The advice in bridge(4) about passing/skipping traffic on one of the interfaces makes things easier to follow. -- -Lawrence -Student ID 1028219 -CCNA
Re: use OpenBSD to blacklist phone calls?
make some money at it. http://killthecalls.com/ On 3/20/07, Paul Pruett [EMAIL PROTECTED] wrote: OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Even though we are on the 'do not call' registry we still get 4-10 calls a day at home, and at work its just phone spam spam spam Thinking about adding a modem that recognizes callerID to my home openbsd firewall/server to have it also monitor the phones and intercept telemarketing calls between ring 1 and 2 and if a match then give a false fax signal, message or just hangup signal. Has anyone else setup an openbsd server to hangup phone calls by callerid? I looked through /usr/ports/comms and /usr/ports/telephony I think this could be done with the port package asterisk, but it does look complex and I wondered if another package was more appropriate than a VOIP package? I did google some notes for [EMAIL PROTECTED] but I did not read that it is the same as the port ASTERISK. -TIA.
Re: use OpenBSD to blacklist phone calls?
Paul Pruett [EMAIL PROTECTED] writes: OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Hm.. greylisting. Respond to the call with please call back in 5 minutes and if they don't blacklist them. //art
Re: use OpenBSD to blacklist phone calls?
use zapteller() [ page 115 ] and / or anti-girlfriend-logic [ page 104 ] as documented in the Asterisk - the future of Telephony. The asterisk book is available online via: http://www.asteriskdocs.org/modules/tinycontent/index.php?id=11 enjoy. Mark On 20/03/07, Paul Pruett [EMAIL PROTECTED] wrote: OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Even though we are on the 'do not call' registry we still get 4-10 calls a day at home, and at work its just phone spam spam spam Thinking about adding a modem that recognizes callerID to my home openbsd firewall/server to have it also monitor the phones and intercept telemarketing calls between ring 1 and 2 and if a match then give a false fax signal, message or just hangup signal. Has anyone else setup an openbsd server to hangup phone calls by callerid? I looked through /usr/ports/comms and /usr/ports/telephony I think this could be done with the port package asterisk, but it does look complex and I wondered if another package was more appropriate than a VOIP package? I did google some notes for [EMAIL PROTECTED] but I did not read that it is the same as the port ASTERISK. -TIA.
Re: use OpenBSD to blacklist phone calls?
On 2007/03/20 17:25, mark reardon wrote: use zapteller() [ page 115 ] and / or anti-girlfriend-logic [ page 104 ] as documented in the Asterisk - the future of Telephony. The asterisk book is available online via: it's in ports/packages now - /usr/ports/books/AsteriskTFOT
Re: use OpenBSD to blacklist phone calls?
Artur Grabowski wrote: Paul Pruett [EMAIL PROTECTED] writes: OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Hm.. greylisting. Respond to the call with please call back in 5 minutes and if they don't blacklist them. if it's an important phone call from a known contact perhaps having a code to bypass it would be a good idea. if you hand out your business card and someone is busy and can't make the 2nd phone call, they get blacklisted :( phone calls tend to be a bit more time-sensitive than emails in my experience. cheers, jake //art
Re: passing to inside interface
On 2007/03/20 09:24, Lawrence Horvath wrote: is there a way to tag the packets going to pflog, i can see the packets being blocked with tcpdump on /var/log/pflog, but i would like to know what rule is blocking them if you use '-e' to tcpdump, it dumps the link-layer headers - on a pflog(4) interface this includes the rule number.
Re: use OpenBSD to blacklist phone calls?
On 2007/03/20 16:10, Paul Pruett wrote: I looked through /usr/ports/comms and /usr/ports/telephony I think this could be done with the port package asterisk, Not without additional hardware (or porting your phone number to a voip gateway provider, if you can do such a thing where you live) but it does look complex and I wondered if another package was more appropriate than a VOIP package? mgetty might have something useful - see http://home.leo.org/~doering/mgetty/mgetty_15.html I did google some notes for [EMAIL PROTECTED] but I did not read that it is the same as the port ASTERISK. [EMAIL PROTECTED] (now renamed trixbox) is a CentOS-based linux distribution with pre-installed Asterisk and supporting pieces. I'll take the opportunity to point out that {3.9,4.0}-stable ports trees have just had an update to Asterisk to fix a remote (unauthenticated user) chan_sip vulnerability (-current has had 1.2.16 since shortly after unlock). Packages later.
ODBC on OpenBSD
Hi, Has anyone succeded in using iodbc or unixodbc to access a remote database ODBC-compliant? I need to use some data from a SQL Server for the application I'm developping (PHP+MySQL on OpenBSD) but I don't find any information about how to proceed. I can install the iodbc package on a OpenBSD 4.0 machine, but then, what should I do to access a remote SQLServer database? Do I need some extra driver? If someone has experience on this, please tell me, cause I'm stuck with this problem. -- Joaquin Herrero
Re: use OpenBSD to blacklist phone calls?
nice one. thanks. On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 17:25, mark reardon wrote: use zapteller() [ page 115 ] and / or anti-girlfriend-logic [ page 104 ] as documented in the Asterisk - the future of Telephony. The asterisk book is available online via: it's in ports/packages now - /usr/ports/books/AsteriskTFOT
Re: is the Thinkpad T30 supported?
I have a T30. pretty much everything works on it and very well, it suspends and resumes again. It would be a good choice for a used laptop. -Bob * Igor Sobrado [EMAIL PROTECTED] [2007-03-20 03:19]: Hello. I am looking for a laptop to replace my old, but excellent, Dell Latitude CPi R400GT (this computer has a broken hinge right now). The OpenBSD/i386 laptop page (http://www.openbsd.org/i386-laptop.html) has a lot of information on Thinkpads (from the earliest models to the most recent units), but the Thinkpad T30 is missing. I would like to buy one, or two, used (better surplus) units of the Thinkpad laptops (T23, T30, and T40 up to T43p are being considered). Sadly, it is not easy to get a unit of these models and I need to see what is available for sale and choose a machine that is not broken. Is the T30 as well supported as the T23 and T40-T43p Thinkpads? I just want to make sure that any T23-T43p is right for OpenBSD (I know that the Lucent Technologies softmodem available on some units is not supported... I cannot understand how Lucent Technologies made these proprietary devices). Cheers, Igor. -- #!/usr/bin/perl if ((not 0 not 1) != (! 0 ! 1)) { print Larry and Tom must smoke some really primo stuff...\n; }
Re: is the Thinkpad T30 supported?
In message [EMAIL PROTECTED], Bob Beck writes: I have a T30. pretty much everything works on it and very well, it suspends and resumes again. The only concerns I have with OpenBSD are related with APM and ACPI support (e.g., problem report number 5307/kernel). In fact, APM was the only unsupported feature on the CPi R400GT; even the previously unsupported Xircom combo card (modem + NIC) works fine on OpenBSD 4.0. I only expect the softmodem to remain unsupported then (and it will probably remain unsupported forever). If you say it works then it certainly *works*; I have not doubt about this fact. Thank you very much for your comment. It would be a good choice for a used laptop. I never used IBM/Lenovo Thinkpad laptops, but I hope that its hinge will be better than the ones on the HP and Dell systems. Here, in the Department of Physics, we have an old HP laptop with a broken hinge, I had an HP Omnibook laptop that died in the same way, and now the Latitude has another broken hinge... manufacturers should care about these cheap components or minimize the force pairs applied to the hinge. I suppose that a manufacturer that uses a titanium-reinforced composite will care about the quality of hinges and lids used on the displays. Thanks, again, for your feedback. I will add the T30 to the list of wanted Thinkpads. Cheers, Igor.
Daylight savings fix with OpenNTPD
Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05.
Re: use OpenBSD to blacklist phone calls?
I wish there was a OpenBSD based article on How to Setup a Small Office on Asterisk. I would Try it. Sam Fourman Jr. On 3/20/07, mark reardon [EMAIL PROTECTED] wrote: nice one. thanks. On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 17:25, mark reardon wrote: use zapteller() [ page 115 ] and / or anti-girlfriend-logic [ page 104 ] as documented in the Asterisk - the future of Telephony. The asterisk book is available online via: it's in ports/packages now - /usr/ports/books/AsteriskTFOT
Re: use OpenBSD to blacklist phone calls?
What Would you do in the case of Telemarketers using caller ID block (*69 for my Phone Company) I get 2 or 3 calls a week From some stupid bank wanting to refinance a mortage all of these calls come up Restricted or Private on Caller ID. Sam Fourman Jr. On 3/20/07, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: Artur Grabowski wrote: Paul Pruett [EMAIL PROTECTED] writes: OpenBSD spamd works great for blacklisting IPs, and maybe it could be use for our blacklisting telephone calls using callerID? Hm.. greylisting. Respond to the call with please call back in 5 minutes and if they don't blacklist them. if it's an important phone call from a known contact perhaps having a code to bypass it would be a good idea. if you hand out your business card and someone is busy and can't make the 2nd phone call, they get blacklisted :( phone calls tend to be a bit more time-sensitive than emails in my experience. cheers, jake //art
Re: ODBC on OpenBSD
* Joaquin Herrero [EMAIL PROTECTED] [070320 14:33]: Hi, Has anyone succeded in using iodbc or unixodbc to access a remote database ODBC-compliant? I need to use some data from a SQL Server for the application I'm developping (PHP+MySQL on OpenBSD) but I don't find any information about how to proceed. I can install the iodbc package on a OpenBSD 4.0 machine, but then, what should I do to access a remote SQLServer database? Do I need some extra driver? If someone has experience on this, please tell me, cause I'm stuck with this problem. -- Joaquin Herrero Skip ODBC and speak natively to the rdbms. Take a look in ports at database/freetds. Perl modules are in the ports tree that make it easy to use too. Jim
Re: Daylight savings fix with OpenNTPD
NTP only deals with UTC (aka Universal Time). Your local box handles the pretty-print into local time (including daylight saving). Update your box, you're out of date. On 2007 Mar 20 (Tue) at 12:05:49 -0700 (-0700), Bray Mailloux wrote: :Have a patch been issued? It might just be the time servers, but date is :reporting 11:04:31 when it is 12:05. : -- November, n.: The eleventh twelfth of a weariness. -- Ambrose Bierce, The Devil's Dictionary
Re: Daylight savings fix with OpenNTPD
On Tue, 20 Mar 2007, Bray Mailloux wrote: Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. The ntp protocol always works with UTC, no patch needed. Apart from that, this is a lousy report. No details on servers or client settings. -Otto
Re: Daylight savings fix with OpenNTPD
* Bray Mailloux [EMAIL PROTECTED] [2007-03-20 13:33]: Have a patch been issued? Yes. see the errata page It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. It aint the time servers they report in UCT. Your timezone is wrong -Bob
Re: No Blob without Puffy
Nick ! wrote: I already post proof on this list a few months ago of how bad BLOB are with proof that if push to shove, I would argue that even the stock exchange commission might be interested to know in some cases. You mean this right: http://archives.neohapsis.com/archives/openbsd/2006-04/1157.html ? Yes, that's part of it. Now tell me. Are they really interested in making sure my systems are working properly??? Draw your own conclusions? My gosh, what company is this? There's no reason to protect them, tell us. If you want to find out, you can by digging in the archive. It's there, but I can't tell you sorry! Not yet anyway, hopefully soon.
Re: use OpenBSD to blacklist phone calls?
On Tue, Mar 20, 2007 at 01:34:29PM -0500, Sam Fourman Jr. wrote: What Would you do in the case of Telemarketers using caller ID block (*69 for my Phone Company) I get 2 or 3 calls a week From some stupid bank wanting to refinance a mortage all of these calls come up Restricted or Private on Caller ID. please don't confuse greylisting with PTR checks. they're totally different things. :) :) :) :) :) -- jared
Re: Daylight savings fix with OpenNTPD
On 3/20/07, Bray Mailloux [EMAIL PROTECTED] wrote: Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. Follow this: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/009_timezone.patch Link from: http://openbsd.org/errata40.html
Re: use OpenBSD to blacklist phone calls?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Fourman Jr. Sent: Tuesday, March 20, 2007 2:34 PM To: Jacob Yocom-Piatt Cc: misc@openbsd.org Subject: Re: use OpenBSD to blacklist phone calls? What Would you do in the case of Telemarketers using caller ID block (*69 for my Phone Company) I get 2 or 3 calls a week From some stupid bank wanting to refinance a mortage all of these calls come up Restricted or Private on Caller ID. Sam Fourman Jr. Some phone companies have a service where you need a four digit code to complete the call. My friend has this, after the first ring you here a recording that says something like, this number is currently unavailable or something to that effect. If you punch in the special code you connect pass this. I think it's a few dollars a month and you can setup a white list so some numbers don't need the code.
mailman problems: group mismatch error and aliases
On 4.0 I have installed mailman (flavour postfix): $ pkg_info | grep mailman mailman-2.1.8p3-postfix mailing list manager with web interface But I still get the infamous group mismatch error: Group mismatch error. Mailman expected the mail wrapper script to be executed as group _mailman, but the system's mail server executed the mail script as group nobody. Try tweaking the mail server to run the script as group _mailman, or re-run configure, providing the command line option `--with-mail-gid=nobody'. ) I have read that this has been fixed since 3.8. Also, where does the OpenBSD mailman package store its list management aliases? I tried /var/spool/mailman/data/aliases. I can't seem to get mailman to generate aliases automatically. This is what I have put in mm_cfg.py: add_virtualhost( 'mailman.domain.com' ) MTA = 'Postfix' POSTFIX_ALIAS_CMD = '/usr/local/sbin/postalias' POSTFIX_MAP_CMD = '/usr/local/sbin/postmap' Once I edited this file I received an error when trying to create a list (We're sorry, we hit a bug!). Thanks for any help, Pedro
Re: ODBC on OpenBSD
On 3/20/07, Joaquin Herrero [EMAIL PROTECTED] wrote: Hi, Has anyone succeded in using iodbc or unixodbc to access a remote database ODBC-compliant? I need to use some data from a SQL Server for the application I'm developping (PHP+MySQL on OpenBSD) but I don't find any information about how to proceed. I can install the iodbc package on a OpenBSD 4.0 machine, but then, what should I do to access a remote SQLServer database? Do I need some extra driver? If someone has experience on this, please tell me, cause I'm stuck with this problem. I regularly connect PHP to MSSQL server with a different technique: FreeTDS in the ports tree. It's quite simple. Here's how: 1.) To use w/SQL2000 add --with-tdsver=8.0 to your FreeTDS Makefile CONFIGURE-ARGS (/usr/ports/databases/freetds/Makefile). This makes FreeTDS play nicely with SQL2000. Apparently without this long strings get buggered when connecting to SQL2000. Ours looks like this: CONFIGURE_ARGS= ${CONFIGURE_SHARED} \ --enable-static \ --with-libiconv-prefix=${LOCALBASE} \ --disable-threadsafe \ --disable-odbc \ --with-tdsver=8.0 (Remember to run 'make install' to actually *install* your SQL2000-friendly FreeTDS.) 2.) To your PHP5 Makefile.inc CONFIGURE-ARGS (/usr/ports/www/php5/Makefile.inc) add --with-mssql=/usr/local to make you PHP installation SQL-aware. Ours looks like this: CONFIGURE_ARGS+=--enable-shared \ --disable-static \ --disable-rpath \ --with-config-file-path=${PHP_CONFIG_PATH} \ --enable-inline-optimization \ --with-pic \ --with-mssql=/usr/local (Remember to run the appropriate 'make X' and pkg_add for your particular environment to actually build and install your MSSQL-friendly PHP5.) You'll find the global variables for freetds are in /etc/freetds.conf. These normally require next to no setup for your particular environment. With that... presto! Instant PHP5-MSSQL connectivity. You can confirm this worked with a simple: ? phpinfo(); ? Now for the requisite qualifiers: 1.) This is an unsupported configuration. If it breaks, you are on your own. :-) 2.) There are probably easier, supported ways to do this. 3.) I've been using this technique for *years*. It has been fast, stable, and reliable for everything I've needed it for. YMMV. Last thing... remember to: -- _actually follow_ the post pkg_add instructions. -- verify that you've _really_ enabled PHP in your httpd.conf and php.ini Good luck, Al -- http://www.memetrics.com - Multivariate testing with Memetrics xOs. Landing page optimization, design consulting.
Re: Daylight savings fix with OpenNTPD
On 3/20/07, Bray Mailloux [EMAIL PROTECTED] wrote: Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. You mean errata 009 for 4.0? http://www.openbsd.org/errata40.html This isn't specific to OpenNTPD, though. DS
Re: passing to inside interface
On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 09:24, Lawrence Horvath wrote: is there a way to tag the packets going to pflog, i can see the packets being blocked with tcpdump on /var/log/pflog, but i would like to know what rule is blocking them if you use '-e' to tcpdump, it dumps the link-layer headers - on a pflog(4) interface this includes the rule number. switched to the below rules, it seems that it was ignoring the exterior interface, perhaps because it has no ip on it or perhaps because its in a bridge, not sure in fact it seems to ignore all rules on the exterior interface completely, could anyone shed some light on why that is? and how i can get it to pass through both interface rules? is it possible to put the IP on the bridge interface instead of one of the ether interfaces? in order to make the firewall IP independant of any one interface? # pfctl -s rules block return in log on xl0 all block drop in log on xl1 all pass in on xl1 inet from any to 192.168.25.253 keep state pass out on xl0 all pass out on xl1 all pass in on xl0 inet from any to 192.168.25.33 pass in on xl1 inet from 192.168.25.33 to any pass in on xl0 inet from any to 192.168.25.69 pass in on xl1 inet from 192.168.25.69 to any pass in on xl0 inet from any to 192.168.25.84 pass in on xl1 inet from 192.168.25.64 to any pass in on xl0 inet from any to 192.168.25.100 pass in on xl1 inet from 192.168.25.100 to any pass in on xl0 inet from any to 192.168.25.201 pass in on xl1 inet from 192.168.25.201 to any pass in on xl0 inet from any to 192.168.25.252 pass in on xl1 inet from 192.168.25.252 to any -- -Lawrence -Student ID 1028219 -CCNA
Re: use OpenBSD to blacklist phone calls?
On 3/20/07, mark reardon [EMAIL PROTECTED] wrote: use zapteller() [ page 115 ] and / or anti-girlfriend-logic [ page 104 ] as Why would any geek want this? ^^
Re: Daylight savings fix with OpenNTPD
On 3/20/07, Bray Mailloux [EMAIL PROTECTED] wrote: Ok, in relation to the current topic; I've been reading up on CVS and it appears the system has nothing to do with patching but just fetches the current patches for my OpenBSD system, so how would I take the CVS files and apply them to my system? You would start by reading the documentation. There is no one line answer to your question - you need to understand the ways in which you can maintain your system, and then you need to act according to the documentation to make it so. http://www.openbsd.org/anoncvs.html http://www.openbsd.org/stable.html And stop top posting. It induces migraines for people who want to help you. DS Darren Spruell wrote: On 3/20/07, Bray Mailloux [EMAIL PROTECTED] wrote: Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. You mean errata 009 for 4.0? http://www.openbsd.org/errata40.html This isn't specific to OpenNTPD, though. DS
Cardbus EHCI issues on Tecra 520CDT
I have a Tecra 520CDT laptop. This has one internal hard drive, and I'd like to expand it by using a USB2 drive. The laptop has a single USB1 port, so I've acquired a generic Cardbus USB2/Firewire card. This nearly works fine, but the EHCI part of the card is failing to start. Luckily, due to various bits of good design it's gracefully falling back to USB1, so I can access the drive, but it's, um, not fast. Any suggestions? dmesg enclosed. --- OpenBSD 4.0-stable (GENERIC) #0: Sun Mar 18 17:09:20 GMT 2007 [EMAIL PROTECTED]:/vol/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 166 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 50032640 (48860K) avail mem = 37126144 (36256K) using 636 buffers containing 2605056 bytes (2544K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(63) BIOS, date 11/01/99, BIOS32 rev. 0 @ 0xfe95b apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 98% apm0: AC on, battery charge high, charging, estimated 1:44 hours apm0: flags 20102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9980/80 (3 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #21 is the last bus WARNING: can't reserve area for I/O APIC. WARNING: can't reserve area for Local APIC. bios0: ROM list: 0xe4000/0x9800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x26 cbb0 at pci0 dev 2 function 0 Toshiba ToPIC95B CardBus rev 0x07: irq 11 cbb1 at pci0 dev 2 function 1 Toshiba ToPIC95B CardBus rev 0x07: irq 11 vga1 at pci0 dev 4 function 0 Chips and Technologies 6 rev 0xc3 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 11 function 0 NEC USB rev 0x01: irq 11, version 1.0 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 20 device 0 cacheline 0x0, lattimer 0x0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 21 device 0 cacheline 0x0, lattimer 0x0 pcmcia1 at cardslot1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: TOSHIBA MK2103MAV wd0: 16-sector PIO, LBA, 2067MB, 4233600 sectors wd0(wdc0:0:0): using BIOS timings sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 midi0 at sb0: SB MIDI UART audio0 at sb0 opl0 at sb0: model OPL3 midi1 at opl0: SB Yamaha OPL3 wss0 at isa0 port 0x530/8 irq 10 drq 0: CS4231 or AD1845 (vers 4) audio1 at wss0 pcppi0 at isa0 port 0x61 midi2 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask eb4d netmask eb4d ttymask fbcf pctr: 586-class performance counters and user-level cycle counter enabled rtw0 at cardbus0 dev 0 function 0 Realtek, Rtl8180 irq 11 rtw0: ver RTL8180D, radio SA2400A, amp SA2411, address 00:50:fc:f1:82:14 ohci1 at cardbus1 dev 0 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ohci2 at cardbus1 dev 0 function 1 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 usb2 at ohci2: USB revision 1.0 uhub2 at usb2 uhub2: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ohci3 at cardbus1 dev 0 function 2 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb3 at ohci3: USB revision 1.0 uhub3 at usb3 uhub3: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at cardbus1 dev 0 function 3 Acer Labs M5239 USB2 rev 0x01: irq 11 ehci0: reset timeout ehci0: init failed, error=13 vendor Acer Labs, unknown product 0x5253 (class serial bus subclass Firewire, rev 0x00) at cardbus1 dev 0 function 4 not configured umass0 at uhub1 port 1 configuration 1 interface 0 umass0: Cypress Semiconductor USB2.0 Storage Device, rev 2.00/0.01, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: Maxtor 6, Y080L0, SCSI0 0/direct fixed sd0: 78167MB, 78167 cyl, 64 head, 32 sec, 512 bytes/sec, 160086528 sec total -- bbb o=o=o
pf.conf propagation
Hello misc. Can anyone recommend a pf propagation script, intended to be used to spread changes from one carp:ed openbsd firewall to another? I found one bash script which seems to do a decent job here: http://archives.neohapsis.com/archives/openbsd/2006-11/1134.html But it requires bash and supports only two firewalls. Also does anyone know if there are any plans to make this pf.conf propagation a feature in openbsd itself? Alec
Re: pf.conf propagation
On 3/20/07, Alexander Lind [EMAIL PROTECTED] wrote: Hello misc. Can anyone recommend a pf propagation script, intended to be used to spread changes from one carp:ed openbsd firewall to another? for host in fw1 fw2 fw3 fw4 fw5; do scp ~/master.pf.conf ${host}:/etc/pf.conf; done -- Kian Mohageri
Re: passing to inside interface
On 3/20/07, Lawrence Horvath [EMAIL PROTECTED] wrote: On 20/03/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/20 09:24, Lawrence Horvath wrote: is there a way to tag the packets going to pflog, i can see the packets being blocked with tcpdump on /var/log/pflog, but i would like to know what rule is blocking them if you use '-e' to tcpdump, it dumps the link-layer headers - on a pflog(4) interface this includes the rule number. switched to the below rules, it seems that it was ignoring the exterior interface, perhaps because it has no ip on it or perhaps because its in a bridge, not sure in fact it seems to ignore all rules on the exterior interface completely, could anyone shed some light on why that is? and how i can get it to pass through both interface rules? A bridge isn't an in/out paradigm like a router in the way you're thinking. Filter on one interface as suggested in http://www.openbsd.org/faq/faq6.html#Bridge and it's less hassle. DS
Re: Daylight savings fix with OpenNTPD
On 3/20/07, Bray Mailloux [EMAIL PROTECTED] wrote: Have a patch been issued? It might just be the time servers, but date is reporting 11:04:31 when it is 12:05. Yes there is an errata for this. You should install it. If you are in a bind and need something quick, and I don't recommend to do this instead of installing the patch, but it sure work and you can do: Download via anonymous ftp: elsie.nci.nih.gov/pub/tzdata2007d.tar.gz Note the file above change 4 times so far with updates every few days, or week, so if you don't see this one, then check for the next version as they become available. tzdata2007e.tar.gz. The above one was just release updated as of today. Then continue with: tar -xzf tzdata2007d.tar.gz If you need the North America changes only as an example: zic -d zoneinfo northamerica This create the zoneinfo directory cd zoneinfo cp -r * /usr/share/zoneinfo/ So, this works and it is quick, but use at your own risk. It work, but that shouldn't stop you from doing the proper patch however. I did this as all the servers will be wipe out anyway in just a few weeks when the 4.1 is release, or sooner when my CD comes in the mail. Hope this help some. Daniel PS; This doesn't patch all the zone for everyone, just what I needed, so choose wisely, or better yet, use the real patch and do it right.
Re: is the Thinkpad T30 supported?
On Tue, Mar 20, 2007 at 07:31:16PM +0100, Igor Sobrado wrote: I never used IBM/Lenovo Thinkpad laptops, but I hope that its hinge will be better than the ones on the HP and Dell systems. This is purely anecdotal, and about systems a good deal older than what you are talking about, but I've had to replace both a X380 and X390 when the cable connecting the 'chassis' and the monitor got damaged (and the screen went totally bonkers). And here I thought I was smart buying a substantially similar laptop to use the old one as spare parts... Joachim
Re: pf.conf propagation
On Tue, Mar 20, 2007 at 03:29:08PM -0700, Alexander Lind wrote: Hello misc. Can anyone recommend a pf propagation script, intended to be used to spread changes from one carp:ed openbsd firewall to another? I found one bash script which seems to do a decent job here: http://archives.neohapsis.com/archives/openbsd/2006-11/1134.html But it requires bash and supports only two firewalls. Also does anyone know if there are any plans to make this pf.conf propagation a feature in openbsd itself? This is trivially scripted (the posted scp solution is perfectly sensible). But do take a look at carp(4), pfsync(4), and so on. joachim
Re: is the Thinkpad T30 supported?
On 3/20/07, Igor Sobrado [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], Bob Beck writes: I have a T30. pretty much everything works on it and very well, it suspends and resumes again. The only concerns I have with OpenBSD are related with APM and ACPI support (e.g., problem report number 5307/kernel). In fact, APM was the only unsupported feature on the CPi R400GT; even the previously unsupported Xircom combo card (modem + NIC) works fine on OpenBSD 4.0. I only expect the softmodem to remain unsupported then (and it will probably remain unsupported forever). If you say it works then it certainly *works*; I have not doubt about this fact. Thank you very much for your comment. It would be a good choice for a used laptop. I never used IBM/Lenovo Thinkpad laptops, but I hope that its hinge will be better than the ones on the HP and Dell systems. I have a variety of Dells here at work, and I abused a free T20 at home until it gave up on me. Since the T20 worked so well I bought a used T40. The chassis and hinges seem to be much, much more solid on the IBM/Lenovos. I have many Dell C610s with crappy hinges. Cheers, Greg
Re: ODBC on OpenBSD
Another possibility is perl. I've been using DBD::Proxy/DBI::Proxyserver across Unix - Windows to get an HTML::Mason app directly talking to an Access database, and I'm in the process of migrating it to DBIx::Class (often enough Catalyst). This does just work. The only downside is that you need to run a perl script on the windows machine...
Re: is the Thinkpad T30 supported?
On 3/20/07, Greg Thomas [EMAIL PROTECTED] wrote: On 3/20/07, Igor Sobrado [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], Bob Beck writes: I have a T30. pretty much everything works on it and very well, it suspends and resumes again. The only concerns I have with OpenBSD are related with APM and ACPI support (e.g., problem report number 5307/kernel). In fact, APM was the only unsupported feature on the CPi R400GT; even the previously unsupported Xircom combo card (modem + NIC) works fine on OpenBSD 4.0. I only expect the softmodem to remain unsupported then (and it will probably remain unsupported forever). If you say it works then it certainly *works*; I have not doubt about this fact. Thank you very much for your comment. It would be a good choice for a used laptop. I never used IBM/Lenovo Thinkpad laptops, but I hope that its hinge will be better than the ones on the HP and Dell systems. I have a variety of Dells here at work, and I abused a free T20 at home until it gave up on me. Since the T20 worked so well I bought a used T40. The chassis and hinges seem to be much, much more solid on the IBM/Lenovos. I have many Dell C610s with crappy hinges. YMMV, but IME construction quality and durability of the IBM/Lenovo laptops is higher than your run of the mill Dell and other cheaper brands (HP, Toshiba, Sony, etc.) DS
Re: Upgrade direction from older to newer
Henning Braue wrote: Is it possible to upgrade from 4.0-current to 4.1-stable? No... Thats what the above quote is trying to tell you. A -current src tree is always the newest code; -stable is the original release with patches. yayaya, but his 4.1-stable once upon a time was 4.0-current, so all is fluffy and he can upgrade (well, once 4.1-stable exists, i.e. roughly may 1) If I'm not wrong, the stable branch (e.g 4.1-stable) is not simply branched from 4.1-current at a specific date or time, but rather a selection of well-working parts thereof. If so, is it not possible that some parts of the OP's 4.0-current system might have changes that did not make it into 4.1-stable? /Alexander
Re: Upgrade direction from older to newer
Alexander Hall wrote: Henning Braue wrote: Is it possible to upgrade from 4.0-current to 4.1-stable? No... Thats what the above quote is trying to tell you. A -current src tree is always the newest code; -stable is the original release with patches. yayaya, but his 4.1-stable once upon a time was 4.0-current, so all is fluffy and he can upgrade (well, once 4.1-stable exists, i.e. roughly may 1) If I'm not wrong, the stable branch (e.g 4.1-stable) is not simply branched from 4.1-current at a specific date or time, but rather a selection of well-working parts thereof. Wrong If so, is it not possible that some parts of the OP's 4.0-current system might have changes that did not make it into 4.1-stable? /Alexander see the beginning of FAQ 5... (I seem to be saying this a lot lately. Yes, this section is full of all kinds of meaning, but it is really much simpler than people are trying to make it...) No, 4.1-stable is branched at /4.1-release/, which comes after 4.1-beta, and before 4.1-current. The only things that are in 4.0-current that are not in 4.1-stable/4.1-release are things that didn't work and got removed (or replaced or improved upon by something else or or...) X-release - X-current - X+0.1-beta - X+0.1-release - X+0.1-current ... HOWEVER, there ARE things in a recent 4.0-STABLE build which are NOT yet in 4.1-stable, because there are no 4.1-stable commits yet, and will not be until release day. AT THIS TIME, 3.9-stable and 4.0-stable are being maintained, but 4.1 is not. Jumping the gun on -release is not wise unless you understand why it isn't... Nick.
Does anyone know a good file manager for OpenBSD?
Hello everyone =) So, the title says it all. Anyone know a nice download manager utility for OpenBSD? Something along the lines of downloader 4 X for linux, or maybe even something like flashget/getright from the Windows world. I get the feeling that a nice download manager is a rare sight in the Unix world... Sorry if this has already been asked before, but I looked on the archives I have and I haven't found any reference to it. -- An OpenBSD user...
Re: Does anyone know a good file manager for OpenBSD?
How about ftp? On Wed, Mar 21, 2007 at 12:14:33AM -0300, Leonardo Rodrigues wrote: Hello everyone =) So, the title says it all. Anyone know a nice download manager utility for OpenBSD? Something along the lines of downloader 4 X for linux, or maybe even something like flashget/getright from the Windows world. I get the feeling that a nice download manager is a rare sight in the Unix world... Sorry if this has already been asked before, but I looked on the archives I have and I haven't found any reference to it. -- An OpenBSD user...
Re: Does anyone know a good file manager for OpenBSD?
On Wed, Mar 21, 2007 at 12:14:33AM -0300, Leonardo Rodrigues wrote: So, the title says it all. Anyone know a nice download manager utility for OpenBSD? Something along the lines of downloader 4 X for linux, or maybe even something like flashget/getright from the Windows world. I get the feeling that a nice download manager is a rare sight in the Unix world... I'm not familiar with Downloader 4 X, but if it runs on Linux then it'll probably work on OpenBSD as well, assuming you're running X11. (A cursory look seems to indicate that it doesn't exist in the ports tree, however, so you'd have to build it manually.) But for what it's worth, I'd recommend the command line utility wget over anything. pkg_add wget and you're good to go. -- Mark Shroyer [EMAIL PROTECTED] http://markshroyer.com/
Re: Does anyone know a good file manager for OpenBSD?
Hello. I don't actually see what you call a download manager but I personnaly like the one included in Firefox. And wget can do great things too. Maxime DERCHE Leonardo Rodrigues wrote: Hello everyone =) So, the title says it all. Anyone know a nice download manager utility for OpenBSD? Something along the lines of downloader 4 X for linux, or maybe even something like flashget/getright from the Windows world. I get the feeling that a nice download manager is a rare sight in the Unix world... Sorry if this has already been asked before, but I looked on the archives I have and I haven't found any reference to it.
Re: Does anyone know a good file manager for OpenBSD?
wget? and no..your subject does not say it all..I interpreted that as file manager, as in mc, xfe, nautilus, etc.. On 3/20/07, Leonardo Rodrigues [EMAIL PROTECTED] wrote: Hello everyone =) So, the title says it all. Anyone know a nice download manager utility for OpenBSD? Something along the lines of downloader 4 X for linux, or maybe even something like flashget/getright from the Windows world. I get the feeling that a nice download manager is a rare sight in the Unix world... not a bad assumption.. though wget works great for me.. Cheers, Jason
Re: Does anyone know a good file manager for OpenBSD?
On 3/21/07, Mark Shroyer [EMAIL PROTECTED] wrote: But for what it's worth, I'd recommend the command line utility wget over anything. pkg_add wget and you're good to go. I second that. Wget is a great software! You can even use the mozilla cookies to keep the section of some site you're visiting. So you can download stuff you had to type in your password to be able to see the link. That option went unknown to me until the day I was having trouble downloading a file that I had to be logged in to a site in order to download. I decided I should take a look at wget's manual to see if it had anything that could help me, and there it was the --load-cookies argument :).
USB Printer Recommendation
I'm looking to finally cut the last strand that keeps windows on my hard drive. I currently have a brother mfc-210c printer. I'm looking to replace it with a cheap openbsd/lpr friendly solution. Although the mfc is a multifunction printer, that is not a requirement for the new printer. It has finally sunk in how sad it is to have to keep windows just to print, it's also a pain in the ass to have to reboot every time I want to print. Any suggestions would be awesome, thanks.
Re: Does anyone know a good file manager for OpenBSD?
am I missing something? why not just use a firefox extension like downthemall? I haven't used a stand alone downloader since netscape was king. On Mar 20, 2007, at 9:00 PM, Mark Shroyer wrote: Downloader 4 X,
groff update?
Is there any chance of a newer version of groff (1.18 or 1.19) being imported into the tree? If not, would a port with binary names prefixed with a character like 'n' (to differentiate them from the in-tree versions) be accepted? Thanks Gareth
issues with PHP and cURL curl_exec() function within OpenBSD chroot
Hello all, We're having issues with php 5.1.6 and cURL within OpenBSD's (v4.0) jail. Hopefully, someone knows how to solve this. We're using PHP's built-in cURL function, curl_exec(), to connect to remote servers (both HTTP and HTTPS). We then send an HTTP POST request (or GET--it doesn't matter) expecting to get data back from the other end. Unfortunately, the response is empty where we should get the HTML output of the remote server. Outside of the OBSD chroot it works fine; in the chroot there's no output, yet it doesn't report an error--either to the browser or to the apache logs. In the less-than-believable but completely true words of the poor guy testing this part of our software, It just didn't work. Nothing. As for the kernel itself, we're running OpenBSD 4.0-stable. Lastly, at the suggestion of one person, we tried (to no avail) altering our php.ini to have: allow_url_fopen = On Anyone got any ideas on this? (Clue sticks welcome.) As always, thanks much, folks. Kevin -- http://www.ebiinc.com : Background Screening for Employers from EBI Professional background checks... anywhere.
Re: USB Printer Recommendation
On 3/20/07, James Turner [EMAIL PROTECTED] wrote: I'm looking to finally cut the last strand that keeps windows on my hard drive. You didn't mention ink or laser but my Brother HL-5250DN works GREAT for the price. Greg
help with 4.1 snapshots and latest ports and src
is my setup ok? im running snaphots 4.1 and here's my supfile: # /usr/supfile *default release=cvs *default delete use-rel-suffix *default umask=002 *default host=anoncvs.usa.openbsd.org *default base=/usr *default prefix=/usr *default tag=. OpenBSD-ports OpenBSD-src OpenBSD-xf4 check-out cvs and upgrade: # cvsup -g -L 2 /usr/supfile and another question how will i upgrade from snapshots 4.1 to current? thanks --jay--
Re: help with 4.1 snapshots and latest ports and src
On 3/20/07, Jay Jesus Amorin [EMAIL PROTECTED] wrote: is my setup ok? im running snaphots 4.1 and here's my supfile: # /usr/supfile *default release=cvs *default delete use-rel-suffix *default umask=002 *default host=anoncvs.usa.openbsd.org *default base=/usr *default prefix=/usr *default tag=. OpenBSD-ports OpenBSD-src OpenBSD-xf4 check-out cvs and upgrade: # cvsup -g -L 2 /usr/supfile and another question how will i upgrade from snapshots 4.1 to current? It seems to be recommended that you upgrade from snapshot to snapshot using the binary upgrade method. This is arguably the easiest way; boot from new snapshot bsd.rd and perform an upgrade. You can also track -current from CVS, and these will help there: http://www.openbsd.org/anoncvs.html http://www.openbsd.org/faq/current.html DS