pf.conf : rule tagged x OR y ?

2010-08-22 Thread Jean-Francois 
Hello,

Is it ever possible to have a rule in pf.conf such as :
pass in on $int_if proto tcp to any tagged client or admin

I think not, is the following a correct alternate ?
pass in on $int_if proto tcp to any tagged client
pass in on $int_if proto tcp to any tagged admin

In my opinion the OR is not implemented at least it seems not documented, 
maybe the folowing is also possible ?
pass in on $int_if proto tcp to any tagged {client,admin}

Thanks for clarifications

pf scrub doubt

2010-08-22 Thread Marcos Laufer 

Hello list,

I'm just in doubt in how to replace the sentence for OpenBSD 4.7 :
scrub in all

Is it just like this? : 
match in all scrub


If so, should this be updated in http://www.openbsd.org/faq/pf/scrub.html ?

Thanks!
Marcos

Re: pf scrub doubt

2010-08-22 Thread Henning Brauer 
* Marcos Laufer mar...@ipv4networks.com [2010-08-22 20:05]:
 I'm just in doubt in how to replace the sentence for OpenBSD 4.7 :
 scrub in all
 
 Is it just like this? : match in all scrub

no.
just delete that line. it only did reassembly which is on by default
now.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

-current build fails

2010-08-22 Thread Cedric Brisseau 
Hi,

Building -current/amd64 fails today for me with vis(3) related commits :

cc -O2 -pipe -g -I/usr/src/lib/libc/include -DAPIWARN -DYP
-I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE -I/usr/src/lib/libc
-I/usr/src/lib/libc/gdtoa -I/usr/src/lib/libc/arch/amd64/gdtoa
-DINFNAN_CHECK -DMULTIPLE_THREADS -DNO_FENV_H -DUSE_LOCALE
-I/usr/src/lib/libc -I/usr/src/lib/libc/citrus -DRESOLVSORT
-DPOSIX_MISTAKE -DFLOATING_POINT -DNLS   -c
/usr/src/lib/libc/locale/iswctype.c -o iswctype.o
cc -O2 -pipe -g -I/usr/src/lib/libc/include -DAPIWARN -DYP
-I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE -I/usr/src/lib/libc
-I/usr/src/lib/libc/gdtoa -I/usr/src/lib/libc/arch/amd64/gdtoa
-DINFNAN_CHECK -DMULTIPLE_THREADS -DNO_FENV_H -DUSE_LOCALE
-I/usr/src/lib/libc -I/usr/src/lib/libc/citrus -DRESOLVSORT
-DPOSIX_MISTAKE -DFLOATING_POINT -DNLS   -c -fpic -DPIC
/usr/src/lib/libc/gen/vis.c -o vis.so
/usr/src/lib/libc/gen/vis.c: In function 'vis':
/usr/src/lib/libc/gen/vis.c:57: error: 'VIS_ALL' undeclared (first use
in this function)
/usr/src/lib/libc/gen/vis.c:57: error: (Each undeclared identifier is
reported only once
/usr/src/lib/libc/gen/vis.c:57: error: for each function it appears in.)
/usr/src/lib/libc/gen/vis.c:109: error: 'VIS_HEX' undeclared (first
use in this function)
*** Error code 1
*** Error code 1
Stop in /usr/src/lib/libc:
 Exit status 1 (vis.so, line 49 of /usr/share/mk/bsd.lib.mk)
*** Error code 2
Stop in /usr/src/lib:
 Exit status 2 (all, line 48 of /usr/share/mk/bsd.subdir.mk)
*** Error code 2
*** Error code 1
Stop in /usr/src:
 Exit status 1 (build, line 74 of Makefile)

Regards,
cb

Re: Web hosting, restrict user to access only his folder

2010-08-22 Thread Chris Cappuccio 
Benny L??fgren [bl-li...@lofgren.biz] wrote:
 
 (I've long wished for a privsep apache with separate chroot():s for
 every virtual domain... one of these days I'm gonna have to look
 into it, but I suppose it's not trivial to implement or someone
 would have done it by now. :-) )
 
 

I think people do this today by just running multiple daemons, one under each 
uid, binding each one to a different IP (or to a different port and using a 
reverse proxy on port 80)

Of course it would be convenient if the system could multiplex it for you with 
one master daemon

Re: Remotely connect to gnome

2010-08-22 Thread Stuart Henderson 
On 2010-08-21, Christopher Zimmermann madro...@zakweb.de wrote:
 On 08/21/10 17:27, Christopher Zimmermann wrote:
 On 08/21/10 16:45, Jean-Francois wrote:
 Hi All,
 
 I've understood that unixes are made to work as workstations and that
 gnome
 and kde could handle that.

 Could you please help me to get on the way to make remote connections
 possible to gnome for session login and desktop use ?
 
 Here's an excerpt from a setup on a debian lenny server, should work with
 OpenBSD as well. If you need some more tipps or other configs I missed,
 just
 ask. Also note that XDMCP is no secure protocol. Only use it via trusted
 links.
 Other options would be to run one of the vpn-X-servers, possibly
 launched via
 gdm.

 arrrg, no, of course not vpn, vnc is what I meant. For example have a
 look at the thightvnc package.

The tightvnc server is based on a horribly old version of X11 and has
various portability problems. If x11vnc can do what you need that's likely
to be a much better choice (it's not a standalone X server though).

ssvnc makes quite a good (and fast) viewer.

-current ports compile fails in /usr/src/lib/libc/gen/vis.c

2010-08-22 Thread Amit Kulkarni 
# sysctl -n kern.version
OpenBSD 4.8-current (GENERIC) #3: Sun Aug 22 12:49:11 CDT 2010
a...@pilloo.my.domain:/usr/src/sys/arch/i386/compile/GENERIC

I did do a cvs update src, ports, xenocara for -current. Submitted dmesg
too.

Compiled, installed, rebooted with new kernel

Having the same problem since yesterday (or was it friday?)  today, so
thought to report it

Complete newbie to -current

cc -O2 -pipe -g -I/usr/src/lib/libc/include -DAPIWARN -DYP
-I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE -I/usr/src/lib/libc
-I/usr/src/lib/libc/gdtoa -I/usr/src/lib/libc/arch/i386/gdtoa -DINFNAN_CHECK
-DMULTIPLE_THREADS -DNO_FENV_H -DUSE_LOCALE -I/usr/src/lib/libc
-I/usr/src/lib/libc/citrus -DRESOLVSORT -DPOSIX_MISTAKE -DFLOATING_POINT
-DNLS   -c /usr/src/lib/libc/gen/vis.c -o vis.o
/usr/src/lib/libc/gen/vis.c: In function 'vis':
/usr/src/lib/libc/gen/vis.c:57: error: 'VIS_ALL' undeclared (first use in
this function)
/usr/src/lib/libc/gen/vis.c:57: error: (Each undeclared identifier is
reported only once
/usr/src/lib/libc/gen/vis.c:57: error: for each function it appears in.)
/usr/src/lib/libc/gen/vis.c:109: error: 'VIS_HEX' undeclared (first use in
this function)
*** Error code 1

Stop in /usr/src/lib/libc (line 92 of /usr/share/mk/sys.mk).
*** Error code 1

Stop in /usr/src/lib (line 48 of /usr/share/mk/bsd.subdir.mk).
*** Error code 1

Stop in /usr/src (line 74 of Makefile).

Re: Web hosting, restrict user to access only his folder

2010-08-22 Thread Benny Löfgren 

Chris Cappuccio wrote:

Benny L??fgren [bl-li...@lofgren.biz] wrote:

(I've long wished for a privsep apache with separate chroot():s for
every virtual domain... one of these days I'm gonna have to look
into it, but I suppose it's not trivial to implement or someone
would have done it by now. :-) )

I think people do this today by just running multiple daemons, one

 under each uid, binding each one to a different IP (or to a different
 port and using a reverse proxy on port 80)


Of course it would be convenient if the system could multiplex it for

 you with one master daemon

Yes, that's how I currently do things too, but it's an inconvenient 
solution to the problem, mainly because Apache doesn't lend itself well 
to be run in multiple instances on the same server (and the hassle of 
needing a reverse proxy introduces another level of complexity).



/B

--
internetlabbet.se / work:   +46 8 551 124 80  / Words must
Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted.
   /email:  benny -at- internetlabbet.se

Rendicontazione OnLine

2010-08-22 Thread info 
 Gentile Cliente,

Un nuovo documento di rendicontazione h a sua disposizione.
Potr` consultarlo e salvarlo sul suo PC entro un anno da oggi, visitando
larea Estratto conto e
documentazione dei suoi Servizi via internet.

Per lassistenza ai Servizi via internet pur contattare il numero verde
800.303.300, gratuito anche
da cellulare.

Cordiali saluti.
Banche di Credito Cooperativo


Questo h un messaggio automatico.
Per disabilitare il servizio pur utilizzare la funzione Modifica
abilitazioni (Comunicazioni  Estratto
conto e documentazione).
Prima di stampare, pensa allambiente ** Think about the environment
before printing

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of documento.16137DEFANGED-html]

Re: Web hosting, restrict user to access only his folder

2010-08-22 Thread Joel Wiramu Pauling 
lightty does however. So you may want to look into it over apache.

On 23/08/2010, Benny LC6fgren bl-li...@lofgren.biz wrote:
 Chris Cappuccio wrote:
 Benny L??fgren [bl-li...@lofgren.biz] wrote:
 (I've long wished for a privsep apache with separate chroot():s for
 every virtual domain... one of these days I'm gonna have to look
 into it, but I suppose it's not trivial to implement or someone
 would have done it by now. :-) )
 I think people do this today by just running multiple daemons, one
   under each uid, binding each one to a different IP (or to a different
   port and using a reverse proxy on port 80)

 Of course it would be convenient if the system could multiplex it for
   you with one master daemon

 Yes, that's how I currently do things too, but it's an inconvenient
 solution to the problem, mainly because Apache doesn't lend itself well
 to be run in multiple instances on the same server (and the hassle of
 needing a reverse proxy introduces another level of complexity).


 /B

 --
 internetlabbet.se / work:   +46 8 551 124 80  / Words must
 Benny Lvfgren/  mobile: +46 70 718 11 90 /   be weighed,
  /   fax:+46 8 551 124 89/not counted.
 /email:  benny -at- internetlabbet.se

Re: -current ports compile fails in /usr/src/lib/libc/gen/vis.c

2010-08-22 Thread Amarendra Godbole 
On Mon, Aug 23, 2010 at 2:08 AM, Amit Kulkarni amitk...@gmail.com wrote:
 # sysctl -n kern.version
 OpenBSD 4.8-current (GENERIC) #3: Sun Aug 22 12:49:11 CDT 2010
a...@pilloo.my.domain:/usr/src/sys/arch/i386/compile/GENERIC

 I did do a cvs update src, ports, xenocara for -current. Submitted dmesg
 too.

 Compiled, installed, rebooted with new kernel

 Having the same problem since yesterday (or was it friday?)  today, so
 thought to report it

 Complete newbie to -current

 cc -O2 -pipe -g -I/usr/src/lib/libc/include -DAPIWARN -DYP
 -I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE -I/usr/src/lib/libc
 -I/usr/src/lib/libc/gdtoa -I/usr/src/lib/libc/arch/i386/gdtoa
-DINFNAN_CHECK
 -DMULTIPLE_THREADS -DNO_FENV_H -DUSE_LOCALE -I/usr/src/lib/libc
 -I/usr/src/lib/libc/citrus -DRESOLVSORT -DPOSIX_MISTAKE -DFLOATING_POINT
 -DNLS   -c /usr/src/lib/libc/gen/vis.c -o vis.o
 /usr/src/lib/libc/gen/vis.c: In function 'vis':
 /usr/src/lib/libc/gen/vis.c:57: error: 'VIS_ALL' undeclared (first use in
 this function)
 /usr/src/lib/libc/gen/vis.c:57: error: (Each undeclared identifier is
 reported only once
 /usr/src/lib/libc/gen/vis.c:57: error: for each function it appears in.)
 /usr/src/lib/libc/gen/vis.c:109: error: 'VIS_HEX' undeclared (first use in
 this function)
[...]

I hope you are religiously following instructions here:
http://www.openbsd.org/faq/faq5.html#BldUserland.

Another important thing you may want to look at (since you run
-current) is http://www.openbsd.org/faq/current.html Especially check
the config(8) and gcc4 updates.

-Amarendra

cwm keybindings and autogroup issues

2010-08-22 Thread Predrag Punosevac 
I was wondering if anybody else observed the following two issues with
cwm:

1. Sometimes when I kill xclients with Ctrl+Alt+x I can not start xterm
using default keybindings Ctrl+Alt+Enter. However as soon as I launch a
single application from cwm menu the keybinding work again. 

2. I just adopted XXXterm as my default web-browser. I used to have 
autogroup 3 opera,Opera

which I replaced with 

autogroup 3 xxxterm,XXXterm

however xxxterms do NOT get autogrouped. Note that I do have xxxterm in
my menu because of

command XXXterm xxxterm

Most Kind Regards,
Predrag Punosevac

Reduce de 7 a 10 Kilos con solo un día a la semana

2010-08-22 Thread Body Sanctuary México 
Tratamiento para hombres y Mujeres
==

Ver email en explorador de internet en linea

[IMAGE]

Consulta otros tratamientos en: www.bodysanctuary.com.mx
Pregunta por otras promociones disponibles en temporada

Si deseas ser removido responde este mail con la clave: 550DF
Importante: Es importante escribir la clave ya que Nuestro boletmn esta
dado de alta en diversos servidores, asi lograremos identificar tu email

hits counter

undeadly's been down for a while

2010-08-22 Thread patric conant 
just fyi, in case someone involved is on misc.

-- 
 /\ASCII Ribbon Campaign
 \ /Respect for low technology.
 X Keep e-mail messages readable by any computer system.
 / \Keep it ASCII.