OT: SiLK, libfixbuf and GPLR - Government Purpose License Rights
Hello, I was to begin tests with FlowViewer ( http://sourceforge.net/projects/flowviewer/), which needs SiLK, which, in turns, needs libfixbuf, both from NetSA/CERT: http://tools.netsa.cert.org Are there anyone using these softwares? I am able to download only if I accept GPLv2 (or LGPLv2) and GPLR, but I do not understand this line: Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013 I could not find good information sources about it. So, I ask: 1 - These kind of licences are meaningful by a Brazilian (i.e., USA's outsiders) point of view? 2 - What is the OpenBSD Project judgment about GPLR/DFARS? (Do not know exactly how to name it.) 3 - Where can I find more information about GPLR (DFARS?)? Thank you very much for your time on this, Raimundo Santos
Re: OT: SiLK, libfixbuf and GPLR - Government Purpose License Rights
On Sun, Sep 28, 2014 at 03:39, Raimundo Santos wrote: Government Purpose License Rights (GPLR) pursuant to DFARS 252.227.7013 I could not find good information sources about it. So, I ask: 1 - These kind of licences are meaningful by a Brazilian (i.e., USA's outsiders) point of view? 2 - What is the OpenBSD Project judgment about GPLR/DFARS? (Do not know exactly how to name it.) 3 - Where can I find more information about GPLR (DFARS?)? When the US government pays for the development of software, it usually requires that it be allowed to use the software. They require that the software be made available to them under the terms of the GPLR (not related at all to the GPL). You are not the government, so instead the software is available to you under the terms of the LGPL.
Re: OpenBSD 5.5: question regarding pf syntax
On 28 Sep 2014, at 05:00, System Administrator ad...@bitwise.net wrote: On 27 Sep 2014 at 18:50, Andrew Lester wrote: Hey guys, I have what I hope is a simple syntax question for pf rules. I have not been able to find any example of this online or in the man pages. I suspect it is perhaps not possible. Basically I want to allow out certain web services, with a simple rule like below: pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any My trouble is with the $ports macro. Here's what I am trying to do: $common= '{80,443,465,587,993}' $games= '{5222,7778,28900}' $ports= { $common $games } NOTE: In my real config the macros are above the rule, and I have tried with and without enclosing the top two macros in the single quotes. Your problem is not with the quotes but with the braces -- only one set of braces is needed and accepted when defining a list. Or turn ports into a table and put the macros for each interesting set of ports into the table, and use the table in the rule etc. This way when I need to allow specific applications out, instead of having a huge single macro where I will forget what the ports are for, I can have smaller macros that I just add into the single macro which I use in the pf rule. Instead of making a new rule for each application, I can just add to the $ports macro. pf however indicates that the $ports macro is not valid syntax. Is this a syntax error on my part, or is this something pf cannot do? Totally fine if the latter, I just want to make sure I am not missing something silly with the syntax. :) Warm regards, Andrew
Re: X dies after suspend to ram
On Thu, Sep 25, 2014 at 12:12:55PM -0400, Ted W. wrote: I have really enjoyed the last few weeks of running OpenBSD on my Thinkpad. Almost everything I need works and or worked right out of the box. The only real issue I've noticed is that when the system returns from suspend and press ctrl-alt-del to restart X either X or SLiM (not sure which) will not come back up. To work around this issue, I switch to TTY2, log in as root and run `/etc/rc.d/slim restart`. I've tried suspending with and without using slock first and the behavior stays the same. Any input on the matter would be appreciated, -- Ted W. t...@xy0.org No dmesg, no help.
Re: OpenBSD 5.5: question regarding pf syntax
On 28 Sep 2014 at 8:44, Andy Lemin wrote: On 28 Sep 2014, at 05:00, System Administrator ad...@bitwise.net wrote: On 27 Sep 2014 at 18:50, Andrew Lester wrote: Hey guys, I have what I hope is a simple syntax question for pf rules. I have not been able to find any example of this online or in the man pages. I suspect it is perhaps not possible. Basically I want to allow out certain web services, with a simple rule like below: pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any My trouble is with the $ports macro. Here's what I am trying to do: $common= '{80,443,465,587,993}' $games= '{5222,7778,28900}' $ports= { $common $games } NOTE: In my real config the macros are above the rule, and I have tried with and without enclosing the top two macros in the single quotes. Your problem is not with the quotes but with the braces -- only one set of braces is needed and accepted when defining a list. Or turn ports into a table and put the macros for each interesting set of ports into the table, and use the table in the rule etc. Have you even tried this??? I'm quite certain that tables can only hold various forms of IP addresses and, accordingly, be used in place of source or destination *addresses* but not ports. This way when I need to allow specific applications out, instead of having a huge single macro where I will forget what the ports are for, I can have smaller macros that I just add into the single macro which I use in the pf rule. Instead of making a new rule for each application, I can just add to the $ports macro. pf however indicates that the $ports macro is not valid syntax. Is this a syntax error on my part, or is this something pf cannot do? Totally fine if the latter, I just want to make sure I am not missing something silly with the syntax. :) Warm regards, Andrew
Re: OT: SiLK, libfixbuf and GPLR - Government Purpose License Rights
On 28 September 2014 04:13, Ted Unangst t...@tedunangst.com wrote: You are not the government, so instead the software is available to you under the terms of the LGPL. Thank you for the clarification. I got that it has nothing to do with GPL or FSF at all just reading the name: it is pretty clear, and scary in the first sight. Once again: thank you for your time, Raimundo Santos
eurobsdcon snippet
All was fine. But the google people are strange. They make an online raffle where you can win a chromebook (hey, why not) and they ask some test questions. The guy from google went on-stage, commented that nobody got all the uestions right, then went on to remind everyone that if was a *raffle*, so every one of the 67 contestants got *a fair chance* to win. Google, I think I outsmarted you. When I was filling my raffle entry, I was thinking why spend any effort answering those questions, it's a raffle, they don't matter. Who's playing with whom ? :-P Thanks still go to all the sponsors for this event and the organizing team. I just found this amusing. I'm still happy for the venue and the chance to be with the community, even with fucking Air-France on strike...
Re: OpenBSD 5.5: question regarding pf syntax
On Sun, 28 Sep 2014 12:05:11 -0400, System Administrator ad...@bitwise.net wrote: On 28 Sep 2014 at 8:44, Andy Lemin wrote: On 28 Sep 2014, at 05:00, System Administrator ad...@bitwise.net wrote: On 27 Sep 2014 at 18:50, Andrew Lester wrote: Hey guys, I have what I hope is a simple syntax question for pf rules. I have not been able to find any example of this online or in the man pages. I suspect it is perhaps not possible. Basically I want to allow out certain web services, with a simple rule like below: pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any My trouble is with the $ports macro. Here's what I am trying to do: $common= '{80,443,465,587,993}' $games= '{5222,7778,28900}' $ports= { $common $games } NOTE: In my real config the macros are above the rule, and I have tried with and without enclosing the top two macros in the single quotes. Your problem is not with the quotes but with the braces -- only one set of braces is needed and accepted when defining a list. Or turn ports into a table and put the macros for each interesting set of ports into the table, and use the table in the rule etc. Have you even tried this??? I'm quite certain that tables can only hold various forms of IP addresses and, accordingly, be used in place of source or destination *addresses* but not ports. I must admit that now you say it, I don't think I have! I use tables to hold many different macro's containing IP address groups etc, but not ports.. Was pretty tired when I wrote that and didn't think to question it This way when I need to allow specific applications out, instead of having a huge single macro where I will forget what the ports are for, I can have smaller macros that I just add into the single macro which I use in the pf rule. Instead of making a new rule for each application, I can just add to the $ports macro. pf however indicates that the $ports macro is not valid syntax. Is this a syntax error on my part, or is this something pf cannot do? Totally fine if the latter, I just want to make sure I am not missing something silly with the syntax. :) Warm regards, Andrew
Re: OpenBSD 5.5: question regarding pf syntax
andy wrote: I have what I hope is a simple syntax question for pf rules. BTW 3rd edition about to be released. The Book of PF In the third edition of The Book of PF (No Starch Press, Oct 2014, 248 pp., $34.95), author Peter N.M. Hansteen returns with more of the life-saving PF and BSD help that made the first two editions such a hit. With the help of this fast-paced, clear, instructional guide, readers will master the latest PF developments to build strong and secure networks better able to handle today's network demands. -- Jack Woehr # There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game. - N. Short
Re: OpenBSD 5.5: question regarding pf syntax
2014-09-28 22:49 GMT+02:00 Jack Woehr jwo...@softwoehr.com: BTW 3rd edition about to be released. The ebook _has_ been released. :-) Best Martin
Periodic DNS resolution
A problem that seems to come up over and over again with egress filtering firewalls are sites that move IPs so the names need to be resolved periodically and rules updated. I recently migrated to using pf and was wondering if anyone had suggestions for how they tackle this problem. I realize I could create cron jobs with scripts to do this, but was curious if there was a better way. I'd eventually like to track changes and log them as well. Cheers, Austin
Re: OpenBSD 5.5: question regarding pf syntax
Thanks all! My actual issue was using braces more than once. To the last person that replied -- that was precisely what I am trying to avoid, having a rule defined for each set of ports! Warm regards, Andrew Sent from my iPhone On Sep 27, 2014, at 9:00 PM, System Administrator ad...@bitwise.net wrote: On 27 Sep 2014 at 18:50, Andrew Lester wrote: Hey guys, I have what I hope is a simple syntax question for pf rules. I have not been able to find any example of this online or in the man pages. I suspect it is perhaps not possible. Basically I want to allow out certain web services, with a simple rule like below: pass out on em0 proto tcp from 192.168.1.0/24 port $ports to any My trouble is with the $ports macro. Here's what I am trying to do: $common= '{80,443,465,587,993}' $games= '{5222,7778,28900}' $ports= { $common $games } NOTE: In my real config the macros are above the rule, and I have tried with and without enclosing the top two macros in the single quotes. Your problem is not with the quotes but with the braces -- only one set of braces is needed and accepted when defining a list. This way when I need to allow specific applications out, instead of having a huge single macro where I will forget what the ports are for, I can have smaller macros that I just add into the single macro which I use in the pf rule. Instead of making a new rule for each application, I can just add to the $ports macro. pf however indicates that the $ports macro is not valid syntax. Is this a syntax error on my part, or is this something pf cannot do? Totally fine if the latter, I just want to make sure I am not missing something silly with the syntax. :) Warm regards, Andrew
Re: Periodic DNS resolution
i run some scripts out of cron (and from rc.local on boot) to keep some tables in sync with DNS. the scripts are perl so i can use Net::DNS, but apart from that its been pretty robust and straightforward. dlg On 29 Sep 2014, at 11:44, Austin Gilbert austin.gilb...@gmail.com wrote: A problem that seems to come up over and over again with egress filtering firewalls are sites that move IPs so the names need to be resolved periodically and rules updated. I recently migrated to using pf and was wondering if anyone had suggestions for how they tackle this problem. I realize I could create cron jobs with scripts to do this, but was curious if there was a better way. I'd eventually like to track changes and log them as well. Cheers, Austin