ipv6 problem
I have 2001:14b8:10:402::/64 ipv6 from my isp and I cant get it working. Ifconfig should be ok: backup# ifconfig rl0 inet6 rl0: flags=8843 metric 0 mtu 1500 options=8 inet6 2001:14b8:10:402:2::1 prefixlen 64 default gateway is set to 2001:14b8:10:402:1::1. When I try to traceroute irc server for example I get this: traceroute6: Warning: irc.cc.tut.fi has multiple addresses; using 2001:708:310:4952:4320:5365:7276:6572 traceroute6 to irc.cc.tut.fi (2001:708:310:4952:4320:5365:7276:6572) from 2001:14b8:10:402:2::1, 64 hops max, 12 byte packets 1 2001:14b8:10:402:2::1 2026.908 ms !A 2999.587 ms !A 3000.423 ms !A So. Could this be problem in my configs or is this because of something wrong at the isp side? -- pepe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Ettercap segmentation fault....
On Tue, Jul 6, 2010 at 11:21 PM, Axel Barnabas wrote: > Hello, > > I have compiles ettercap from ports without incident. However, when I attempt > to run ettercap in any way, after a short while the program crashes and I am > presented with an error message which is as follows: > > > Ooops ! This shouldn't happen... > Segmentation Fault... > > Please recompile in debug mode, reproduce the bug and send a bugreport > > > I have deinstalled and recompiled to program twice, yielding no results. > Some additional information which may be useful- > > #pkg_info | grep ettercap > ettercap-gtk2-0.7.3_10,1 A network sniffer/interceptor/injector/logger for > switched > > #uname -a > FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:02:08 UTC 2009 > r...@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 > > If anyone wishes me to recompile in debug mode, you will have to tell me how; > I am not familiar with the process. > > Axel Try this: Before building the port (if you're starting from scratch), run: Code: # cd /usr/ports/net-mgmt/ettercap # make fetch # make extract In the file "/usr/ports/net-mgmt/ettercap/work/ettercap-NG-0.7.3/src/protocols/ec_tcp.c" on line 119, change the following line from: Code: opt_end = (u_char *)((int)tcp + tcp->off * 4); To: Code: opt_end = (u_char *)(tcp + tcp->off * 4); ...using your favorite text editor. Then, run the typical: Code: # make config # make build # make install After all of that, give the program a run or two, and see if it's working. Let us all know. -Brandon [Refer to FreeBSD Forum Thread: http://forums.freebsd.org/showthread.php?t=15719] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
ntfs-3g
Hello, I have installed ntfs-3g on freebsd 8.1 and even after tuning the ntfs-3g environment variables the writing speed from the ufs2-freebsd disk to a windows xp disk is only about 10 MB/s while writing to ext2 or ufs2 disks from the same brand and type is between 40 and 50 MB/s, so at least 4 times as fast. With slackware 13.1 and ntfs-3g the writing speed to the same windows xp disk is about 40 MB/s Are there any patches or alternatives to fix this problem in freebsd 8.1 ? Kind regards, Dirk Scheerlinck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8.2: state of Kerberos, GSS-API and (Cyrus) SASL?
On Mon, Jan 31, 2011 at 05:43:20PM +0100, Jan Henrik Sylvester wrote: > >cyrus-sasl2 integration with base Heimdal? With ports Heimdal? Can I > >replace base Heimdal with one from ports, is it supported? Any > >make.conf knobs to fiddle with? Any info appreciated. > > I am struggling with exactly the same problem. Unfortunately, I got > no reply on this list about it: > > http://lists.freebsd.org/pipermail/freebsd-questions/2011-January/226495.html > > If you get any further, please, tell me. I am thinking about > reposting my question to a different list: stable as that is where > the earlier discussions happened or ports as that seems more > appropriate. > > What I have not tried, yet, is using MIT Kerberos from ports instead > of Heimdal, but since we use Heimdal here for everything, I am kind > of reluctant. (Otherwise, I would have to setup some Linux > server...) > I looked around for knobs to disable building base Heimdal and other kerberised bits in hope that security/heimdal could be installed into /usr. Nothing in make.conf but I found new /etc/src.conf file, sure things have changed since 5.1 days when I left. Oh the horror days of 5.x, but I digress. Anyway, I think that by fiddling with src.conf knobs one can suppress building the base Heimdal and all other kerberised things. After one modified build and installworld the old bits lying around should be removed and Heimdal port installed into /usr by defining HEIMDAL_HOME. This is for start, clean base for further exploration. On the other hand I found the following patches in the security/heimdal commit log: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/152030 I will try that first, but this will be no-go in production because those patches aren't probably committed to -STABLE. -- Vallo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Issue upgrading to 7.4, looking for guidance
For me I used a "quick and dirty" solution for upgrade 1) build a machine (or a virtual one...) with the freebsd version you want, for example=8.2 cvsup the kernel in /usr/src 2) export KERNCONF=xx the name of the kernel config file you want to build 3) cd /usr/src;make buildworld buildkernel 4) mkdir /tmp/dist 5) export DESTDIR=/tmp/dist 6) make installworld installkernel 7) (cd /tmp/dist;tar cvzf - * ) > /tmp/newsystem.tar.gz 8) move the newsystem.tar.gz to the machine you want to upgrade 9) /rescue/tar -xpvf newsystem.tar.gz -C / the system will not respond to comands any more because of rewrite of almost all libs... so the solution is fastboot When the system comes up, it shows the release you built from this way you can go from 7.0 to 8.2 in one single step. for me it worked in internet all times but, you are warned: use at you own risk... Sergio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
open source scheduling system for shift workers
Hi there, Is there a good open source scheduling system that somebody can recommendation? Basically I need to track people who perform duties on 4 to 8 hour shifts. I am sure there is something written out there. I have found limitations with phpscheduleit for creating 4 hour slices multiple times a day. Maybe recent improvements to the code has fixed this. But are there other options out there. Cheers, Noah ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Issue upgrading to 7.4, looking for guidance
David, > I ran into a similar issue upgrading from 7.2 to 7.3. Here's the > thread where I worked it out; it might be helpful in your case: > http://lists.freebsd.org/pipermail/freebsd-questions/2010-July/218443.html > My eventual solution was here, if you don't want to read through the > whole thread: > http://lists.freebsd.org/pipermail/freebsd-questions/2010-July/218884.html I ended up getting instructions from a friend n manually running # make buildworld # mergemaster -p # make installworld # mergemaster -i to get the world upgraded to 7.4-PRERELEASE. After this a bunch of removing, reinstalling, and upgrading of ports was necessary, but everything appears to be working now. Of course, not having a FreeBSD CD for any version of FreeBSD would make copying a file from the CD rather difficult... ;) Keith S. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Issue upgrading to 7.4, looking for guidance
I ran into a similar issue upgrading from 7.2 to 7.3. Here's the thread where I worked it out; it might be helpful in your case: http://lists.freebsd.org/pipermail/freebsd-questions/2010-July/218443.html My eventual solution was here, if you don't want to read through the whole thread: http://lists.freebsd.org/pipermail/freebsd-questions/2010-July/218884.html On Wed, Jan 26, 2011 at 6:36 PM, Keith Seyffarth wrote: > > I recently was having problems with Firefox crashing, which appear to be > related to a requirement for semaphore support for Firefox after the > upgrade to the new version of GTK. > > Anyway, this left me with a 7.4 kernel and a 7.2 world. Which I > understand is supposed to work. > > > However, this broke CUPS for printing, and I need to be able to print to > pdf. This error is generated if I try to build cups, or when cups tries > to load on startup: > /libexec/ld-elf.so.1: ./mantohtml: invalid PT_PHDR > > > >From looking around on-line, it looks like somewhere between 7.2 and 7.4 > there was an incompatibility that causes this error in a number of places > (printing, samba, etc.) > > > So, it looks like I need to upgrade the rest of the way. But I can't get > the upgrade to work. I thought this was where to start: > > # freebsd-update -r 7.4-RELEASE upgrade > Looking up update.FreeBSD.org mirrors... 4 mirrors found. > Fetching public key from update5.FreeBSD.org... failed. > Fetching public key from update4.FreeBSD.org... failed. > Fetching public key from update2.FreeBSD.org... failed. > Fetching public key from update3.FreeBSD.org... failed. > No mirrors remaining, giving up. > > So I ran uname -a to find that this is 7.4-PRERELEASE > > FreeBSD janet.weif.net 7.4-PRERELEASE FreeBSD 7.4-PRERELEASE #0: Thu Jan > 20 19:39:15 MST 2011 w...@janet.weif.net:/usr/obj/usr/src/sys/JANET > i386 > > > so I tried this: > > # freebsd-update -r 7.4-PRERELEASE upgrade > freebsd-update: Cannot upgrade from 7.4-PRERELEASE to itself > > > so, um, what do I need to do to address this error: > /libexec/ld-elf.so.1: ./mantohtml: invalid PT_PHDR > > > Keith S. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: computer panics when wifi settings are touched.
On 1/25/11, Eitan Adler wrote: > Recently I tried to connect to the same AP described in the following > thread: > http://www.mail-archive.com/freebsd-questions@freebsd.org/msg238799.html > > It worked relatively well until now. > > Whenever I try to use ifconfig, wpa_supplicant, dhclient, or any > related tool on the wlan0 interface it results in a system freeze. The > only way to get out of this is to hard reset the computer - but I do > not see the typical backtrace associated with a panic (even when X is > not running). > > What debugging information is needed to help solve the problem? FreeBSD version. Steps to reproduce the problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: syslog and chrooted isc-dhcpd
On 29/01/2011 13:36, CyberLeo Kitsana wrote: On 01/28/2011 09:22 AM, Michael wrote: I'm running my isc-dhcp41-server with chroot option. Is it possible to get it working with syslog? I don't know how to let chrooted dhcpd to talk with my syslog. Apparently, you can either provide the -l flag via rc.conf (syslogd_flags) or add the full log socket path to /var/run/syslogd.sockets on the host. Thanks a lot! Now I'm getting logs with syslogd_flags. Just to confirm - is it normal that they don't come with local7 facility (as set up in dhcpd.conf) but I need to do !dhcpd *.* /var/log/dhcpd.log in my syslogd configuration file? Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 8.2: state of Kerberos, GSS-API and (Cyrus) SASL?
On 01/-10/-28163 20:59, Vallo Kallaste wrote: Googling for the subject keywords gave me quite disturbing overall feeling. I have no personal experience but it seems that things are broken from the second half of 2010 and still not recovered? I got GSSAPI of Heimdal 1.1 in FreeBSD base is still broken, GSSAPI of Heimdal 1.4 in ports is supposed to work, but I have not been successful with Cyrus SASL (see below). KDC up and working on 8.2-RC2 base Heimdal without any glitch, but this is to be expected. What's the state about GSS-API and cyrus-sasl2 integration with base Heimdal? With ports Heimdal? Can I replace base Heimdal with one from ports, is it supported? Any make.conf knobs to fiddle with? Any info appreciated. I am struggling with exactly the same problem. Unfortunately, I got no reply on this list about it: http://lists.freebsd.org/pipermail/freebsd-questions/2011-January/226495.html If you get any further, please, tell me. I am thinking about reposting my question to a different list: stable as that is where the earlier discussions happened or ports as that seems more appropriate. What I have not tried, yet, is using MIT Kerberos from ports instead of Heimdal, but since we use Heimdal here for everything, I am kind of reluctant. (Otherwise, I would have to setup some Linux server...) Cheers, Jan Henrik ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
FreeBSD 8.2: state of Kerberos, GSS-API and (Cyrus) SASL?
Hi I have the pleasure to post again to the FreeBSD list. Once a young die-hard FreeBSD user I was pressured to "make do" with Linux for reasons which I could not challenge. Part of those reasons have been lifted so I'm considering FreeBSD again. Googling for the subject keywords gave me quite disturbing overall feeling. I have no personal experience but it seems that things are broken from the second half of 2010 and still not recovered? I got KDC up and working on 8.2-RC2 base Heimdal without any glitch, but this is to be expected. What's the state about GSS-API and cyrus-sasl2 integration with base Heimdal? With ports Heimdal? Can I replace base Heimdal with one from ports, is it supported? Any make.conf knobs to fiddle with? Any info appreciated. thanks, -- Vallo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF firewall rules and documentation
On Mon, Jan 31, 2011 at 05:58, Da Rock wrote: > Yes. Me unfortunately, but I did manage to pick it up quite quickly though. > I had a little thief attack one of my ports and attempt login on the > firewall. I had to change it to 'block in $log on $ext_if all > block out $log on $ext_if all' to actually block the traffic. Bit of a doozy > really, I'm still monitoring the traffic very closely with tcpdump on the > interface and not the log. Unless you have an explicit need to block in/out, it's easier to maintain a ruleset that uses block log on $ext_if For example, I use the following as a "starting point" for some of my routing firewalls: = int_if=bge1 ext_if=bge0 set skip on lo # block everything block # NAT rule pass out log(all) on $ext_if from ($int_if:network) to any nat-to ($ext_if) # allow traffic in on the internal interface pass in on $int_if from ($int_if:network) to any keep state = There are at least three things in that basic config that some people would jump on me for. 1) why block all if I'm then allowing every in on the internal interface? 2) why block all if I'm allowing everything out on the external interface? 3) why not pass everything on the internal interface and then filter on the external? The shortest answer is because I happen to like that starting point and it serves as a syntactical reminder if I deploy without a pf reference handy. Regarding 1) and 2), the longer answer is that I like to control traffic flow. I don't want to allow inbound connections on the external interface and I don't have a need for the firewall to connect to machines inside the NAT. On my bridges I'll set skip on the internal interface and filter on the other but I don't like doing that for a router. >> There are some plans to update PF to a more recent version. So may >> be it will be better. >> > > Actually, that sounds like a better idea than mine ;) Kills 2 birds with one > stone then... I am truly excited about this as the NAT and RDR stuff was significantly cleaned up (and the OpenBSD pf FAQ is a great resource). I'm even more excited about the patch to tcpdump that Daniel just sent to freebsd-pf@ that allows you to tcpdump a pfsync device and pull the state creation/updates - in my opinion, that's the weakest area for a BSD firewall (we'll ignore span ports on routers since you can bridge two addressed interfaces and create a span of that bridge) and being able to easily pull those NAT translations fulfills some serious accountability issues. If you need a reliable printed reference, you should really consider picking up Hansteen's _The Book of PF_, available from No Starch Press: http://nostarch.com/pf2.htm I have the first edition and it's incredible but somewhat dated. The author suggests the second edition for FreeBSD 8.x+. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Problem with freebsd-update on 7.3-RELEASE
27.01.2011 15:19, Konstantin Vasilyev пишет: > Ok. > Things a not good :-( > freebsd-update produce a lot of output like this >> /usr/src/sys/kern/uipc_mbuf.c has SHA256 hash >> 893beadfcf15784f31553ea142867c2949422d6937cb61f11a0f42ae3d7727fc, but should >> have SHA256 hash >> ce374f0d9434d08ee35769f8cbad7ca074506b814394b30d19d2aebcf3b2a29c. >> /usr/src/sys/nfsclient/nfs_vfsops.c has SHA256 hash >> 7a69b307a5df13994c8c229946e3f20cdb22268ca967f596c70477c82250c7d2, but should >> have SHA256 hash >> 397e464eea58b339597b4a3ee6117ad9b58827814462131153070c2a067e357d. >> /usr/src/sys/nfsclient/nfs_vfsops.c has SHA256 hash >> 7a69b307a5df13994c8c229946e3f20cdb22268ca967f596c70477c82250c7d2, but should >> have SHA256 hash >> c54c0c265e22fdb7a323680ccbc25859fc171ebec485a68a06eae774683321ab. >> /usr/src/usr.bin/lex/mkskel.sh has 0755 permissions, but should have 0744 >> permissions. >> /usr/src/usr.sbin/pkg_install/tkpkg has 0755 permissions, but should have >> 0754 permissions. > My system is out of sync now. > Question is How can I sync my system? > > -- > With best regards, > Konstantin Vasilyev > > > 27.01.2011 12:31, Brian DeFreitas пишет: >> Konstantin Vasilyev wrote: >>> I know about how freedsd-update work. >>> I use for a long time. >>> But I don't understand why is freebsd-update going to update FreeBSD ota2.cellnetrix.com 7.3-RELEASE-p4 FreeBSD 7.3-RELEASE-p4 >>> to The following files will be updated as part of updating to 7.3-RELEASE-p4:... >> >> Ah, I see the problem now. >> >> The only thing I can think of is that your kernel and world might be out >> of sync, but if you're used to freebsd-update that seems unlikely. >> >> What's the output of 'freebsd-update IDS' ? I've had luck running that >> to see what freebsd-update thinks is going on with the system. >> >> ___ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" >> > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > I'm trying to refresh post. Please give me an idea how to make my system updatable via freebsd-update. -- With best regards, Konstantin Vasilyev ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Bridge Interface Members
> Yes. You overwrite your first ifconfig_bridge0 setting with the second > one. These are shell variable initializations, not executable statements. > > There are various ways to fix the problem. Try this for example: > replace the second ifconfig_bridge0 line with: > > ipv4_addrs_bridge0="10.0.1.2/24" > Doh! Of course, thanks. Rookie mistake. Carl ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF firewall rules and documentation
On 01/31/11 20:30, Patrick Lamaiziere wrote: Le Sat, 29 Jan 2011 12:39:18 +1000, Da Rock a écrit : I spent some time playing with pf and pf.conf, and followed the directions in the handbook. It redirected me to the openbsd site for pf.conf, and recommended it as the most comprehensive documentation for pf. Firstly, I didn't find that. I had to translate the instructions into the current version used in FreeBSD, OpenBSD appears to be further advanced than this based on the current docs. Yes, you should refer to the OpenBSD 4.1 Packet FAQ : http://ftp.openbsd.org/pub/OpenBSD/doc/history/pf-faq41.pdf Secondly, some of the rules don't appear to be following. From my understanding based on the documentation in the handbook and on the site pf is default allowing traffic. According to a current discussion on m...@openbsd.org. It allows traffic to pass but without creating states. Exactly. 'permitting' is the term in the handbook I believe. So explicit rules to block should be set first and then rules set to allow what is needed in. Some assumptions are made in the rules by the interpreter, so according to OpenBSD one can (even in the older versions) simply state block and it is interpreted as 'block on $interfaces all'. This turned out to not be the case. Ah? Do have an example for this? Yes. Me unfortunately, but I did manage to pick it up quite quickly though. I had a little thief attack one of my ports and attempt login on the firewall. I had to change it to 'block in $log on $ext_if all block out $log on $ext_if all' to actually block the traffic. Bit of a doozy really, I'm still monitoring the traffic very closely with tcpdump on the interface and not the log. Thankfully I was also getting ready to update and completely rebuild most (scratch that- all) of my systems to newer and more manageable levels. I know this has come up before, but I think it might be time to document pf.conf properly. It seems to be a bit of security risk not to. Users may be mistaken in their belief of their security on the network using pf, and may be less likely to trust again when it breaks. This is true, many things are now more precise in the manual page of OpenBSD's PF. But it will be hard to merge only these precisions in our pf.conf manual page. There are some plans to update PF to a more recent version. So may be it will be better. Actually, that sounds like a better idea than mine ;) Kills 2 birds with one stone then... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: linux PF_PACKET compatibility
On 01/31/11 20:22, b. f. wrote: Da Rock wrote: ... I've been chasing the answer to a FreeBSD version of this (approx. anyway), but I needed to find out what exactly PF_PACKET was first. Finally found this answer here: http://www.linuxjournal.com/article/4659 I looked up man socket and I can see possibilities (in my mind anyway), but I thought I'd be best to check if the gurus here might have a better idea. My reason for this is I'm attempting to build l2tpns (which supposedly builds on 7.2?! with no trouble), and I'm chasing the errors which appear to be linuxisms mostly. So in man socket simply looking at the list of protocol families I'd say network driver level would be PF_LINK link layer interface? Is there another man page I should be looking at as well? In the past, those wishing to use similar functionality on FreeBSD have turned to pcap(3), bpf(4), or ng_etf(4), and the underlying code. This kind of question is better directed to the freebsd-hackers and freebsd-net lists. I figured it might be. Having trouble with hackers atm though- can't subscribe... :( Thx ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: PF firewall rules and documentation
Le Sat, 29 Jan 2011 12:39:18 +1000, Da Rock a écrit : > I spent some time playing with pf and pf.conf, and followed the > directions in the handbook. It redirected me to the openbsd site for > pf.conf, and recommended it as the most comprehensive documentation > for pf. > > Firstly, I didn't find that. I had to translate the instructions into > the current version used in FreeBSD, OpenBSD appears to be further > advanced than this based on the current docs. Yes, you should refer to the OpenBSD 4.1 Packet FAQ : http://ftp.openbsd.org/pub/OpenBSD/doc/history/pf-faq41.pdf > Secondly, some of the rules don't appear to be following. From my > understanding based on the documentation in the handbook and on the > site pf is default allowing traffic. According to a current discussion on m...@openbsd.org. It allows traffic to pass but without creating states. > So explicit rules to block > should be set first and then rules set to allow what is needed in. > Some assumptions are made in the rules by the interpreter, so > according to OpenBSD one can (even in the older versions) simply > state block and it is interpreted as 'block on $interfaces all'. This > turned out to not be the case. Ah? Do have an example for this? > I know this has come up before, but I think it might be time to > document pf.conf properly. It seems to be a bit of security risk not > to. Users may be mistaken in their belief of their security on the > network using pf, and may be less likely to trust again when it > breaks. This is true, many things are now more precise in the manual page of OpenBSD's PF. But it will be hard to merge only these precisions in our pf.conf manual page. There are some plans to update PF to a more recent version. So may be it will be better. Regards. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: linux PF_PACKET compatibility
Da Rock wrote: ... > I've been chasing the answer to a FreeBSD version of this (approx. > anyway), but I needed to find out what exactly PF_PACKET was first. > Finally found this answer here: http://www.linuxjournal.com/article/4659 > > I looked up man socket and I can see possibilities (in my mind anyway), > but I thought I'd be best to check if the gurus here might have a better > idea. My reason for this is I'm attempting to build l2tpns (which > supposedly builds on 7.2?! with no trouble), and I'm chasing the errors > which appear to be linuxisms mostly. > > So in man socket simply looking at the list of protocol families I'd say > network driver level would be PF_LINK link layer interface? Is there > another man page I should be looking at as well? In the past, those wishing to use similar functionality on FreeBSD have turned to pcap(3), bpf(4), or ng_etf(4), and the underlying code. This kind of question is better directed to the freebsd-hackers and freebsd-net lists. b. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"