openbsd packet firewall

2012-09-06 Thread Darrel

Hello,

When I moved from -fbsd82 to -fbsd90 it required a total reinstall since 
Packet Filter did not *work* any longer.  Now that I have moved from 
-fbsd90 to the new release candidate, Packet Filter does not work 
considering at least IPv6 and ssh.


I have tested a simple pf.conf on this system with the same result.
It seems like I will need to learn ipfw or give up on fbsd.

Darrel
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Cant find snmptrapd.conf file

2012-09-06 Thread Maxim Galkin
Where is the configuration file for snmptrapd?

I'm using net-snmp-5.7.1_7.
and succesfully starting snmpd and snmptrapd.

But there is only a config snmpd.conf !

Why can not I find a file snmptrapd.conf referred in man?
Where do I register my "traphandlers"?

Help guys___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: Somewhat OT: Using Pipes Inside a GNU Make File

2012-09-06 Thread Tim Daneliuk

On 09/05/2012 09:15 PM, Warren Block wrote:

On Wed, 5 Sep 2012, Tim Daneliuk wrote:


On 09/05/2012 07:24 PM, Bryan Drewery wrote:

On 9/5/2012 7:02 PM, Tim Daneliuk wrote:

A bit off topic, but I'm kind of stuck.  I am using gmake and want to
do something like this:

FOO := $(shell a | b | c)

But this appears not to work.  Only the 'a' command is executed.  The
remainder
of the pipeline is ignored.  Is there some clean way to implement this
kind of thing?




I use this in a GNUMakefile and it works fine.

 BRANCH := $(shell git branch --no-color | grep "^*" | sed -e 's/^\* //')


You may need to post a more specific example.

Bryan> ___


Here's the line that is failing:

2LATEX   = $(shell which rst2latex.py rst2latex | tr '\012' ' ' | awk '{print 
$1}')  --stylesheet=parskip


Bryan's example is using := for assignment.



That wasn't it, as it turned out.  The problem was in the awk statement.

Instead of:

awk '{print $1}'

I had to use:

awk '{print $$1}'



This is necessary because $1 is a *make* variable but $$1 is the awk variable I 
wanted ($1)

D'uh 





---
Tim Daneliuk
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: RFC 2385 TCP MD5 support on FreeBSD8.3

2012-09-06 Thread Mike Tancsa
On 9/6/2012 11:16 AM, SivaReddy Obili wrote:
> 
> But we were not able to configure BGP MD5 on that machine.

Perhaps you could post some details as to what you tried. Did you
recompile the kernel with MD5 support ?

In the kernel, you need


optionsTCP_SIGNATURE
optionsIPSEC
device crypto

If you have not built a customer kernel,
cd /usr/src/sys/i386/conf
cp GENERIC router

in the file router,

optionsTCP_SIGNATURE
optionsIPSEC
device crypto


in /etc/make.conf add
KERNCONF=router

cd /usr/src
make -j4 buildkernel && make installkernel


Then, in /etc/ipsec.conf add something like

#.18 is the local machine, .29 the remote machine
add 192.168.134.18 192.168.134.29 tcp 0x1000 -A tcp-md5 "HelloMD5" ;


add to /etc/rc.conf

ipsec_enable="YES"  # Set to YES to run setkey on ipsec_file
ipsec_file="/etc/ipsec.conf"# Name of config file for setkey


cd to /usr/ports/net/quagga and make install

in your bgp config, the peer needs a line like

 neighbor 192.168.134.29 password HelloMD5


---Mike



-- 
---
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: RFC 2385 TCP MD5 support on FreeBSD8.3

2012-09-06 Thread Patrick Lamaiziere
Le Thu, 6 Sep 2012 20:46:53 +0530,
SivaReddy Obili  a écrit :

Hello,

> Recently I've downloaded the FreeBSD 8.3 Release ISO Image
> (FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine.
> Actually our requirement is to check the TCP MD5 support on
> FreeBSD8.3 .
> 
> But we were not able to configure BGP MD5 on that machine.

I've used TCP-MD5 signature for bgp between a FreeBSD 8.x and OpenBSD,
using setkey(8) to enforce the signature between the peers. That
worked (of course, then you shouldn't use tcp-md5 in openbgd).

setkey(8):
add -4 peer1 peer2 tcp 0x1000 -A tcp-md5 "PASSWORD";
add -4 peer2 peer1 tcp 0x1000 -A tcp-md5 "PASSWORD";

kernconf:
# In order to enable IPSEC you MUST also add device crypto to 
# your kernel configuration
options IPSEC  #IP security (requires device crypto)
device  crypto
options TCP_SIGNATURE #include support for RFC 2385

You should check that the signature is checked (ie if the signature is
bad, bgpd rejects the connection), I've not test this.

HTH.
Regards.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


RFC 2385 TCP MD5 support on FreeBSD8.3

2012-09-06 Thread SivaReddy Obili
Hi Team,

Recently I've downloaded the FreeBSD 8.3 Release ISO Image
(FreeBSD-8.3-RELEASE-i386-dvd1 (1).iso) and installed in our machine.
Actually our requirement is to check the TCP MD5 support on FreeBSD8.3 .

But we were not able to configure BGP MD5 on that machine.

Can someone please provide me some inputs how to proceed further from here.
Do I need to install any more packages or any patch available to proceed
further on this issue?

Thank you in advance.

Regards.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: .package files?

2012-09-06 Thread Polytropon
On Thu, 06 Sep 2012 18:07:37 +1000, Da Rock wrote:
> Just a quickie- has anyone been able to install a .package file on FBSD?
> 
> File offered an interesting diagnosis: bash script 4 file. Opening in ee 
> (gedit had kittens) displayed that it was indeed a bash script file with 
> one massive difference: there is a line that says skipline= number here>, and from that line number onward it is encoded.

Is this possibly a shell arthive from Linux?
Try "man shar" for more information. Or is it
a kind of shell archive that contains a binary
or uuencode-encoded data block? You could extract
that block manually to a separate file and then
try uudecode (or some other decoder) on it.
It's possible that it is a "self-contained
installer" from a Linux distribution...

Keep on fighting, Blondie has puppies. :-)


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Re: Patch into kernel sources

2012-09-06 Thread Julian H. Stacey
Venkat Duvvuru wrote:
> Hi,
> Could somebody please point me to a procedure to apply a patch to the
> sources?
> I have a driver patch that I would like to commit.

If you want to send from local mail client
man send-pr

If you want to send via web
http://www.freebsd.org/support/bugreports.html
(pointed to from "Report a Bug" on front page)
http://www.freebsd.org/
(yup, easily missed on front page with new eyes, as Not a bug))

Cheers,
Julian
-- 
Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com
 Reply below not above, like a play script.  Indent old text with "> ".
 Send plain text. Not: HTML, multipart/alternative, base64, quoted-printable.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


Patch into kernel sources

2012-09-06 Thread Venkat Duvvuru
Hi,
Could somebody please point me to a procedure to apply a patch to the
sources?
I have a driver patch that I would like to commit.

/Venkat
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"


.package files?

2012-09-06 Thread Da Rock

Just a quickie- has anyone been able to install a .package file on FBSD?

File offered an interesting diagnosis: bash script 4 file. Opening in ee 
(gedit had kittens) displayed that it was indeed a bash script file with 
one massive difference: there is a line that says skipline=number here>, and from that line number onward it is encoded.


Cheers
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"