Re: Pf on lo0

On Mon, Jan 16, 2017 at 11:04:48PM +, Luke Small wrote: > I'm trying to have pf limit sending TCP packets over lo0 from a specific > user. I made some rules, but they seem to be ignored when I check on pfctl > -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0 > proto {

Re: LC_TIME for dd/mm/yyyy

Hi, tomr wrote on Tue, Jan 17, 2017 at 05:47:05PM +1100: > Could you confirm this, my conclusion in brief: either I need to accept > reading dates MM/DD/ where ports use the equivalent of %x, or I need > to rely on ports to present DD/MM/ themselves. I'm not sure that is correct - it

Re: LC_TIME for dd/mm/yyyy

Hi, On 01/17/17 17:22, Ingo Schwarze wrote: > Hi, > > tomr wrote on Tue, Jan 17, 2017 at 04:31:15PM +1100: > >> $ locale >> LANG=en_AU.UTF-8 >> LC_CTYPE="en_AU.UTF-8" >> LC_TIME=en_AU.UTF-8 >> LC_MESSAGES="en_AU.UTF-8" > > That's a bad idea, it will result in an inconsistent user > experience.

Re: LC_TIME for dd/mm/yyyy

Hi, tomr wrote on Tue, Jan 17, 2017 at 04:31:15PM +1100: > I'm trying to get > > %xthe date, using the locale's date format > > to show dates as DD/MM/, but I can only get MM/DD/. I've > (attempted to) set my locale appropriately for en_AU, and also tried > en_GB in case that made

Re: Pf on lo0

On Mon, Jan 16, 2017 at 11:04:48PM +, Luke Small wrote: > I'm trying to have pf limit sending TCP packets over lo0 from a specific > user. I made some rules, but they seem to be ignored when I check on pfctl > -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0 > proto {

LC_TIME for dd/mm/yyyy

I'm trying to get %xthe date, using the locale's date format to show dates as DD/MM/, but I can only get MM/DD/. I've (attempted to) set my locale appropriately for en_AU, and also tried en_GB in case that made a difference. Running 6.0 generic. Is there something I'm missing or a

Pf on lo0

I'm trying to have pf limit sending TCP packets over lo0 from a specific user. I made some rules, but they seem to be ignored when I check on pfctl -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0 proto { tcp, udp } from self port 6379 to any port 6379 user luke" and "block

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On 2017-01-16, Damian McGuckin wrote: > Sorry, lots of good ideas got thrown up while I was asleep. > >>> Which code, the 'dig' side or the daemon sucking on the port? I probably >>> need to discuss this over a beer because there must e something I am >>> missing. > > On Mon,

Re: Vultr support for OpenBSD

Absolutely. Have been using OpenBSD as a custom ISO with Vultr for quite some time now. I'm just pleased by the fact that it's now "officially supported" as this, for better or worse, will bring in more users to OpenBSD. Hopefully this will be a big smack in the face to DigitalOcean as well,

Re: pledging a portable program

> On Jan 16, 2017, at 4:31 PM, Darren Tucker wrote: > > On Tue, Jan 17, 2017 at 6:05 AM, Jordon wrote: >> What is the “official" way to pledge(2) a portable program? > > OpenSSH Portable checks for the presence of pledge in configure >

Re: pledging a portable program

On Tue, Jan 17, 2017 at 6:05 AM, Jordon wrote: > What is the “official" way to pledge(2) a portable program? OpenSSH Portable checks for the presence of pledge in configure (https://anongit.mindrot.org/openssh.git/tree/configure.ac#n1715) and if not found defines a no-op

Re: How to assemble softraid volume manually?

On Mon, 16 Jan 2017 22:57:31 +0100, Christian Weisgerber wrote: > How do you assemble a softraid volume manually? > > You can detach it with bioctl -d. But how do you get it back? > Or in case it wasn't auto-assembled on boot. > With the same command you used to create

How to assemble softraid volume manually?

How do you assemble a softraid volume manually? You can detach it with bioctl -d. But how do you get it back? Or in case it wasn't auto-assembled on boot. -- Christian "naddy" Weisgerber na...@mips.inka.de

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On Mon, 16 Jan 2017, Nick Holland wrote: So. You can run a recursive resolver, an authoritative server, and a few (or a lot) selectively poisoned forwarding resolvers (for DNS filtering), each on their own 127/8 address, and use PF or unbound to select which one a particular user gets access

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

Sorry, lots of good ideas got thrown up while I was asleep. On Mon, 16 Jan 2017, Stuart Henderson wrote: In that case, unbound bound to an internal address, and NSD not bound to a specific address, or bound to external and 127.0.0.1. I did the last of these. Which still needs 'rdr-to' on the

Re: pledging a portable program

On Mon, Jan 16, 2017 at 01:05:36PM -0600, Jordon wrote: > What is the ???official" way to pledge(2) a portable program? > > Put #ifdef __OpenBSD__ around the pledge call? > > Make an #ifndef __OpenBSD__ block that defined the function to always return > 0? > > Something better? pledge() itself

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On 01/16/17 06:58, Damian McGuckin wrote: > On Mon, 16 Jan 2017, Stuart Henderson wrote: > >> On 2017/01/16 15:37, Damian McGuckin wrote: >>> On Mon, 16 Jan 2017, Stuart Henderson wrote: >>> In normal operations NSD _does_ run on port 53. >>> >>> Yes. But if you want both NSD and UNBOUND

Re: pledging a portable program

Jordon writes: > What is the “official" way to pledge(2) a portable program? > > Put #ifdef __OpenBSD__ around the pledge call? > > Make an #ifndef __OpenBSD__ block that defined the function to always return > 0? This kind of tests harm portability in the long run. >

pledging a portable program

What is the “official" way to pledge(2) a portable program? Put #ifdef __OpenBSD__ around the pledge call? Make an #ifndef __OpenBSD__ block that defined the function to always return 0? Something better?

Re: Problem with "xargs -0"

We just need to increment count in the NUL case, nothing more. - todd Index: usr.bin/xargs/xargs.c === RCS file: /cvs/src/usr.bin/xargs/xargs.c,v retrieving revision 1.31 diff -u -p -u -r1.31 xargs.c --- usr.bin/xargs/xargs.c

Re: Problem with "xargs -0"

On Mon, 16 Jan 2017 17:05:30 +0100, Martin Ziemer wrote: > As I said in the other mail: The -I separates at new LINES (in the > Code it sets the Parameter -L to 1, so it starts a new entry on every > non empty line. I'm sorry but that is a documentation error if anything. When using -0 a "line"

Re: Problem with "xargs -0"

On Mon, 16 Jan 2017 16:51:16 +0100, Andreas Kusalananda =?iso-8859-1?B?S+Ro5HJp ?= wrote: > Well, the manual also says, about "-0": > > Change xargs to expect NUL (‘\0’) characters as separators, instead > of spaces and newlines. > > Note the "instead of". It is definitely a bug. The

Re: Problem with "xargs -0"

On Mon, Jan 16, 2017 at 08:44:11AM -0700, Todd C. Miller wrote: > On Mon, 16 Jan 2017 12:19:31 +0100, Andreas Kusalananda > =?iso-8859-1?B?S+Ro5HJp > ?= wrote: > > > However, when I use nul-termination instead: > > > > $ printf 'hello\00world\00' | xargs -0 -I arg printf '>%s<\n' "arg" > >

Re: OpenSMTPD "syntax error" and other problems

On Mon, Jan 16, 2017 at 09:36:10AM -0500, aretes27...@mypacks.net wrote: > The "smtpd.conf" man page states: > > relay [backup [mx]] [as address] ... > ... > If the as parameter is specified, smtpd(8) will rewrite the sender advertised > in the SMTP session. address may be a user, a domain

Re: Problem with "xargs -0"

On Mon, Jan 16, 2017 at 03:33:00PM +0100, Martin Ziemer wrote: > On Mon, Jan 16, 2017 at 12:19:31PM +0100, Andreas Kusalananda Kähäri wrote: > > I've found an issue with xargs. > > > > This works as expected: > > > > $ printf 'hello\nworld\n' | xargs -I arg printf '>%s<\n' "arg" > >

Re: OpenSMTPD "syntax error" and other problems

The "smtpd.conf" man page states: relay [backup [mx]] [as address] ... ... If the as parameter is specified, smtpd(8) will rewrite the sender advertised in the SMTP session. address may be a user, a domain prefixed with ‘@’, or an email address, causing smtpd(8) to rewrite the user-part, the

Re: Problem with "xargs -0"

On Mon, 16 Jan 2017 12:19:31 +0100, Andreas Kusalananda =?iso-8859-1?B?S+Ro5HJp ?= wrote: > However, when I use nul-termination instead: > > $ printf 'hello\00world\00' | xargs -0 -I arg printf '>%s<\n' "arg" > >hello world< This appears to be a bug with the -I handling. Without -I it

cvsweb offline

Hi All, I don't know if it's planned, unplanned or if there's been a change but it seems cvsweb is offline. http://cvsweb.openbsd.org/ Any clues? Thanks! -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info

Re: spamd: howto blacklist hosts in greylisting mode?

On 01/16/17 13:58, Boudewijn Dijkstra wrote: > Op Mon, 16 Jan 2017 11:08:06 +0100 schreef Harald Dunkel > : >> >> But spamd's blacklisting (without "-b") lacks proper documen- >> tation. spamd-setup(8) says that it sends blacklist data to >> spamd, but it doesn't tell the

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

For what it's worth, I'd like to give my 2 cents. I develop on a DNS server so I often use the -p option to test new functionality on a different port than 53. It doesn't bother me that the base openbsd dig has a pledge restriction for only port 53. Just as long as I have the ports bind package

Re: Problem with "xargs -0"

On Mon, Jan 16, 2017 at 12:19:31PM +0100, Andreas Kusalananda Kähäri wrote: > I've found an issue with xargs. >

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On 2017-01-16, Damian McGuckin wrote: > On Mon, 16 Jan 2017, Stuart Henderson wrote: > >> On 2017/01/16 15:37, Damian McGuckin wrote: >>> On Mon, 16 Jan 2017, Stuart Henderson wrote: >>> In normal operations NSD _does_ run on port 53. >>> >>> Yes. But if you want both NSD

Re: spamd: howto blacklist hosts in greylisting mode?

Op Mon, 16 Jan 2017 11:08:06 +0100 schreef Harald Dunkel : Hi folks, I am running spamd for greylisting on my MTA for several years. I also know how to use spamd for blacklist-only mode and how to configure pf.conf accordingly (even though I never tried). But spamd's

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On Mon, 16 Jan 2017, Stuart Henderson wrote: On 2017/01/16 15:37, Damian McGuckin wrote: On Mon, 16 Jan 2017, Stuart Henderson wrote: In normal operations NSD _does_ run on port 53. Yes. But if you want both NSD and UNBOUND running on the same box, things need to change. Not necessarily,

Problem with "xargs -0"

Hi, I've found an issue with xargs. This works as expected: $ printf 'hello\nworld\n' | xargs -I arg printf '>%s<\n' "arg" >hello< >world< However, when I use nul-termination instead: $ printf 'hello\00world\00' | xargs -0 -I arg printf '>%s<\n' "arg" >hello world< This

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

Hello all, On Mon, 16 Jan 2017 00:38:16 -0700 Theo de Raadt wrote: > dig (host, nslookup, etc) use this horrible ISC library Could NLnetLab's libldns & drill totally replace all this? (Both are already ported & built.) https://nlnetlabs.nl/projects/ldns/ "A lot of DNS debugging is done with

spamd: howto blacklist hosts in greylisting mode?

Hi folks, I am running spamd for greylisting on my MTA for several years. I also know how to use spamd for blacklist-only mode and how to configure pf.conf accordingly (even though I never tried). But spamd's blacklisting (without "-b") lacks proper documen- tation. spamd-setup(8) says that it

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On 2017/01/16 15:37, Damian McGuckin wrote: > On Mon, 16 Jan 2017, Stuart Henderson wrote: > > > In normal operations NSD _does_ run on port 53. > > Yes. But if you want both NSD and UNBOUND running on the same box, things > need to change. Not necessarily, because they can run on different

Re: dig/nslookup limitations - can only do NSLOOKUPs using port 53

On Mon, 16 Jan 2017, Theo de Raadt wrote: There's a small piece some people have missed. pledge doesn't block port 53. It is blocked unless you use SOCK_DNS. That was a step taken seperate "hostname/dns lookup" pieces of code from "internet speaking" pieces of code. That step allowed pledge