Re: ipv6 pf ruleset
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Are the encapsulated packets being allowd through wanif OK? Remember
that the same packet will be IPv4 at some points, and IPv6 at others
depending which side of encapsulation they're at. You'll probably need
IPv4 rules on wanif and IPv6 rules on ip6if.
Have you used pflog to see if anything is being blocked?
Dunc
Matt S wrote:
Hello,
Could someone tell me why, given the following ruleset, I cannot get to my
machine from the outside on ipv6? Obviously, I just masked out the ipv6
address for security. Any insight would be much appreciated. Normally, I
am decent with pf when it comes to ipv4. But, I am utterly lost. Perhaps I
don't understand what the gif0 interface is truely doing. I know that I
have it configured to encapsulate IPv6 traffic in IPv4 but I don't know how
to troubleshoot it well.
wanif=tun0
ip6if=gif0
intif=em0
intnet4=10.40.60.0/24
host=::X:XXX::1
tcp_services={ssh,domain,mail,ftp,http,https}
udp_services={domain}
set skip on {lo,$intif}
block in all
pass out all
pass out on $wanif scrub (max-mss 1440)
match out on $wanif inet from $intnet4 to any nat-to ($wanif)
pass inet proto ipv6 from any to any
pass in on $ip6if inet6 proto icmp6 icmp6-type {echoreq,unreach}
pass in on $ip6if inet6 proto tcp from any to $host port $tcp_services
pass in on $ip6if inet6 proto udp from any to $host port $tcp_services
Thank you,
Matt
- --
Duncan Lockwood
Principal Network Engineer
The Bunker Secure Hosting Limited
Ash Radar Station
Marshborough Road
Sandwich
Kent CT13 0PL
UNITED KINGDOM
t: 01304 814 800
f: 01304 814 899
e: d...@thebunker.net
w: www.thebunker.net
PGP on Key Servers
-
This email and any attachments it may contain is confidential and solely
intended for the use of the named addressee(s) only. Any views or
opinions presented are solely those of the author and do not necessarily
represent those of The Bunker. If you are not the intended recipient,
be advised that you have received this email in error and that you
should not rely on it or take any action based on it. You should not
publish, use, disseminate, print, forward or copy this email as it is
strictly prohibited. Please contact the sender if you have received this
email in error and destroy it.
-
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxCz9AACgkQOZKi9YO9TB6qjwCfbIIH64K4ZcS/tNtUeudsf6fl
xbAAn1xP9blRoKAR8FUy7MVt+gq0xJMC
=Naih
-END PGP SIGNATURE-
code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC1ykACgkQvf41sEptMqCjTwCgisIxQB0fIOCQSrlfhIn7GShT JogAnAsqx2g5M+PyE0DZLNeSHF1luiYc =0LIw -END PGP SIGNATURE-
Re: code for fun
On 18/07/2010 12:27, Aaron Lewis wrote: Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? Kinda off-topic for here but whatever... Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of 11 bits. If the mantissa is all-ones, that will give a significant of 2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias (1023), it gives a maximum effective exponent of 1023, so that would give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308. What do you mean by precision? Firas
OT: Re: code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 06:56 PM, Firas Kraiem wrote: On 18/07/2010 12:27, Aaron Lewis wrote: Hi, how can i determine the maximum size of `double' without printing out DOUBLE_MAX ? And what about the precision of a `double' , anyone give a try ? Google ain't giving much information , i just can't figure out , it's very funny coding , isn't it ? Kinda off-topic for here but whatever... Yeah , i'll put a OT here. Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of 11 bits. If the mantissa is all-ones, that will give a significant of 2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias (1023), it gives a maximum effective exponent of 1023, so that would give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308. Yep , right , but how you *get* it by a beautiful code , that could be really interesting. I mean , with a small code , c or c++ , printing the size out. What do you mean by precision? Kinda of significance digit. For example: A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) Doesn't matter if it's unsigned or signed , some ideas are cool enough. Still , use a small part of code , c or c++ , i'm just curious how to make it happen. Firas - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC4IkACgkQvf41sEptMqBN3wCeNNWj/cs9b1SB4hXwxqnJQrR4 gxsAoLKTzixeHSQzWHAeKTzgp6WDPn3I =McSS -END PGP SIGNATURE-
Re: OT: Re: code for fun
On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: B A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) http://en.wikipedia.org/wiki/Double_precision_floating-point_format Doesn't matter if it's unsigned or signed , some ideas are cool enough. I'd like to see your unsigned double! Still , use a small part of code , c or c++ , i'm just curious how to make it happen. What problem (i.e. homework assignment) are you trying to solve? -- Floor Terra flo...@gmail.com www: http://brobding.mine.nu/
Re: OT: Re: code for fun
Assuming 64-bit double, it has a mantissa of 52 bits and an exponent of
11 bits. If the mantissa is all-ones, that will give a significant of
2-2^(-52). The exponent cannot be all-ones (an all-ones exponent means
infinity or NaN), so the largest exponent is 2^11-2 = 2046, minus bias
(1023), it gives a maximum effective exponent of 1023, so that would
give a value of (2-2^(-52))*2^(1023) = 2^1024 - 2^971, roughly 10^308.
Yep , right , but how you *get* it by a beautiful code , that could be
really interesting.
I mean , with a small code , c or c++ , printing the size out.
Since you know the bit pattern that would yield the value, just make an
union with an uint64_t and a double, set the uint to the desired
bit-pattern, and printf the double:
#include stdint.h
#include stdio.h
int main(void)
{
union intdouble {
uint64_t foo;
double bar;
} maxdouble;
maxdouble.foo = 0x7FEF;
printf(%lf\n, maxdouble.bar);
return 0;
}
What do you mean by precision?
Kinda of significance digit. For example:
A number `12.340' , and if say it has 2 digits' precision , then we
consider the `0' is not accurate , while `.34' is accurate.
So for a number stored in a double type , how accurate can it be ? (or
maybe how many bits in the fixed-point part is accurate)
It depends on the exponent. If the exponent is large (as above), you
won't get anything after the decimal point. The maximum you can get
after the decimal point is when you have a denormalized number (exponent
all-zeroes) and a mantissa of 000...1. That will give an exponent of
-1022 and a significant of 2^(-52), yielding a value of
2^(-52)*2^(-1022) = 2^(-1074), roughly 10^(-324).
Doesn't matter if it's unsigned or signed , some ideas are cool enough.
IEEE floating-point numbers are always signed.
Firas
Re: OT: Re: code for fun
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 08:04 PM, Floor Terra wrote: On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! See: http://en.wikipedia.org/wiki/Arithmetic_precision So for a number stored in a double type , how accurate can it be ? (or maybe how many bits in the fixed-point part is accurate) http://en.wikipedia.org/wiki/Double_precision_floating-point_format Doesn't matter if it's unsigned or signed , some ideas are cool enough. I'd like to see your unsigned double! Sorry , they're all signed. Still , use a small part of code , c or c++ , i'm just curious how to make it happen. What problem (i.e. homework assignment) are you trying to solve? Come on , just for fun , someone asks me if i could print out the maximum number that can be stored in a double type , and the *precision* of a double type. For the first , maybe with some bit operations , no good idea from me. And the second , well i tried to divide 2 by 3 , see when i reaches 7 ( should be 0.667 ) , may not a clever way. - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxC9EsACgkQvf41sEptMqD8CACfVFw2rSxQHBs1u8hLgltLIEr3 heUAniQgV+JEyy/WLr+IsV3mtIGUznM+ =xwd7 -END PGP SIGNATURE-
Re: OpenBSD users.
From Serbia On Sun, Jul 18, 2010 at 3:35 AM, Frank Bax f...@sympatico.ca wrote: Mateusz Gierblinski wrote: Hi misc@ I'm just wondering. Where are you OpenBSD users from? I'm from Belgium, anyone else? Take care There is an OpenBSD user in every country on this planet.
Re: OT: Re: code for fun
On Sun, Jul 18, 2010 at 2:32 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2010 08:04 PM, Floor Terra wrote: On Sun, Jul 18, 2010 at 1:07 PM, Aaron Lewis aaron.lewis1...@gmail.com wrote: What do you mean by precision? Kinda of significance digit. For example: B A number `12.340' , and if say it has 2 digits' precision , then we consider the `0' is not accurate , while `.34' is accurate. What?! See: http://en.wikipedia.org/wiki/Arithmetic_precision Yes. 12.340 has five significant digits. If you want to store it with just two significant digits you get 12. Come on , just for fun , someone asks me if i could print out the maximum number that can be stored in a double type , and the *precision* of a double type. The maximum number you can store in a IEEE double is +infinity of course. A 64 bit double has 52-bit mantissa, together with 1 sign bit it gives you almost 16 decimal significant digits. But like other things in life: It's not the size that maters, it's how you use it. (see math(3) and look for ULP) And the second , well i tried to divide 2 by 3 , see when i reaches 7 ( should be 0.667 ) , may not a clever way. Be careful converting your number to decimal if you want to keep maximum precision. -- Floor Terra flo...@gmail.com www: http://brobding.mine.nu/
Re: OpenBSD users.
Brazil!
Re: OpenBSD users.
Mixico On Sun, Jul 18, 2010 at 1:46 PM, VICTOR TARABOLA CORTIANO vt...@c3sl.ufpr.br wrote: Brazil! -- Hermes Ojeda Ruiz
Re: OpenBSD users.
Moscow/Russia -- Dmitrij D. Czarkoff
Re: OpenBSD users.
Calgary Alvaro On Sun, Jul 18, 2010 at 14:13, Dmitrij D. Czarkoff czark...@gmail.comwrote: Moscow/Russia -- Dmitrij D. Czarkoff
Re: OpenBSD users.
Mateusz Gierblinski mateusz.gierblin...@gmail.com writes: I'm just wondering. Where are you OpenBSD users from? Bergen, Norway - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD users.
On Sun, Jul 18, 2010 at 01:07:12AM +0200, Mateusz Gierblinski wrote: I'm just wondering. Where are you OpenBSD users from? Your mom's bedroom. -J.
Re: OpenBSD users.
On Sun, Jul 18, 2010 at 01:07:12AM +0200, Mateusz Gierblinski wrote: I'm just wondering. Where are you OpenBSD users from? The Netherlands!
Re: OpenBSD users.
On 2010-07-17, Mateusz Gierblinski mateusz.gierblin...@gmail.com wrote: Hi misc@ I'm just wondering. Where are you OpenBSD users from? I'm from Belgium, anyone else? Are you aware that by sending such useless mails you are transforming energy and contributing to global warming? Best regards, Jona -- Worse is better Richard P. Gabriel
Re: OpenBSD users.
Jona Joachim wrote: Are you aware that by sending such useless mails you are transforming energy and contributing to global warming? Oh, well in that case, hello, come here often? ;-) ...Canada, btw. -Bryan.
Re: OpenBSD users.
Russia/Sergiev Posad -- sergeyb@
