Announcing learned iBGP route to eBGP peer

2016-12-21 Thread Mattias Lindgren 
I have an iBGP learned route that I’m trying to advertise to an eBGP peer in
OpenBGPD.  I set up announce all, but my neighbor does not see the route.  If
I do an explicit network statement my peer obviously sees the route, but I
want it to advertise the learned route instead.

Here is my bgpd.conf and output of the rib:

AS 24
nexthop qualify via default


neighbor 2001:ABCD:::1 {
remote-as 64515
local-address 2001:ABCD:ac01:294:5400:ff:fe48:dd09
multihop 2
tcp md5sig password XXX
announce all
}

neighbor 2a06:DCBA:20f0::1 {
remote-as 24
local-address 2a06:DCBA:20f0::2
}

deny to 2001:ABCD:::1
allow to 2001:ABCD:::1 prefix 2a06:DCBA:2000::/40
deny from any prefix ::/0 prefixlen = 0

# bgpctl show rib | grep 2a06:DCBA:2000::/40
I*> 2a06:DCBA:2000::/40 2a06:DCBA:20f0::1 100 0 24 24 24 i
Note that the route shows up as I*>, instead of IA*>, so it is not getting
announced. I mocked this up in my Cisco lab, and the iBGP route gets
advertised automatically.

Thanks,

Mattias Lindgren

--
Mattias Lindgren

Re: Hardware recommendations for compact 1U firewall

2016-12-21 Thread Aaron Mason 
Thanks for all of your suggestions, though some may have missed the
bit where I said "on a limited budget" :)

Torn between a Barracuda web filter or a Portwell CAR 3000. The latter
is more expensive but supports 10Gbit, whereas the Barracuda may only
have 10/100.  Both Core2Duo based, could probably upgrade to a
Core2Quad or a Xeon with a 771->775 adapter.

On Thu, Dec 22, 2016 at 12:17 PM, Predrag Punosevac
 wrote:
> Hrvoje Popovski wrote:
>>
>> On 15.12.2016. 12:30, Stuart Henderson wrote:
>> > If you want to cut down on weight+noise at the expense of more cost
>> > and a less powerful cpu, maybe APU2 in a 1U case or something like
>> > supermicro SYS-5018A-FTN4.
>>
>> has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat
>>
>> thank you ...
>
> As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
> SYS-5018A-FTN4
>
>
> OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016
>
r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch
/amd64/compile/GENERIC.MP
> real mem = 34314604544 (32724MB)
> avail mem = 33270165504 (31728MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries)
> bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015
> bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S5
> acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT
HEST BERT ERST EINJ
> acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimcfg0 at acpi0 addr 0xe000, bus 0-255
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz
> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 100MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> cpu4 at mainbus0: apid 8 (application processor)
> cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu4: 1MB 64b/line 16-way L2 cache
> cpu4: smt 0, core 4, package 0
> cpu5 at mainbus0: apid 10 (application processor)
> cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,
NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu5: 1MB 64b/line 16-way L2 cache
> cpu5: smt 0, core 5, package 0
> cpu6 at mainbus0: apid 12 (application processor)
> cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
> cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS

Re: Hardware recommendations for compact 1U firewall

2016-12-21 Thread Lyndon Nerenberg 

As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
SYS-5018A-FTN4


FWIW, we have six of these doing firewall duty (currently running 5.9) and 
they perform flawlessly. We run them in CARPed pairs, and LACP across 
redundant switches.


--lyndon

Re: Hardware recommendations for compact 1U firewall

2016-12-21 Thread Predrag Punosevac 
Hrvoje Popovski wrote:
> 
> On 15.12.2016. 12:30, Stuart Henderson wrote:
> > If you want to cut down on weight+noise at the expense of more cost
> > and a less powerful cpu, maybe APU2 in a 1U case or something like
> > supermicro SYS-5018A-FTN4.
> 
> has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat
> 
> thank you ...

As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
SYS-5018A-FTN4


OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016

r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34314604544 (32724MB)
avail mem = 33270165504 (31728MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries)
bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015
bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST 
BERT ERST EINJ
acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu4: 1MB 64b/line 16-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu5: 1MB 64b/line 16-way L2 cache
cpu5: smt 0, core 5, package 0
cpu6 at mainbus0: apid 12 (application processor)
cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu6: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu6: 1MB 64b/line 16-way L2 cache
cpu6: smt 0, core 6, package 0
cpu7 at mainbus0: apid 14 (application processor)
cpu7: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu7:

wsmoused conflicts with xorg on 6.0 Supermicro PDSMI+ fresh install

2016-12-21 Thread Paolo Aglialoro 
Hello,

on this Supermicro PDSMI+ board (latest bios) it looks like that activating
wsmoused (both plain and with -2 flag) disables pointer control under Xorg
i.e. mouse works correctly in CLI but not in X.

Running "wsmoused -f -d" reports no output, both when moving/clicking in
CLI and X.

Any clues?
Thanks

Dmesg follows:

OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4277010432 (4078MB)
avail mem = 4142915584 (3950MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xdfeea000 (31 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 03/05/2008
bios0: Supermicro PDSMi
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP MCFG APIC BOOT ASF! SSDT
acpi0: wakeup devices DEV1(S5) EXP1(S5) PXHA(S5) EXP5(S5) EXP6(S5) PCIB(S5)
KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4)
EUSB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xf000, bus 0-14
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.40 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 266MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 4MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu2: 4MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu3: 4MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec1, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (DEV1)
acpiprt2 at acpi0: bus 9 (EXP1)
acpiprt3 at acpi0: bus 10 (PXHA)
acpiprt4 at acpi0: bus 13 (EXP5)
acpiprt5 at acpi0: bus 14 (EXP6)
acpiprt6 at acpi0: bus 15 (PCIB)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
"PNP0A05" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0700" at acpi0 not configured
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2400, 2133, 1867, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0
ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi
pci2 at ppb1 bus 9
ppb2 at pci2 dev 0 function 0 "Intel 6702PXH PCIE-PCIX" rev 0x09
pci3 at ppb2 bus 10
"Intel IOxAPIC" rev 0x09 at pci2 dev 0 function 1 not configured
ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi
pci4 at ppb3 bus 13
em0 at pci4 dev 0 function 0 "Intel 82573E" rev 0x03: msi, address
00:30:48:9b:af:a6
ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi
pci5 at ppb4 bus 14
em1 at pci5 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
00:30:48:9b:af:a7
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 4 int 23
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 4 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 4 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 4 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 4 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci6 at ppb5 bus 15
radeondrm0 at pci6 dev 0 function 0 "ATI ES1000" rev 0x02
drm0 at radeondrm0
radeondrm0: apic 4 int

Re: spamd and network whitelisting

2016-12-21 Thread Boudewijn Dijkstra 
Op Tue, 20 Dec 2016 12:51:19 +0100 schreef Clint Pachl  
:

Devin Reade wrote on 12/19/16 12:59:

With respect to dealing with SPF, the simple solution (permitting an
IP if it is on the sending domain's SPF list) doesn't work too well
in the general case since it appears many spammers publish SPF records.


You're right. When I ran ruby-spf against the the TRAPPED IPs in my  
spamdb, a surprising number passed SPF (like 15%). On the other hand,  
one of the popular email domains from our customer DB is @att.net, which  
doesn't even publish SPF. After some real life testing against our  
client email DB, I determined SPF was not effective in filtering spam  
for us. If it is used, it should be a small factor at best.


SPF was never meant for making accept/reject decisions on arbitrary  
domains.  If you don't trust the sending domain, then SPF evaluation is  
pointless.



--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: carp and squid

2016-12-21 Thread Jiri B 
On Wed, Dec 21, 2016 at 12:41:43PM +0100, Frank White wrote:
> Hi, does 2 nodes clustered openbsd firewall work with squid ?
> is there any specific configuration ?

If squid on each node would have its own cache dir, ie. not sharing
data, then pointing your clients to squid hostname linked to CARP
IP should work, shouldn't it?

If squid daemons on both nodes would share cache dir, then you should
somehow prevent "failed" node not to continue to mess with storage.
Typical solution is STONITH (shoot the other node in the head - ie.
power fencing). Then you could maybe use ifstated to monitor CARP interface
and start squid daemon if CARP IP is local.

I would be also interested in solutions used by various
OpenBSD users.

j.

carp and squid

2016-12-21 Thread Frank White 
Hi, does 2 nodes clustered openbsd firewall work with squid ?
is there any specific configuration ?