Re: make pf allow out on lo per user

2017-01-25 Thread Alexander Hall
On January 26, 2017 6:54:54 AM GMT+01:00, Alexander Hall wrote: >On January 25, 2017 10:44:19 AM GMT+01:00, "Peter N. M. Hansteen" > wrote: >>On Wed, Jan 25, 2017 at 12:04:40AM +, Luke Small wrote: >>> if I have: >>> "pass out quick on lo0 from self port

Re: make pf allow out on lo per user

2017-01-25 Thread Alexander Hall
On January 25, 2017 10:44:19 AM GMT+01:00, "Peter N. M. Hansteen" wrote: >On Wed, Jan 25, 2017 at 12:04:40AM +, Luke Small wrote: >> if I have: >> "pass out quick on lo0 from self port 6379 to \ any user luke >> >> block out quick on lo0 from self port 6379 to any >> >> pass

Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)

2017-01-25 Thread Adam Wolk
On Wed, Jan 25, 2017 at 07:48:18PM +1000, Martin Pieuchot wrote: > On 25/01/17(Wed) 10:36, Stefan Sperling wrote: > > On Tue, Jan 24, 2017 at 03:10:34PM -0500, mabi wrote: > > > Hi Stefan > > > Thanks for your input. It looks like the g2k16 modifications to the athn > > > code from awolk@ did not

Re: OpenBSD 6.0 "netstat -p proto" behavior

2017-01-25 Thread Kapfhammer, Stefan
Works as expected with 6.0 stable ‎on amd64 MP kernel. Freundliche Grüße / Regards -stefan kapfhammer Originalnachricht Von: Denis Lapshin Gesendet: Mittwoch, 25. Januar 2017 21:13 An: misc@openbsd.org Betreff: OpenBSD 6.0 "netstat -p proto" behavior On a regular basis I'm using # netstat -p

OpenBSD 6.0 "netstat -p proto" behavior

2017-01-25 Thread Denis Lapshin
On a regular basis I'm using # netstat -p proto command. On 5.4 it returns: # netstat -p tcp Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp 0 44 127.0.0.1. 192.168.1.37.25253

Re: How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-25 Thread Daniel Gillen
On 25.01.2017 15:42, C. L. Martinez wrote: > On Wed, Jan 25, 2017 at 02:07:55PM +, Stuart Henderson wrote: >> On 2017-01-25, C. L. Martinez wrote: >>> Hi all, >>> >>> I have received a (maybe) "stupid" request from one of our customers. >>> We have a pair of public

Re: How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-25 Thread C. L. Martinez
On Wed, Jan 25, 2017 at 02:07:55PM +, Stuart Henderson wrote: > On 2017-01-25, C. L. Martinez wrote: > > Hi all, > > > > I have received a (maybe) "stupid" request from one of our customers. > > We have a pair of public OpenBSD firewalls (CARPed) that our development > >

Re: How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-25 Thread Stuart Henderson
On 2017-01-25, C. L. Martinez wrote: > Hi all, > > I have received a (maybe) "stupid" request from one of our customers. > We have a pair of public OpenBSD firewalls (CARPed) that our development > team use to access to several customers via VPN IPsec tunnels. But this >

Re: How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-25 Thread Kapetanakis Giannis
On 25/01/17 11:08, C. L. Martinez wrote: > Hi all, > > I have received a (maybe) "stupid" request from one of our customers. We > have a pair of public OpenBSD firewalls (CARPed) that our development team > use to access to several customers via VPN IPsec tunnels. But this morning we > have

Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)

2017-01-25 Thread Martin Pieuchot
On 25/01/17(Wed) 10:36, Stefan Sperling wrote: > On Tue, Jan 24, 2017 at 03:10:34PM -0500, mabi wrote: > > Hi Stefan > > Thanks for your input. It looks like the g2k16 modifications to the athn > > code from awolk@ did not make it into the 6.0 release. So there is still > > hope for 6.1 ;-) > >

Re: make pf allow out on lo per user

2017-01-25 Thread Peter N. M. Hansteen
On Wed, Jan 25, 2017 at 12:04:40AM +, Luke Small wrote: > if I have: > "pass out quick on lo0 from self port 6379 to \ any user luke > > block out quick on lo0 from self port 6379 to any > > pass quick on lo0 from any to any" > > a local connection to port 6379 will go to the last rule...

Re: Can OpenBSD do mixed b/g/n mode in hostap?

2017-01-25 Thread Stefan Sperling
On Tue, Jan 24, 2017 at 09:00:26PM +, Tom Murphy wrote: > Hi Stefan, > > I've done some more testing. I managed to get 802.11n working in > hostap mode for a while but then it crashed (not a kernel panic but the > driver dropped into ddb mode). Not sure if these help: > > ddb{0}> trace >

Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)

2017-01-25 Thread Stefan Sperling
On Tue, Jan 24, 2017 at 03:10:34PM -0500, mabi wrote: > Hi Stefan > Thanks for your input. It looks like the g2k16 modifications to the athn code > from awolk@ did not make it into the 6.0 release. So there is still hope for > 6.1 ;-) There was a rabbit hole this diff by Adam fell into. I don't

How easy is to do a MITM/spoof/etc. a public IP address?

2017-01-25 Thread C. L. Martinez
Hi all, I have received a (maybe) "stupid" request from one of our customers. We have a pair of public OpenBSD firewalls (CARPed) that our development team use to access to several customers via VPN IPsec tunnels. But this morning we have received a request from one of these cutomers to

Re: OpenBSD BFD Implementation

2017-01-25 Thread Marcus MERIGHI
umoorjani.v...@gmail.com (Uday MOORJANI), 2017.01.24 (Tue) 13:24 (CET): > Hope all is fine. I'm trying to find an implementation of BFD for OpenBSD > and I read Peter's that is was still under development. My questions are: You could check current status here: