Introducing pf-badhost and unbound-adblock
Hi everyone, I thought I would share a couple scripts I wrote to block ads and bad hosts. I have found them to increase web-browsing speed and reduce battery consumption, especially on mobile devices. They also help reduce pop ups and fake sites, especially on mobile/in apps. I have also found pf-badhost to reduce noise in my httpd/ssh auth logs. I used to get over 10,000 ssh attempts per day on my router, now I usually get less than 100 a day. Another added benefit of pf-badhost is that it blocks Shodan scans, which may appeal to some. I shared a similar script on misc@ earlier this year and received positive feedback, so I thought I would clean up the scripts and write a how-to guide. Enjoy! https:/www.geoghegan.ca https://www.geoghegan.ca/pfbadhost.html https://www.geoghegan.ca/unbound-adblock.html
Encryption of two disks on the same host
I want to use full disk encryption on all of the disks of a host (two hosts). They can have the same password. How should I do this? 1. A method that I know will work is to make separate CRYPTO discipline softraid devices for each disk, install on one of them; and configure and mount the other disk encryption by calling bioctl rc.local. I would either type the password twice or use a keydisk stored on the first softraid device. 2. I could make a RAID 0 or CONCAT discipline device to combine the two devices and then make a CRYPTO discipline device on top of that, but my reading of the manual pages suggests that I can't install boot(8) on this. 3. Perhaps I could do the option 2 and add a new disk (SD card) that I use just for installing boot(8). (If I'm doing that, I might use the same SD card for both boot and keydisk.) Are there other approaches I should consider? And, if I want to put boot on a separate disk, which question in the installer do I specify that in?
Re: "Missing operating system" after i386 dual boot install
On Sun, Aug 5, 2018 at 5:02 AM Sijmen J. Mulder wrote: > Success! > > Unfortunately NT4 predates the BCD but I managed to do something > similar by adding the following line to C:\boot.ini: > > C:\openbsd.pbr="OpenBSD" > > I still wonder why it wouldn't boot from the partition directly but at > least it works and I'm happy to report that OpenBSD performs remarkably > well on this old hardware (PIII 800 MHz, 128 MB RAM). > > Sijmen > That's awesome! I've been dual-booting OpenBSD since the Win2000 era using the NT Boot loader, and don't recall how I had to do it back then, but I don't think it had BCDEdit either. I probably had to do the same thing. Anyhow, happy to help, and enjoy OpenBSD on that thing.
Re: Error adding tunnel to mgre interface
On 1/08/2018 7:52 p.m., j...@snoopy.net.nz wrote: Hi, I am trying to add a tunnel to an mgre interface. I can't get past the following error. $doas ifconfig mgre0 destroy $doas ifconfig mgre0 create $doas ifconfig mgre0 tunnel 192.0.2.1 192.0.2.1 ifconfig: SIOCSLIFPHYADDR: Invalid argument $ $ifconfig mgre mgre0: flags=8800 mtu 1476 index 9 priority 0 llprio 3 encap: vnetid none groups: mgre tunnel: (unset) ttl 64 nodf $ This is on a default install with patches up to and including 014. OpenBSD 6.3 GENERIC.MP#7 amd64 If anyone has had success setting up an mgre interface then I would appreciate a little advice. Regards Joe I found the answer in an openbsd-cvs archive. Ref. https://marc.info/?l=openbsd-cvs&m=151977078027087&w=2 Example command. >$ doas ifconfig mgre0 tunneladdr 192.0.2.1 >$ ifconfig mgre mgre0: flags=8800 mtu 1476 index 24 priority 0 llprio 3 encap: vnetid none groups: mgre tunnel: inet 192.0.2.1 ttl 64 nodf Regards Joe COok --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
Re: "Missing operating system" after i386 dual boot install
Success! > Did you read the FAQ on multi-booting where they talk about > creating the> openbsd.pbr file and using bcdedit? In running dual-boot with > Win7/OpenBSD on one system, and Win10/OpenBSD on another, and the > procedure in the FAQ has worked well for me. > https://www.openbsd.org/faq/faq4.html#Multibooting Unfortunately NT4 predates the BCD but I managed to do something similar by adding the following line to C:\boot.ini: C:\openbsd.pbr="OpenBSD" I still wonder why it wouldn't boot from the partition directly but at least it works and I'm happy to report that OpenBSD performs remarkablywell on this old hardware (PIII 800 MHz, 128 MB RAM). Sijmen
Re: Can't open /dev/bio on arm
On Sun, Aug 05, 2018 at 10:39:10AM +0200, Janne Johansson wrote: > Is there MAKEDEV things to add also? No, the MAKEDEV and conf.c parts are already there. It should be possible to use softraid with ramdisks on arm* with future snapshots, just not as a boot volume.
Re: Can't open /dev/bio on arm
Is there MAKEDEV things to add also? Den sön 5 aug. 2018 09:15Jonathan Gray skrev: > On Sat, Aug 04, 2018 at 06:38:20PM +1000, Jonathan Gray wrote: > > On Sat, Aug 04, 2018 at 05:37:11PM +1000, Jonathan Gray wrote: > > > On Sat, Aug 04, 2018 at 09:33:45AM +0300, Kihaguru Gathura wrote: > > > > Hi, > > > > > > > > I am getting message: bioctl: Can't open /dev/bio: Device not > configured > > > > > > > > No clue whatsoever on how to go about this. Please assist. > > > > > > > > Instructions > > > > -- > > > > almandine# fdisk -iy sd0 > > > > Writing MBR at offset 0. > > > > almandine# fdisk -iy sd1 > > > > Writing MBR at offset 0. > > > > almandine# disklabel -E sd0 > > > > Label editor (enter '?' for help at any prompt) > > > > > a > > > > partition: [a] > > > > offset: [64] > > > > size: [15727571] * > > > > FS type: [4.2BSD] RAID > > > > > w > > > > > q > > > > No label changes. > > > > almandine# disklabel sd0 > layout > > > > almandine# disklabel -R sd1 layout > > > > almandine# rm layout > > > > almandine# bioctl -c 1 -l sd0a,sd1a softraid0 > > > > bioctl: Can't open /dev/bio: Device not configured > > > > -- > > > > > > softraid is not currently built as part of the ramdisk kernel on arm* > > > also the case for landisk, loongson, luna88k, octeon, sgi, socppc > > > > bio as well > > And then someone needs to add support to armv7/arm64 efiboot to be able > to boot from it like amd64, i386 and sparc64 can. > >
Re: Can't open /dev/bio on arm
On Sat, Aug 04, 2018 at 06:38:20PM +1000, Jonathan Gray wrote: > On Sat, Aug 04, 2018 at 05:37:11PM +1000, Jonathan Gray wrote: > > On Sat, Aug 04, 2018 at 09:33:45AM +0300, Kihaguru Gathura wrote: > > > Hi, > > > > > > I am getting message: bioctl: Can't open /dev/bio: Device not configured > > > > > > No clue whatsoever on how to go about this. Please assist. > > > > > > Instructions > > > -- > > > almandine# fdisk -iy sd0 > > > Writing MBR at offset 0. > > > almandine# fdisk -iy sd1 > > > Writing MBR at offset 0. > > > almandine# disklabel -E sd0 > > > Label editor (enter '?' for help at any prompt) > > > > a > > > partition: [a] > > > offset: [64] > > > size: [15727571] * > > > FS type: [4.2BSD] RAID > > > > w > > > > q > > > No label changes. > > > almandine# disklabel sd0 > layout > > > almandine# disklabel -R sd1 layout > > > almandine# rm layout > > > almandine# bioctl -c 1 -l sd0a,sd1a softraid0 > > > bioctl: Can't open /dev/bio: Device not configured > > > -- > > > > softraid is not currently built as part of the ramdisk kernel on arm* > > also the case for landisk, loongson, luna88k, octeon, sgi, socppc > > bio as well And then someone needs to add support to armv7/arm64 efiboot to be able to boot from it like amd64, i386 and sparc64 can.