* Steve Shockley [2010-01-12 01:36]:
> The Compaq/HP Smart 5 and above controllers (ciss) should work well.
"ciss" and "work well" in one sentence without a negation involved?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Servi
* Vadkan Jozsef [2010-01-10 12:40]:
> Is it possible?
yes, you just have to write the code
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* nixlists [2010-01-11 02:20]:
> If I'd want to buy a laptop, I'd want nothing else than the recent
> MacBook or MacBook Pro
stockholm syndrome
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail
as no trouble running the
> ruleset.
no idea what's going on there, never seen anything like that, never
heard anything like that, undebuggable with the info at hand.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* nixlists [2010-01-06 09:33]:
> On Wed, Jan 6, 2010 at 2:31 PM, Henning Brauer wrote:
> > I really like the 275 -> 420MBit/s change for 4.6 -> current with pf.
>
> Disabling pf gives a couple of MB/s more.
really. what a surprise.
--
Henning Brauer, h...@bsws.de, henn.
for years. others have improved performance in subsystems
used. i almost always bench my changes. i cannot point my finger to
one change between 4.6 and -current that is the cause for this
improvement, there were a few - and i keep forgetting what made 4.6
and what was after.
--
Henning Bra
adjustment to push much more traffic than GENERIC can, and this is a really
> hard task to accomplish unless you are a @henning or @claudio :)
heh :)
I really like the 275 -> 420MBit/s change for 4.6 -> current with pf.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Service
* Lars Kotthoff [2009-12-19 23:27]:
> I've just upgraded to 4.6 and symon/symux don't seem to record any mbuf data
> --
> no error messages, there's just nothing in the rrd file.
you need to delete the pre-4.6 rrds
(don't take my word for it that 4.6 was the poin
* Floor Terra [2009-12-19 19:10]:
> On Sat, Dec 19, 2009 at 6:08 PM, Henning Brauer wrote:
> > * Floor Terra [2009-12-19 16:47]:
> >> But in my experience copy/paste of code in any language is dangerous.
> >
> > [ ] you have ever seriously used C
> >
* Floor Terra [2009-12-19 16:47]:
> But in my experience copy/paste of code in any language is dangerous.
[ ] you have ever seriously used C
heck, even perl.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and
* Randal L. Schwartz [2009-12-19 00:34]:
> There's really no excuse for not knowing Perl and Python these days.
any excuse to not know python is a good and valid one. any.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure
xpose the fact that
they use 4K blocks internally, they pretend to work with the
traditional 512byte blocks. And there is a trap there, as the original
article points out.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Ma
at strips private AS out
> of the path, but still advertises them, which isn't supported.
we really gotta fix that.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
f IO for a soekris.
>
> It's possible to kill CF cards doing builds or similar. The wear leveling
> isn't that great.
hahahahahahahahaha
try it. on something recent. come back in 10 years when you suceeded.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http:/
. If I have missed something, someone
> please chime in on how to configure pf to do this. Thanks.
correct.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Sam Watkins [2009-12-13 22:26]:
> On Sun, Dec 13, 2009 at 02:53:48PM -0600, acam...@the00z.org wrote:
> > huh? many of us are using qemu on their laptops to hack on openbsd.
> > i'm not doing this, and i doubt any of the others does.
>
> > Yup, me neither need this to run OpenBSD on qemu...
>
>
> http://sam.nipl.net/qemu.html
>
> The short answer for OpenBSD networking in qemu:
>
> config -ef /bsd
> disable mpbios
> quit
huh? many of us are using qemu on their laptops to hack on openbsd.
i'm not doing this, and i doubt any of the others does.
--
Henning Bra
s under #ifdef INET6, so that is the knob.
it works, it has to work, because some install kernels are inet-only.
I don't bother. I run GENERIC or GENERIC.MP, period. using -inet6 in
the hostname files and blocking all inet6 shit on the firewalls is
good enough.
--
Henning Brauer, h...@bsws.d
So, how options we have?
we'd really like that functionality (with pflow(4), of course) but no
good idea on how to do that yet.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Michiel van Baak [2009-12-04 10:38]:
> On 11:11, Fri 04 Dec 09, Ismail OZATAY wrote:
> > Can i use one my interfaces both some network and pfsync ?
>
> If you run it over ipsec, yes.
and if you don't do so as well.
personally, I'd use vlans.
--
Henning B
* Joakim Aronius [2009-12-01 15:54]:
> * Henning Brauer (lists-open...@bsws.de) wrote:
> > * Alastair Johnson [2009-12-01 12:00]:
> > > Got the following error on 2 identical firewalls last night:
> > >
> > > uvm_fault(0xd0891180, 0x0 0, 3) ->
he ISO /OpenBSD/4.6/i386/install46.iso
please get the latest stable. this really looks like an issue i fixed
after release.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
* Derek Buttineau [2009-11-26 15:07]:
> On 2009-11-25, at 6:23 PM, Henning Brauer wrote:
>
> > check ifconfig -g carp on both
>
>
> Right now both are at:
>
> carp: carp demote count 0
>
> However, I did check that before I rebooted the backup unit and the ma
* Aaron Mason [2009-11-26 00:16]:
> upgrade to 4.6, a number of enhancements in PF [...] since 4.1
"a number", yes - somewhat close to "has been rewritten"
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secur
* open...@e-solutions.re [2009-11-24 14:16]:
> Using DHCP is not possible, pf block it
certainy not. dhc{p,lient} use bpf. outside pf. pf doesn't even see
those packets.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosti
* AG [2009-11-21 23:41]:
> Depends on whether one trusts the NSA or not.
right, of course the NSA gets commit access and peer review rules
don't apply. right.
$ finger nsa
finger: nsa: no such user.
hmm.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http:/
address).
> >
> > I am not sure if this is a feature or a bug, but I googled around with
> > no success in order to make it work as I want.
> >
> > Any help is appreciated.
> >
> > Thanks in advance
> >
>
>
> --
>
> Ciao Ciao
&g
or the table. they're off by default for
some time now (saves memory, a lot).
I won't paste an example here as reading the manpage bits about it
will enlighten you more :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
>
> >If you serve 800MB of file data through ftpd then yes.
> >
> >>3. Is it normal that this memory seems to be lost from the system?
> >
> >yes. The keyword here is "seems".
> >
> >The memory is used for caching the file contents in cas
after the anchor (or one rule per direction) or
> the traffic may be blocked.
we could add a "pass tagged FTPTAG" rule in that case, or just
document the fact. the assumption is that you want to do something
with the packets afterwards if you are tagging, so i tend to "just
* Bryan S. Leaman [2009-11-13 17:37]:
> Henning Brauer wrote:
> >* Bryan S. Leaman [2009-11-13 01:12]:
> >>I'm converting a pf ruleset to work with the new nat/rdr changes in 4.6
> >>-current and I came across an issue that seems like a problem in the way
>
e Creations: 0 ]
> pass out log inet proto tcp from 192.168.99.237 to 10.0.1.21 port = 47008
> flags S/SA keep state (max 1) tag FTPPROXY rtable 0 nat-to 192.168.99.237
> [ Evaluations: 1 Packets: 0 Bytes: 0 States: 0
> ]
> [ Inserted: uid 71 pid
is looks very much like you have "set debug loud" or "pfctl -x
> > loud". Unless you're actually debugging a condition where having that
> > level of information available is useful, well, it does generate a lot
> > of messages.
> >
>
> I have
&
* Steve Shockley [2009-11-09 04:59]:
> On 11/8/2009 7:40 PM, Henning Brauer wrote:
> >cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz ("GenuineIntel" 686-class) 1.61 GHz
> >cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz ("GenuineIntel" 686-class) 1.61 GHz
> >
oard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lm0 at isa0 port 0x290/8: W83627DHG
lm1 detached
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
ohci0 at cardbus0 dev 0 function 0 "Opti 82C861" rev 0x10: irq 268
* Didier Wiroth [2009-11-08 14:36]:
> On Saturday 07 November 2009 18:51:03 Henning Brauer wrote:
> > supermicro has atom-based systems. i have such a board an am happy
> > with it.
>
> Thank you very much for your feedback, it gave me a good overview!!!
>
> This
ns caching
>
> I was wondering if some of you are using this type of low power
> hardware at home?
> Can you recommend such a rack-mount device?
> Can you recommend a european online reseller?
supermicro has atom-based systems. i have such a board an am happy
with it.
--
Henning Brauer,
* Eric Faurot [2009-11-06 10:43]:
> On Fri, Nov 06, 2009 at 10:07:51AM +0100, Henning Brauer wrote:
> > * Robert Waite [2009-11-05 20:08]:
> > > I have been on OBSD 4.4 for a bit and had not really messed with pf.conf
> > > for
> > > a while.
> > &
icitly says the are
> functionally
> equivalent. Is there a reason to use one over the other... or will one be
> deprecated?
they are not identical, they can serve the same purpose.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
at help performance
> of a packet forwarding box (again, ignoring locally-sourced
> connections)? I'm thinking about buffers, default MSS, ECN, window
> scaling, SACK, etc. I know it doesn't hurt to turn them on, but am I
> doing any good for the connections I'm forwarding?
>
> Thanks for any input and advice you can provide; I'm looking forward
> to using PF for another 10 years... =)
just use 4.6 and don't push buttons - you won't need to.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
oh sorry - forgot the HOWTO:
1) get shell access
2) type "man pf.conf"
3) look for "optimization"
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
info
>
> it only shows log for sk0
yes, that is exactly the purpose of set loginterface.
pfctl -vvsI is what you're after.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
php to 5.2.11, from -stable.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
any of your configured ntp servers in
those 10 seconds and gave up on the initial stepping. what should ntpd
do? sit there forever?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
e-assify I
> could run?
yes:
echo "delete this pic of my ass: http:///"; | mail -s "asspic" henning
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
amp;manpath=OpenBSD+4.6&arch=i386&format=html
>
> There is no ldpd or ldpdctl program in OpenBSD. Maybe you mean ldp and
> lpc?
they are not part of the regular builds yet since they aren't ready
really. you have to build them yourself from
/usr/src/usr.sbin/ldp{d,ctl}. manpa
udio or me.
> If there was a porting effort, could the changes be incorporated into
> the existing project, or would a portable OpenBGPd need to be a
> separate project?
openssh style
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
gp
speaker only flawed. many things can only properly or at all be done
at kernel level or with kernel support.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* Vadim Zhukov [2009-10-05 13:38]:
> Currently pf accepts both rules with address family set to
> AF_INET/AF_INET6 and to plain 0. It behaves correctly in both ways, but
> I'm not sure, is it desired to have rules with address family
> unspecified?
yes.
--
Henning Brauer, h
Bytes: 0 ]
In6/Block: [ Packets: 46 Bytes: 3312 ]
Out6/Pass: [ Packets: 2 Bytes: 136 ]
Out6/Block: [ Packets: 0 Bytes: 0 ]
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
dr-to $c \
> route-to ($if3 $gt3) reply-to ($if2 $gt2) dup-to $if4
this doesn't work right now, see above, that soves it
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* Tom Van Looy [2009-09-23 12:32]:
> Henning Brauer wrote:
> > so, otto, tedu, matthieu, oga and myself went to eurobsdcon in
> > cambridge. to take the summary ahead, it was a very nice event.
>
> Thanks you all for doing the presentations and sharing the
> papers/slid
that for future events by submitting openbsd
talks (don't be afraid, you don't have to be a developer to speak,
"this is how we use OpenBSD"-style talks are fine too) and/or come as
attendee to these events.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Servic
* Robert [2009-09-17 16:34]:
> On Thu, 17 Sep 2009 11:16:58 +0200
> Henning Brauer wrote:
>
> > * Aaron Mason [2009-09-17 03:52]:
> > > Would these drives by any chance be similar to the 1.8" ZIF drives
> > > used in (*shudder*) 5th gen iPods? I h
a interface. which is exactly the issue - nothing else does.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* - Tethys [2009-09-16 17:37]:
> On Wed, Sep 16, 2009 at 3:39 PM, Henning Brauer
> wrote:
>
> >> Building from source is light years more difficult than
> >> 'apt-get update && apt-get upgrade, or 'yum upgrade' or
> >> the like.
> &g
the machines?
> Again. OpenBSD really sucks at this one.
wut? trivial. takes me under 5 minutes usually.
> Building from source is light years
> more difficult than 'apt-get update && apt-get upgrade, or 'yum upgrade' or
> the
> like.
so don't fucking do
y to do this that I may
> obviously have miss by not doing it via PF?
you know nothing about that setup and make invalid assumptions.
i won't elaborate more on this setup, it's not mine, we just run some
stuff for them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* Florian Fuessl [2009-09-15 17:31]:
> Hi Henning,
>
> > -Original Message-
> > From: owner-m...@[...] on Behalf
> > Of Henning Brauer
> > Sent: Tuesday, September 15, 2009 2:39 PM
> > Subject: Re: Defending OpenBSD Performance
> >
> > *
this bgp router as well may well be very educating to many.
>
> I don't know how up-to-date is, but it's a good reference:
> http://www.bsws.de/en/technic/network.shtml
the router in question is not in that network.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS We
* Daniel Ouellet [2009-09-15 16:21]:
> Henning Brauer wrote:
>> * Nick [2009-09-15 13:52]:
>>> Yep. Most performance-oriented thing I've done with OpenBSD was
>>> firewalling a 45Mbps T3 line. It did tax the machine a little bit,
>>> but the primary fir
er was a PIII-750, which
> showed a lot lower load, I think it was more the cache than the MHz).
i have a bgp machine forwarding 800MBit/s of real world generic
internet traffic. can handle at least twice that. enough of a
benchmark?
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Serv
t;
> while this is working:
>
> pass in quick log on vlan101 reply-to {(vlan101 a.b.c.14)}
http://www.openbsd.org/faq/current.html#20090902
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicate
* J.C. Roberts [2009-09-03 19:12]:
> On Wed, 2 Sep 2009 18:16:54 +0200 Henning Brauer
> wrote:
> > i don't see any connection to force10.
> >
> > the successor of the 9000 line is the 8200zl and from all i can tell
> > (i never touched on of those myself) has
/s HP specs for the 8200,
and the force10s are way way way more expensive. different league,
entirely.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
er archs a bit later... like always :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
t. thanks guys.
and now it is your time. test this as much as you can, to avoid
surprises in 4.7, and bugs showing up after release... we really want
to find them beforehands, right?
henning
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Se
mall village called openbgpd we've done that from day #1
on, and there is no button to disable it. i actually had the flap
dampening in my first prototype that couldn't do anything with update
messages but drop them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services,
* Olivier Mehani [2009-08-14 14:45]:
> On Thu, Aug 13, 2009 at 05:31:39PM +0200, Henning Brauer wrote:
> > > I'm suspecting that syntax b�(interface)b� in pf.conf only
> > > resolves to the IPv4 addresses of the interface.
> > wrong.
>
> Right, thanks
* Nice Daemon [2009-08-14 13:08]:
> The point was that Henning started insulting.
I didn't.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application
what you consider "harsh tone" was very efficiently pointing you to
the problem, without useless chatter (like this mail).
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers
* Olivier Mehani [2009-08-13 17:28]:
> I'm
> suspecting that syntax b�(interface)b� in pf.conf only resolves to the
> IPv4 addresses of the interface.
wrong.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting
* Nice Daemon [2009-08-13 17:00]:
> On Thu, Aug 13, 2009 at 4:46 PM, Henning Brauer wrote:
> > * Nice Daemon [2009-08-13 16:33]:
> > > inet xx.yyy.253.225 netmask 0xff00 broadcast 255.255.255.255 (this is
> > > carp IP in upstream VLAN, AFTER your hint)
> > i
* Nice Daemon [2009-08-13 16:33]:
> inet xx.yyy.253.225 netmask 0xff00 broadcast 255.255.255.255 (this is
> carp IP in upstream VLAN, AFTER your hint)
it might be after my hint, but you didn't follow my advice. you want
netmask 0x there. aka /32. aka 255.255.255.255.
when
the phys interfaces do not have an IP from the subnet in question.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
rk does not change uids. none of them.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
dy showed a serious lack of understanding for tcp.
no I won't elaborate, using my time to code (in another area) is more
productive (and more fun) than using it to talk about code that won't
be written.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full
s only a ftp-proxy anchor.
it has userland helpers for the most relevant protocols.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* Christiano Farina Haesbaert [2009-07-21 21:02]:
> openbsd usually runs on small underpowered servers/routers
rright.
it's also slow, ya know.
and beer is dry.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosti
ion of a new state an identical existing state was found.
that should not happen, but the code deals fine with it.
in -current that message is a bit more verbose to allow diagnostics.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure
* Sevan / Venture37 [2009-07-14 19:50]:
> Still some time to go but wondering, who's going?
> I'm very much looking forward to attending for the time.
otto, tedu and I will be speaking. enough incentive? :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services
* Owain Ainsworth [2009-07-14 18:33]:
> On Tue, Jul 14, 2009 at 04:19:28PM +0200, Henning Brauer wrote:
> > * Owain Ainsworth [2009-07-14 16:12]:
> > > On Tue, Jul 14, 2009 at 03:23:09PM +0200, Nido wrote:
> > > > According to the xclock man page, under options, a
sted on my laptop with a -current snapshot from 07/07. The
> > video card is an Intel GM965 builtin (8086 2a03).
>
> You are correct. However, xclock is part of the X.org project and thus
> it would be best if you could report this bug upstream at
> http://bugs.freedesktop.org.
i
& PF_OPT_QUIET) == 0) {
fprintf(stderr, "debug level set to '");
switch (level) {
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
otice these bad guys and
> block them.
>
> The obvious method of add them to a queue and
> Using "overload" to block the source IP can
> not be used (with the current 4.5 version of pf
> since you cannot add a packet to a queue that
> is blocked.
yes it'll work.
that
#x27;t it? :)
revision 1.176
date: 2002/10/29 15:23:38; author: henning; state: Exp; lines: +16 -2
introduce
set require-order [yes|no]
default is yes.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Servi
* Egbert Krook [2009-06-21 11:58]:
> I've run into a small problem with pfctl as it's no longer showing the
> details for each individual IP address in our tables, just the date the
> table was last cleared.
really. reading the manpage would solve your confusion.
--
rs (mail, files etc etc), which I can see makes
>> sense.but without having evidence it's pointless making a claim.
>>
>>
>>
>> Thanks :-)
>>
>> ___
>> freebsd-sta...@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
>
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
* Pete Vickers [2009-06-19 10:06]:
> On 19. juni. 2009, at 00.10, Henning Brauer wrote:
>> * Pete Vickers [2009-06-19 00:02]:
>>> Actually, the sooner the IPv4 space gets used up the
>>> better, then everyone will have to migrate to IPvShit, and be done
>>
* Pete Vickers [2009-06-19 00:02]:
> Actually, the sooner the IPv4 space gets used up the
> better, then everyone will have to migrate to IPvShit, and be done with
> it.
that doesn't solve a single problem.
in return, you get a plethora of new ones on top.
--
Henning Brauer
d to change the damn battery or is
> there an issue with ntpd with a large skew ? Thanks in advance.
no.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
d: pf: state key linking mismatch! dir=OUT,
> if=bge0, stored af=2, a0: 10.136.248.119:42137, a1: 10.137.0.130:993,
> proto=6, found af=2, a0: AAA.AAA.AAA.AAA, a1: BBB.BBB.BBB.BBB, proto=47.
fixed in -current and no need to worry really
--
Henning Brauer, h...@bsws.de, henn...@openbsd.o
; Is this idea that I'm figuring out possible or have I missed something?
definately possible.
> Has anyone set up such an architecture before?
ya
> Any hints or suggestions for improvements?
do it :)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws
multiple connections to one server), and the
server to listen on a bunch of IPs
it is all reasonably simple. I have asked for it before, and now, a
year later, it has not been done. I bet it won't change in a year. But
that pessimism is just lack of information, so prove me wrong.
--
Henning Brauer,
* Georg Kahest [2009-06-02 10:01]:
> The rules look identical to me at the moment, but i will doublecheck
> them, one thing thou i dont have same interface names at both boxes,
that is your problem.
checksum in pfctl -vsi must be identical.
--
Henning Brauer, h...@bsws.de, henn...@openb
ue it should use is at 8mbit.
that is expected with states without reference back to a rule. this
clearly proves your rulesets are not identical, because otherwise that
ref would have been there.
and in any case - current behaves differently, queueing info now lives
on the state.
--
Henni
essor.
> But it won't to compile.
>
> Where I was wrong?
you don't have the changed pfvar.h in /usr/include/net/
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
mic part of the dynamic
> pattern of 512Kbit / s for each rule.
i might be willing to review your code once you submit it
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
rk goes down?)
oh cut the crap. re(4) cards are ok.
I would not exactly run my performance critical core routers on them,
but that is not their purpose. re is not rl.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Ma
* irix [2009-05-27 06:14]:
> May be someone better to write in a kind of pseudo device ifb
may be someone better to do my laundry
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Serv
601 - 700 of 1586 matches
Mail list logo
