Oh. That's too bad. Why is that? I mean why drop something that is working
and might be of need for at least some people?
Wow, you sure like to make presumptions.
It was dropped because it was unmaintained and unmaintainable. It did
not fit into the system, and it did not work.
Anyway. As
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2009/04/25 11:36:48
Modified files:
etc: Makefile
Added files:
etc/root : dot.Xdefaults
etc/skel : dot.Xdefaults
Log message:
Provide users by default with
I concede, this mail and my solution was not completely thought out.
While making Xsession/xinitrc (tried startx since my first e-mail) run
under sh -l would source .profile
And what if a person's shell is actually csh, or some other shell?
Then it does not work.
So OpenBSD 4.5 will be available soon, next weekend.
I feel that I should urge people to avoid the new snapshots until
after they give 4.5 a try, because a few of us have been improving the
system installer a little bit. It is night and day.
Therefore; don't try to install a -current snapshot
Why do only certain wireless cards support host AP mode or IBSS mode?
Because someone has to _want_ to do the work.
I understand not everyone can do the work, but why bother making lists.
It isn't going to encourage anyone to want to.
Why don't you all see that?
We are not your slaves.
root on cd0a swap on cd0b dump on cd0b
stopped at debugger+0x4,leave
Panic: cannot read disklabel, 0x600/0xf00, error 5
What official release CD did you generate this error on?
by Theo de Raadt,
Mark Kettenis, and Miod Vallat. X11 builds by Todd Fries and Miod Vallat.
ISO-9660 filesystem layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those who
I think the crypto framework still
does too many context switches for small operations. IIRC It also
doesn't do much load balancing when you have multiple accelerators in
the system.
I'm not too interested in accelerator cards at this point, just
software implementations (i.e.,
On Thu, Apr 30, 2009 at 9:42 PM, Ted Unangst ted.unan...@gmail.com wrote:
If you turn on cryptodevallowsoft and run openssl speed -evp
aes-128-cbc, you can watch the crypto thread in the kernel soaking up
cpu. In order for the thread to be running, you're definitely context
switching to
For instance, you have a hifn and a via cpu. Which does [should] crypto use?
It should use the via, since it is way way way faster :)
Well, you did not build your tree correctly. It is well documented in
'man release' and in the /usr/src/Makefile
I just tried to patch a virgin OpenBSD 4.5 installation by applying
001_openssl.patch (Version 2).
After successfully rebuilding and installing the library, as well as
I am running OBSD 4.4/i386 on a Dell Inspiron 6400 (E1505) w/ 2GB RAM
and a 2.0 GHz Intel Core 2 Duo CPU (Merom).
I am running the GENERIC OBSD 4.4/i386 'bsd' kernel and would like
to set up the bsd.mp kernel instead.
How do I go about this?
cd /
mv bsd bsd.sp
mv bsd.mp bsd
reboot
I am running OBSD 4.4/i386 on a Dell Inspiron 6400 (E1505) w/ 2GB RAM
and a 2.0 GHz Intel Core 2 Duo CPU (Merom).
I am running the GENERIC OBSD 4.4/i386 'bsd' kernel and would like
to set up the bsd.mp kernel instead.
How do I go about this?
cd /
mv bsd bsd.sp
mv bsd.mp bsd
Another way would be through creating/editing /etc/boot.conf and
having an entry for the mp kernel
ex: boot wd0a:/bsd.mp
where wd0a is your root partition.
I recommend against that.
Firstly, one developer has already been fried on an upgrade using the
-current bsd.rd
Secondly, it is
On Sun, 3 May 2009 08:45:55 -0700
J.C. Roberts list-...@designtools.org wrote:
Thirdly, it should be removed. The new installer destined for 4.6
already does the right thing, so the i386\amd64 specific etc/boot.conf
hack is redundant and leads to confusion.
Hmm, how should I specify
On Mon, May 04, 2009 at 01:38:16PM -0600, Bob Beck wrote:
Look dude, that ftp site made something available before any of the
second level mirrors were even opened up to other sites to retreive
it. Deliberate action was taken to release something early without
mirroring it from a
apparently, the format of index.txt has changed: the
'old' index, as shipped with 4.5, just lists the basenames,
while a current index.txt is a 'ls -l'. Is this just for snapshots,
or for future releases too? Is this temporary, or should my scripts
expect this format from now on?
scripts
It is that time again. I have just activated pre-orders for CDs,
tshirts, and posters for the 5.1 release -- due May 1.
http://openbsd.org/orders.html
At the same time, I am making available the song that will come out
with the release (hmm, it is still moving out to the ftp mirrors at
some insights for people using GPS for very critical server time keeping
http://www.dw.de/dw/article/0,,15817272,00.html
This misses the point in a rather large way.
Most of this jamming makes the true GPS signal hard to receive.
When the signal cannot be received, the existing free-running
Oh my god ... does not work for me since I don't belive in that kind
of god. It's not a balony, just some information. Did you read the
article till the end? After a few paragraphs I said oh, it is just a
jamming, but furthermore the team explained that some already
available devices are
The manpage of access(2) says
CAVEATS
access() and faccessat() should never be used for actual access
control. Doing so can result in a time of check vs. time of use
security hole.
However, access() is used in test(1):
case FILRD:
return
Today we are releasing one of the extra songs which can be found on
the 11-release celebration audio CD. KMFDM!
It is called Shut up and Hack, and you can find a description of
it at
http://www.openbsd.org/lyrics.html#audio_extra51
As well, the MP3 file:
Seeing the work that is done on nginx as Daily changelog shows I was
thinking the same, that eventualy nginx will replace httpd (it cannot
replace apache).
About that too many files open, I run it this once, but Stuart
Henderson suggested to alter the values in /etc/login.conf. I was
was
expecting some decent values there, but I found out from FAQ that the
default file has the corespondent values for the minimal hardware
system OpenBSD is able to run on, so the giant machines need
adjusting.
On Wed, Mar 28, 2012 at 11:44 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote
I'd like to see every program (with program name) that listen something on
network. I can achive that on Linux by running netstat -lpn, like that
server:~# netstat -lpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
So your choice is between hardware which should already work in
OpenBSD and hardware which (at least the nics) is known not to
work yet but might work sometime in the future. Nobody here can
make that decision for you :)
Last time such issues happened, the people involved made sure we
had the
Some machines keep previous dmessages in mem. Scroll down to see the
most recent dmesg, or check /var/run/dmesg.boot
A cold boot wipes the dmesg buffer.
-Otto
Did something change in -current?
Might be surprising, but things always change in -current...
1. When I used flag 1 in fdisk during install, did the installer place
the new files in fdisk partition 1?
[...]
IIRC, behaviour with more than one A6 partition is undefined, but
I'd say so, since it was the first A6 the kernel encountered on
that disk.
Undefined?
Sorry. But if you
Also, while I recognize this is an edge case, I have in the past sold
systems with OpenBSD installed on them to other people, and now that I
come to think of it I have no idea whether that's legal to do with, say,
iwn-firmware installed on it (it's probably not).
Every firmware package includes a
As unbound is now in base but not yet built by default how is it built
in order to test it (is it a simple 'make install' or is more
involved)? How to add it to the list the gets built with a make
build of userland (or is this even safe)? Or is it simply best to use
packages or ports at this
On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
toby.richa...@slo.courts.ca.gov wrote:
OpenBSD does have an Upgrade
option, but does it upgrade the installed packages?
pkg_add -ui
Even more relevant: http://www.openbsd.org/faq/upgrade51.html
Interestingly, when I upgrade a
Outstanding point. The thing is this: With MS
PHP is clearly distinct from the OS. I go get it
from php.org. With BSD I must rely on the
package system.
That is balony.
On OpenBSD, you get PHP yourself, too.
PHP is not part of OpenBSD.
The package tree is a convenience. If you expect us
: Robert Barr rb...@cisco.com
To: 'Theo de Raadt' dera...@cvs.openbsd.org
Subject: RE: Patent claims on VRRP
Date: Tue, 21 Oct 2003 20:33:25 -0700
I hope CARP is successful, I really do.
Please think about my risk management comments tho. I am not trying to win
any argument
of anyone trying to follow the standards, so that
they could not later claim they did not know. It was corporatism to
the top. IETF claims having those IPR statements there is not their
own claim, but that position is retarded.
What if tomorrow I requested IETF to add a Theo de Raadt IPR statement
Wow, and look at this:
http://www.freebsd.org/news/status/report-2011-10-2011-12.html#The-New-CARP
Look at that last entry about talking to IANA!
Yet we -- who wrote the protocol -- never received a mail from any
of them.
So it is OK for him to accuse of us not going through the proper
My favorite part is above. This shit cracks me up.
Now imagine if there were proprietary tcp protocols.
All sorts of different devices running there own version.
Yes it would be a nightmare.
I think you are mixing up things. TCP? No, that was another time, a
little later:
There is a difference between an empty table and a nonexistent table,
and there is a difference between a table not existing at load time
and table being deleted.
Since you have such firm opinions, perhaps you should write your
own packet filter.
On May 30 12:14:22, Theo de Raadt wrote:
There is a difference between an empty table and a nonexistent table,
and there is a difference between a table not existing at load time
and table being deleted.
Since you have such firm opinions, perhaps you should write your
own packet
On Wed, May 30, 2012 at 2:52 PM, Fred Crowson fred.crow...@gmail.com wrote:
On 30 May 2012 21:45, patrick keshishian pkesh...@gmail.com wrote:
Hi misc@,
Lenovo won't let me replace the Realtek 8188CE mini-pci card that came
with it with another. The hardware refuses to boot with an
Lenovo won't let me replace the Realtek 8188CE mini-pci card that came
with it with another. The hardware refuses to boot with an
unauthorized network card detected or somesuch error (brilliant!).
What are the chances of getting this card working with obsd? :)
bios-mods.com has high-wire
Shame on you.
Don't you know that linking to links that link to links that have DCMA'd
is a crime?
Enjoy the bars.
On Thu, 31 May 2012 17:12:58 +0200, Ted Unangst wrote:
On Thu, May 31, 2012 at 11:11, Brett wrote:
Pursuant to a rights owner notice under the Digital Millennium Copyright
Kevin Chadwick wrote:
On Wed, 30 May 2012 13:00:45 -0400
Kurt Mosiejczuk wrote:
That's also why spamd in greylisting stutters for the first 10 seconds.
Many spammers disconnect now when stuttered at, so they give up before
even starting the greylisting process.
It might be
$ sudo ifconfig bridge0 delete athn0
ifconfig: athn0: bad value
$ sudo ifconfig bridge0 del athn0
$
Uuhm?
This is an error in the manual page.
It came about due to the merge of brconfig(8) into ifconfig(8). When
brconfig was a seperate program either delete if or del if
would do the same
On Thu, 31 May 2012 18:25:14 +0200, Theo de Raadt wrote:
Shame on you.
Don't you know that linking to links that link to links that have DCMA'd
is a crime?
Enjoy the bars.
I'm sure quoting mails that link to links that link to DCMA'd links is a
felony, too.
Perhaps we'll
Very clever. But those who give up their right to link to DCMA'd links
for a little more liberty deserve neither. Or something very close to
that.
Most of those falling into that trap are Americans, so they don't
know where you are coming from.
2012/6/1 Tyler Morgan tyl...@tradetech.net:
http://www.openbsd.org/faq/faq14.html#LargeDrive
That doesn't mention GPT, which is the problem with drives 2TB.
https://en.wikipedia.org/wiki/GUID_Partition_Table
Can OpenBSD already boot from a 4TB drive on an UEFI system?
Try to buy systems
On the other hand, GPT by itself appears useful.
What is useful about GPT? *EVERY USER* has the following
simple requirements:
1. I have a machine.
2. I want to install an operating system on it (or, have an
operating system installed from the factory)
What am I missing -- what
The apparent advantage of GPT over FDISK partitions is that it
can describe partitions 2TB for systems hosting multiple
OSes. That's all I meant. Sorry that it wasn't clear.
US-based missile-armed predator drones by themselves appear useful.
Can we please differentiate GPT from EFI. GPT may be part of the EFI
specification, but it's a standalone piece - implementing GPT is not going
to restrict anyone's freedom to do what they want with a machine. Some
possibilities EFI offers are more contentious..
You are turning it upside
Not only is greylisting fine from a protocol point of view (as others
have pointed out), the IETF is also well aware of it. This is about to
become an RFC:
http://tools.ietf.org/html/draft-ietf-appsawg-greylisting
That's a marked improvement over what appeared to be the status only a
I don't have a particular issue with most of the disk hackery that OpenBSD
currently performs, but the key detail is that at least under x86, powermac
and sgi platforms [1] it seems to work within the boundaries of the native
disk partitioning by using a custom disk format, performing custom
Theo de Raadt dera...@cvs.openbsd.org writes:
it is still false to say that greylisting wasn't permitted by the
original RFC's.
it was, and it is.
Any reasonable interpretation (IMO) of the relevant parts of RFC5321 and
RFC2821 means that greylisting is well within the protocol
This seems to come up most often regarding the math functions.
Which Unix system doesn't require -lm for those math functions?
man intro (3) comes close in OpenBSD (I did man -k libraries to find it)
It just seems like if a function requires a special library that
should be mentioned in the
On Wed, Jun 13, 2012 at 7:44 PM, Dominguez, Roland
roland.doming...@tamucc.edu wrote:
I just came across this article and was wondering if it's legit:
http://www.h-online.com/open/news/item/OpenBSD-forked-to-create-Bitrig-161695
4.html
Yes, it's legit and it reflects the reality of the facts
On Sun, Jun 17, 2012 at 16:14, Peter Laufenberg wrote:
Funny thing is, I've never been upset about the 20+ OpenBSD and
ex-OpenBSD developers who now work for google.
Do they still work on OpenBSD and contribute back?
yes. some more, some less.
first off, I do not understand the word back
The secretive nature is concerning. But I hope that this situation
can somehow turn out to be beneficial to both projects in the long
term.
As long as my favourite and most relied upon OS continues to evolve, I
will be happy. And I will certainly continue to buy from and donate
to the OpenBSD
On Mon, Jun 18, 2012 at 12:59:16AM -0600, Theo de Raadt wrote:
Ariane wants to be involved as well, but is still waiting to
see how others in the project feel.
I've changed from waiting to being involved.
And in Theo's interest in breaking secrecy: I've stepped down from
maintaining
never mind the premise that snapshots contain changes not found in the
trees, you state things to the effect of user chooses wether or not
to reboot to new kernel. didn't even bother; e.g., comparing nm
outputs
well, hang on. quite often those diffs in snapshots are not yet
commited for a
Quoting cody chandler cody.a.chand...@gmail.com:
Hello,
OpenBSD 5.1 -Release. 4 installs tested. During install when it first
asks do I want to creat a user. It does not allow me to creat the user
name
II00I00II. But after the install I can use useradd or adduser and am
On Tue, Jun 26, 2012 at 3:24 PM, richardtoo...@paradise.net.nz wrote:
I'd prefer the (small) team of developers to work on the code.
Well, that's a false dichotomy: not all OpenBSD committers work on the
code. A handful work primarily on maintaining the website and/or
documentation,
Speaking personally, I wouldn't mind if OpenBSD's website were
updated. Just no one has volunteered yet to do the dirty work of
actually coming up with a functional design and then updating the
HTML.
Talk is cheap.
Yes, talk is unbelievably cheap.
On the other hand, if whatever anyone
On Wed, Jun 27, 2012 at 08:19, Alvaro Mantilla Gimenez wrote:
Really? Can we do that? Seems, by this thread and previous about this
subject,
that nobody is waiting for any diffs regarding this
There's so much low hanging fruit that could be improved before
somebody starts dicking
Be realistic. Talking about it on misc won't change anything.
Dear Your name should be here ;-) ,
I have been considering the implications for BSD and
Linux and any non-MS O/S of the implementation of UEFI
Secure Boot (SB).
As I understand it, ARM devices wishing to receive Win8 cert
are
I remember some early 5.1 snapshot which installed and successfully run
without /etc/fstab
however, 5.1-RELEASE came with /etc/fstab
it would be nice to move system from one server to another without having
to bother about /etc/fstab (I moved several of them due to buggy hardware).
is it
As many of you know, we continue to build packages on a lot of
architectures which you don't have anymore, since quite often bugs are
exposed which affects the mainline architectures.
Unfortunately, we are running low on 32-bit sparc machines. If any of
you have ss20's in good shape to give to
I guess you are talking about mitigation mechanisms.
I am not aware of any stdio protection mechanisms.
However, our atexit has a bizzare quirk, as does our malloc.
These functions protect their own internal data structures by
mprotect()'ing them as non-writeable after updating them.
It isn't
On Mon, Jul 16, 2012 at 08:45:30PM +0200, [BG-Consulting] Elmar Bschorer
wrote:
What do you mean with ss20?
Actually a good question. At least for those old enough to remember the
Soviet era SS-20 intermediate-range ballistic nucelar missiles.
I'd like one of those too.
On 07/19/12 10:42, Erling Westenvik wrote:
On Mon, Jul 16, 2012 at 08:45:30PM +0200, [BG-Consulting] Elmar Bschorer
wrote:
What do you mean with ss20?
Actually a good question. At least for those old enough to remember the
Soviet era SS-20 intermediate-range ballistic nucelar
I'm about to write an article on OpenBSD's brilliant design, mainly to make
things clearer to myself as well as my coworkers - all of whom have been
using FreeBSD for the past 15 years. All of whom have recently converted to
OpenBSD due to the need for something simpler to base our
I don't find this controversial, except the notion that sticking with
blunt tools to solve a human/procedural problem is a good idea.
How else should I, as the maintainer of the trunk, contain the damage
from these human/procedural problems? Careful -- every suggestion you
want to suggest now
Can anyone report a successful suspend and resume in a Thinkpad T410 or
T420?
Yes, yours resumes fine (so do others).
My T410 with current (5.2) resumes but with usb ports down (no power).
This is a known bug with the T410, T510, x201, and x201s. I've spent
a lot of time trying to find a
It is good sense to push unix users into a mentality that usernames
should be lower case by default.
I don't see any reason to change it.
The choice of usernames during OBSD install is more restrictive than adduser.
For example install does not allow capital letters in usernames.
I read up
Donation request:
I am looking for 1 or 2 very fast 1u x86 machines (for instance
fast-cpu dell r610) so that I can do a refresh of the ports tree
amd64-build machines with newer hardware.
The current machines are lagging in performance and I want to improve
the build times. The two faster
Donation request:
I am looking for 1 or 2 very fast 1u x86 machines (for instance
fast-cpu dell r610) so that I can do a refresh of the ports tree
amd64-build machines with newer hardware.
The current machines are lagging in performance and I want to improve
the build times. The
(For sake of the argument: pfctl has options, maybe they should be a
rc.conf option for it?)
pfctl is not a daemon per se, as opposed to e.g. smtpd or httpd.
As far as enabling pf and loading the ruleset, only a subset of the
pfctl flags are of interest.
Therefore, there is
Sorry.
You may think you followed the instructions correctly, but you didn't.
Obviously though there are new X snapshots available, so this problem
is not in the tree.
http://openbsd.org/faq/current.html#20120831a
Read the second sentence again:
Everyone is encouraged to update via
I read the whole sentence, and followed the instructions:
Everyone is encouraged to update via snapshots (dated after 2012/08/31); if
you want to upgrade via sources, follow these instructions: ...
But, ok, I'll just update from a snapshot.
OK, fine, let me translate that for you:
Go
We've activated 5.2 pre-orders.
Yeah, we know the http://www.openbsd.org/52.html page sucks, and
doesn't list all the stuff we've done recently. Hopefully that
will change.
we have a developer who wants a pci-e sparc64 machine in switzerland.
probably a v215 or v245, i am not sure if he wants a sun4v machine,
but we can see about that.
It will improve modern (pcie) network drivers on every architecture,
kind of by accident or designed, depening on your point of
Hi,
it's about src/usr.sbin/unbound/ldns/drill/work.c
at line 184:
What is the 'fp' FILE used for ? Here - if I'm not
mistaken - we fopen() filename, and that's it. We
don't use the 'fp' variable, and we never fclose()
it.
If you type unbound into google, you will see that
this is upstream code
On Tue, Oct 09, 2012 at 22:55, ÐлÑÑ Ð¨Ð¸Ð¿Ð¸Ñин wrote:
Hello!
I'm investigating /etc/rc script. And I found the following there:
if [ -e /fastboot ]; then
echo Fast boot: skipping disk checks.
elif [ X$1 = Xautoboot ]; then
echo Automatic boot in progress: starting file
I just install the last snapshot i386, and plug my Trendnet Ethernet
Adapter (TU2-ETG).
When i run this:
(ifconfig axe0 media ; dmesg ; sysctl hw.sensors)
axe0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:b6:4e:5a:c9
priority: 0
media:
On Tue, Oct 16, 2012 at 13:22, Carson Chittom wrote:
This is pretty minor, but:
1. I just noticed that both grdc.c and grdc.6 (in src/games/grdc)
say Copyright 2002 Amos Shapir. Public domain. The US
Copyright Office says[1], essentially, that copyright and public
domain are
http://www.raspberrypi.org/archives/2221
Well, they are lying to everyone.
Their open source is nothing but a layer of code which calls into a
closed source back-end.
Anyone have any possible explication that would actually justify the use
of NAT64 that I obviously overlooked?
The one use I could think of us to make your internal network
independent of your ISP. Right now, if you change ISPs, your network
prefix changes and your whole network has
On Wed, Oct 24, 2012 at 02:43:14PM -0400, Simon Perreault wrote:
Le 2012-10-24 14:25, Kurt Mosiejczuk a écrit :
The one use I could think of us to make your internal network
independent of your ISP. Right now, if you change ISPs, your network
prefix changes and your whole network has to
On Wed, Oct 24, 2012 at 02:43:14PM -0400, Simon Perreault wrote:
What you need to multihome is either BGP or NAT. Exactly as in IPv4.
Nothing has changed. The only new thing with IPv6 is that there's
more bits.
Oh? I have two internet connections plugged directly into my desktop box
at
End hosts need to get smarter, instead of the network adapting to their
stupidity. But I'm not holding my breath.
No, what you are really saying is that non-transient network traffic
(long lived TCP sessions) need to have the applications talking them
-- and obviously the protocols also --
On Wed, Oct 24, 2012 at 01:21:33PM -0600, Theo de Raadt wrote:
What happens if one of your links goes down for a day?
Do all your ssh sessions to everywhere in the world stay up?
The internet has non-transient traffic, too.
No, I will have to re-start some of them
On Wed, Oct 24, 2012 at 01:28:38PM -0600, Theo de Raadt wrote:
Basically to make IPv6 pseudo-multihoming work like IPv4
multihoming, ssh and sshd need to be modified that they can handle a
network break, and re-connect using another address.
I fail to see what any of this has to do
Well I moved to position that booting with a passphrase and then
concatenate strong passphrase from an Yubikey configured with
static passphrase would be better solution than keydisk and
passphrase.
Although I don't have an Yubikey token now but as an Yubikey
token is simulatin usb
I noticed when populating my mirror with the 5.2 release, that the
packages for sh just end with the packages starting with 'g'. I just
double checked when writing this, and even ftp.openbsd.org has the same
incomplete set of packages for sh. Was there some glitch? Or is there
some
Because they can just hack it on top of their crusty old ftp server
software, whereas using sftp would need much bigger changes?
SSL/TLS makes everything more secure
PS. According to Wikipedia UNIX is a multitasking, _multiuser_
computer operating system, so it turns out that the loss of ability
to run multiple startx/xinit sessions is equivalent to the loss
of the essential UNIX feature- _multiuser_ support:(
You have this very wrong.
The problem is
I ran into /etc/login.conf limits of datasize = 512M way before
hitting any other limit, so is that bumped?
that is for one process.
On Sun, Jan 13, 2013, at 02:26 PM, Jay Jennings wrote:
Rudeness is why people find openbsd hard for newbies; and potentially new
funders of the projects and buyers of cds and merchandise.
Jay is the rude person here.
Someone helps him, and he insults them.
The world would be better off
My apologies to all; I didn't mean to be trolling or rude back to those
helpful on the list.
I just felt off putting comments like
let-me-find-that-man-page-for-you are not the right way to treat those
who support your projects.
How do you, specifically, support our projects? Must be pretty
I was wondering why nobody has ever created a shell for pf so that you
could manipulate it in a way similar to JunOS instead of editing
pf.conf. Also show / monitor commands. Hierarchical edit mode, stuff
like that.
Because pf does not follow the configuration model of a switch or
router, or
Someone referred me to NSH which is exactly what I was thinking of.
No, NSH is now what you are thinking of at all.
You are asking for something which nests the *entire heirarchy* of
command structure to control interfaces and stuff PLUS pf... but NSH
cannot do that in the 'natural way' you ask
I would like to offer a suggestion though from my experience,
simplifying the configuration of a device greatly increases its
security, operationally. So if users (network IT staff) are presented
with something vaguely familiar to what they would encounter in the
other equipment like cisco or
1101 - 1200 of 2950 matches
Mail list logo
