Re: Important OpenBSD errata

Karl O. Pinc wrote: On 03/14/2007 09:13:19 AM, Martin Schrvder wrote: 2007/3/13, Theo de Raadt [EMAIL PROTECTED]: This means everyone should have our latest patches installed. Just a reminder: security-announce exists for messages like this. Use it or delete it. While the bug

Re: Important OpenBSD errata

http://www.openbsd.org/mail.html --- *security-announce* Security announcements. This low volume list receives OpenBSD security advisories and pointers to security patches as they become available.---Martin and Karl have valid points in their initial emails. /Tony S -- Tony Sarendal - [EMAIL

Re: pf rule question

on $inf_if proto udp from { $int_if:network 0.0.0.0 } \ port 68 to 255.255.255.255 port 67 I belive that dhcpd uses bpf to read the packets, it will see them no matter how you configure your rules. /Tony

Re: Nearly 1/4 of New Filesystem Gone

Greg Thomas wrote: On 2/1/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Quoting Otto Moerbeek [EMAIL PROTECTED]: On Wed, 31 Jan 2007, Tony Abernethy wrote: [EMAIL PROTECTED] wrote: 16 partitions: # sizeoffset fstype [fsize bsize cpg

Re: Nearly 1/4 of New Filesystem Gone

[EMAIL PROTECTED] wrote: 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 390721968 0 4.2BSD 2048 16384 328 # Cyl 0 -387620 c: 390721968 0 unused 0 0 # Cyl 0 -387620 Most likely, the disklabel or boot

Re: ccd, disklabel and partition 'a'

Patrick Useldinger wrote: Does the name really matter? Yes. Whether your partition is called 'a' or 'd', doesn't the disklabel get stored into the beginning of the first partition anyway? No. Actually, you have 16 partitions stored in the disklabel. This is OpenBSD not DOS.

Re: ccd, disklabel and partition 'a'

Patrick Useldinger wrote: Otto Moerbeek wrote: I read through the mailing list archives and found a thread explaining that the disklabel is stored around the beginning of partition 'a' and that one should allocate a small partition 'a' which should not be made part of the JBOD.

Re: install image to computer

Joachim Schipper wrote On Fri, Jan 26, 2007 at 05:42:14PM -0800, smith wrote: On Fri, 26 Jan 2007 16:07:01 -0600, Damian Wiest wrote On Fri, Jan 26, 2007 at 03:53:48PM -0500, Steve Shockley wrote: smith wrote: Why?: I've received a few new computers that I have to configure.

Re: advice on router and routing books

website contains lots of quality documentation about routing and routing protocols. The book Internet Routing Architectures by Sam Halabi is also good. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: OT Re: 'database filesystems'

chefren wrote snip To get it started we should add some hooks of course, and when it's working FFS should be dumped. Of course the database file system can still save blobs, being Oracle database or whatever. How do you use this elegant filesystem to bootstrap the OS which handles this

Merry Christmas from AnthonysTshirts.com

Greetings! ~ Merry Christmas! Wishing you... and your family the Christmas season's joys and wonders. Enjoy the holiday. Sincerely, AnthonysTshirts.com ~ AnthonysTshirts.com 2269 S. University Drive -

Re: Disable IPv6 on OpenBSD 4.0 - forking discussion to icmp echo request blockage

Marco S Hyman wrote: snip To me (and I'll be the first to admit that this is nothing but opinion and I won't pretend that my opinion is any better than yours) I see more harm than good in blocking icmp. I like it when other people tell me I've screwed something up because I can find it and

Re: Quagga and OpenBGP

/Quagga. Side comments? Why is emacs in the ports tree when we have vi ? -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

altq question

some vague memory of it being the length of the data in the mbufs, but I don't have any real understanding of what actually is being moved around the kernel. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: Weird behaviour of KDM

Laurence Tratt On Wed, Nov 22, 2006 at 08:19:33AM +0100, Dr. Harry Knitter wrote: sometimes I get the right resolution (1280x1024) sometimes only standard vga (600x480). How can I tweak my system to get a reliable KDM with a resolution of 1280x1024? I'm not sure exactly when, but at

Re: multiple openbsd installs on the same disk

Girish Venkatachalam wrote: Now let us come to disklablels. There is one disklabel per disk, not one disklabel per DOS partition. The DOS partitions come into play only while the BIOS is booting After that, the DOS partitions can contain any nonsense you like. I suspect you'll do better with

Re: Problems with traffic shaping

to be full even if it in reality is getting cained. Since I'm stuck with PPP over DSL I have to modify the token bucket regulator for the shaping to work well. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: Problems with traffic shaping

On 08/10/06, tony sarendal [EMAIL PROTECTED] wrote: On 07/10/06, S t i n g r a y [EMAIL PROTECTED] wrote: it is asymmetric What bandwidth have you configured the shaper for ? Doh ! altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp } What kind of link

Re: Problems with traffic shaping

-AAL5-LLCSNAP per queue so I could support other type of links also, but I can never find the time to actually do it. Time to try to get the kids to sleep. /Tony On 08/10/06, S t i n g r a y [EMAIL PROTECTED] wrote: Well its PPPoE over DSL here .. also i ran the command pfctl -vvsq got

Re: Packets/Bandwidth Monitoring

I wrote a stats script for PF that can show bandwidth per label. http://www.prefixmaster.com/eyeonpf.php If you can identify your user with rules that match a label it would work. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help

Re: trying to build mod_python on OpenBSD

PROTECTED] On 22/09/06, edgar mortiz [EMAIL PROTECTED] wrote: tony what version of openbsd r u using? can you send me a pkg_info list so i can see what packages you have installed on your box as well as the exact versions for python, mod_python and apache your using. -eD On 9/21/06, tony sarendal

Re: The future of NetBSD

Theo de Raadt wrote: [snip] We know one reason why we never got documentation. Bit by bit more information has come out to show that the hardware design is an embarrasment and there are countless bugs and shortcomings. Surprising? Not really. Affects ONLY OpenBSD? Not a chance. That's why

Re: The future of NetBSD

Andy Ruhl wrote: On 8/30/06, Charles M. Hannum [EMAIL PROTECTED] wrote: The NetBSD Project has stagnated to the point of irrelevance. It has Let me start by saying I'm probably not qualified to reply to this thread, but I was never worried about making a fool out of myself before so

Re: pf queue monitoring

On 23/08/06, Julien TOUCHE [EMAIL PROTECTED] wrote: tony sarendal wrote on 22/08/2006 08:32: I wrote a script to generate graphs for the queues using python and rrdtool a while back when I needed it, although it only works with CBQ. http://www.prefixmaster.com/eyeonpf.php awesome tool

Re: pf queue monitoring

On 23/08/06, tony sarendal [EMAIL PROTECTED] wrote: On 23/08/06, Julien TOUCHE [EMAIL PROTECTED] wrote: tony sarendal wrote on 22/08/2006 08:32: I wrote a script to generate graphs for the queues using python and rrdtool a while back when I needed it, although it only works

Re: pf queue monitoring

On 23/08/06, Julien TOUCHE [EMAIL PROTECTED] wrote: tony sarendal wrote on 22/08/2006 08:32: I wrote a script to generate graphs for the queues using python and rrdtool a while back when I needed it, although it only works with CBQ. http://www.prefixmaster.com/eyeonpf.php awesome tool

Re: pf queue monitoring

with CBQ. http://www.prefixmaster.com/eyeonpf.php /Tony S -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: When todo ALTQ

-- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: PF queueing

the return packets should end up in, and outbound keep state rule on the other side can specify which queue the packets should use there. Now it's all down to rule-set design, that is where the complexity, and in the end the strenght. of PF is. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: Logging failed console login attempts

Will H. Backman wrote: Dimitry Andric wrote: Will H. Backman wrote: The console on OpenBSD 3.9 release doesn't seem to log unknown username or failed login attempts anywhere. See this commit: http://www.openbsd.org/cgi-bin/cvsweb/src/etc/syslog.conf#rev1.14 Make the default

Re: Encrypting e-mails

with you. maybe the second part is just advertising hype... it also has s/mime and gpg capabilities, is text based and does your laundry. I have used mutt for a while now and it does not do my laundry. /Tony - bored to tears at the moment -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: USB keyboards / encryption

Peter Philipp wrote: [snip] But little change by little change will isolate insecurities until a system is secure, right? (didn't somene coin the phrase security is a process?) Little change by little change will isolate little insecurities. Little change by little change will

Re: BGP questions

in (1)? With more memory it could in theory do what you want, but in reality BGP is not the tool to use to when you run out bandwidth on your 0.5M dsl line. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: Kernel pppoe (and the german ISP Hansenet)

good it performs). :) I run the kernel pppoe on a 7616/448 kbps dsl link. It works just fine and performance is good in both directions. Well, as good as one can expect from PPPoE over ATM... /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I

Re: Question related to automaticly encrypted /tmp /vat/tmp (like swap..?)

this in /etc/fstab helps. /dev/wd0b /tmpmfs rw,-m0,-s204800 0 0 and swap is encrypted by default [EMAIL PROTECTED] sysctl vm.swapencrypt.enable vm.swapencrypt.enable=1 [EMAIL PROTECTED] /Tony

Re: News From HiFn

Peter Philipp wrote: [snip] I heard he bitches because he's right most of the time and people realise this. Actually 90+ percentile. (Particularly when he ought to be only 50+ percentile)

Re: News From HiFn

Peter Philipp wrote: On Sat, Jul 01, 2006 at 02:10:05PM -0500, Tony Abernethy wrote: Peter Philipp wrote: [snip] I heard he bitches because he's right most of the time and people realise this. Actually 90+ percentile. (Particularly when he ought to be only 50+ percentile

Re: lightweight openbsd

apache out of the system if you really think it's useful to you (or your diploma exercise). Cheers, Rogier -- If you don't know where you're going, any road will get you there. Read /etc/rc and understand everything in it. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

FW: technical help

Hello, I have a question about firewall rules on openbsd. Should I ask here for help? Tony

Re: Doubts about OpenBSD security.

Nick Holland wrote: Bob Beck wrote: ... IMNSHO, a root password for single user makes the system *LESS* secure, and I'm dead serious. I would object to any attempt to commit changes to OpenBSD to have one by default. Why? Real simple: *because you asked this question*. - Now I'm

Re: cruxports for OpenBSD

Siju George wrote: On 6/17/06, Marc Balmer [EMAIL PROTECTED] wrote: * Han Boetes wrote: I've been working for quite some time now on an alternative package-manager for OpenBSD, and since things start working rather fine now I think it's time to let you guys know. this is about

Re: cruxports for OpenBSD

Tobias Weisserth wrote: Hi, On Saturday, 17. June 2006 18:36, Deanna Phillips wrote: ... As I see it, this is an example of working _against_ a project instead of with and for it. A personal NIH syndrome, if you will. It's not just some Linux thing he put together that also works

Re: Hifn policy on documentation

Breen Ouellette wrote: Darrin Chandler wrote: Look, it's pretty obvious from early exchanges in this thread that these issues have been discussed by the principal parties over a fairly long period of time. How many brilliant insights have been added by this thread? More important, has

Re: mount_msdos error

Fred Crowson wrote: Hi Misc, I keep getting the following error, when trying to mount a 2GB Sony Memory Stick Pro Duo (MSX-M2GN) in my Sony T7 digital camera: nike:fred /home/fred sudo mount /mnt/t7 mount_msdos: /dev/sd1i on /mnt/t7: Inappropriate file type or format Can anyone help me

Re: Spam Trapping

hitting the spam traps ? My email address [EMAIL PROTECTED] has been used as From address by spammers, does that mean that I can't send you guys emails ? Or do you do something else like teach spamassassin and record source IP addresses ? /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: Spam Trapping

unused email addresses to spam traps, what do they actually do with the received emails to reduce spam to legitimate addresses ? /T -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: Spam Trapping

in the thread I was expecting something else than greytrapping. Terms like spam reporting engine and older spam proxies indicated that they were talking about something else. I was interested in what that was. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied

Re: Hifn policy on documentation

Travers Buda wrote: On Mon, 12 Jun 2006 21:10:13 -0700 Hank Cohen [EMAIL PROTECTED] wrote: Folks, There has been some discussion of late on this list about Hifn's policy with respect to releasing documentation to the general public. That discussion lead to a great deal of uninformed

Re: like the faq 14.16.1, partition is not in my disklabel ... need help anyway

Joachim Schipper wrote: On Thu, Jun 08, 2006 at 08:31:59PM +, Didier Wiroth wrote: Hello, My ntfs amd comaq diag. partition is not in the disklabel. Unfortunately I don't know how to add correctly in the disklabel. I've read the faq 14.16.1 but it only shows a modification. Here

Re: OT: quiet fans and heatsinks

ultra10's seemed really quiet, and as a bonus my manager stopped asking questions across the office. /Tony

Re: eWeek comment on OpenBSD

Eliah Kagan wrote: On 6/6/06, Roger Neth Jr [EMAIL PROTECTED] wrote: Even OpenBSDin my humble opinion, the safest operating system on the planetis crackable, if you allow anyone to come and pound away at its network interface. http://www.eweek.com/article2/0,1895,1972281,00.asp

Re: DS21140(Tulip) Quad port nic and PF

10/100 PHY, rev. 1 /Tony

Re: Multiprocessors load measurements

Federico Giannici wrote: I have just switched to a multiprocessing kernel (3.9-stable i386) with a dual core Athlon 64. I noticed that top command now have two CPUx rows, one for each CPU. But iostat has only one cpu column. Question 1: are the iostat's cpu values a mean of the values of

Re: Windows to copy open bsd

akonsu wrote: in my understanding a proper implementation does not require any service packs. in other words: if one implements something that later requires a service pack, this is not a proper implementation. Exactly. (And I don't seem to hear a lot about keeping OpenBSD patched

Re: they say openbsd is not as scalable as others

Adam wrote: The question was about scalability. I keep seeing that term. Is it supposed to mean something? Methinks there is a problem with scalability if you cannot even add two numbers together. (Well maybe with Lisp and infinite tapes) Dijkstra had an analogy with comparing, as a means of

Re: they say openbsd is not as scalable as others

Adam wrote: On Sun, 28 May 2006 13:58:39 -0500 Tony Abernethy [EMAIL PROTECTED] wrote: Adam wrote: The question was about scalability. I keep seeing that term. Is it supposed to mean something? Yes, and retarded posts like this aren't needed thanks. Then what precisely

Re: they say openbsd is not as scalable as others

Henning Brauer wrote: OpenBSD scales very well an most tasks you'll find. There are some exceptions tho. That unfortunately includes threads. Out of curiosity, what happens when you run apache on SMP hardware where the libraries are not thread safe? (or whatever it's called)

Re: they say openbsd is not as scalable as others

Adam uttered following nonsense. Linux programs have nothing to do with anything, That is a good characterization of SMP and scaling? and your desire to make a big stupid thread of bullshit is quite annoying. You are annoyed. My desire is a small thread.

Re: OpenBSD Newbie

misiu wrote: Hello all, I'm new to OpenBSD, I installed it a few times but than did not know what to do realy. Right now I'm little more experienced with Linux and I thought give it a nother try. Now I'm runnin an Openbsd 3.9 Box. Default setup. I try to run a Webmailbox and later

Re: Apache: Odd Errors with HTTPS and NameVirtualHosts

Marcin Wilk wrote: Hi I'm using OpenBSD 3.7 with default Apache with SSL over two VirtualHosts witht he same IP. Here is how it works in there: NameVirtualHost *:80 NameVirtualHost *:443 Regardless of what you can put in any configuration, Port 80, http 1.1+ (I think) allows you to

Re: ifficiency

Nick Guenther wrote: On 5/23/06, prad [EMAIL PROTECTED] wrote: On Monday 22 May 2006 17:54, you wrot You can consider short-circuiting of Boolean evaluation greedy, but it a feature which may also save clock cycles if the right-most sub-expressions are costly to evaluate.

Re: Splitting xbaseXY.tgz - stupid idea?

Jacob Meuser wrote: On Mon, May 22, 2006 at 12:27:18PM +0300, Liviu Daia wrote: On 20 May 2006, Jacob Meuser [EMAIL PROTECTED] wrote: On Sat, May 20, 2006 at 10:09:15AM +0300, Liviu Daia wrote: I have a simpler question: is there any plan to make installing xbase a

Re: Lynx starting vi with strange -c arg

Rod.. Whitworth wrote: I have used lynx for years as a file browser as well as web browser (when I can) and it is routine for me to fix /etc/lynx.conf to show me dotfiles. Recently I need to inspect lots of text files and sometimes edit a few so I set vi to be the system editor for lynx.

Re: OT: DDoS questions

to protect the other customers in the network. A few of the attacks were more clever than just aiming at a customers site and also took out ISP infrastructure like dns where the domains were handled. Aaahhh... the good old days... /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: Sendmail configurations

SkyBlueshoes wrote: I've just installed OpenBSD 3.8...my first ever *nix. I've got most up and running, but I'm having problems recieving email. I followed the guidelines on this page http://www.nomoa.com/bsd/mailServer.htm to the letter. All the localhost tests work, but when I try to

Re: huge CSV file: /var too small

Jacob Yocom-Piatt wrote: i have a single CSV file that is 2.5GB (!) unzipped which i need to either partition into chunks or read from directly. trying to open it with vi doesn't work since 2.5GB 500MB, the size of the /var partition on this machine. opening with vi gives a /var: write

Re: Manually naming Multiple NICs

Darrin Chandler wrote: On Tue, May 09, 2006 at 08:14:06PM -0400, Adam wrote: On Tue, 09 May 2006 19:52:10 -0400 Dave Crawford [EMAIL PROTECTED] wrote: or another viable solution. There's no solution because there's no problem. OpenBSD doesn't randomly reorder interfaces for

Re: Evaluating load average

Theo de Raadt wrote: I'm looking for some hints on evaluating load average. You can't. It's a statement about job queue lengths, not about how busy a machine is. And since different operating systems (and even different versions) have made various tweaks to it over the years, it is

Re: kde: kio accessing files in /etc

dave feustel wrote: On Sunday 07 May 2006 16:16, D. E. Evans wrote: The question is, if I am not doing anything with those files, then why is kio accessing them? Why are you repeating your question when you've already been answered? OK I didn't get it the first time. What was

Re: Empty root password

Peter Fraser wrote: I was very surprised, that when I was installing a 3.9 system, that you can use an empty root password I accidentally entered a 'return' when it asked for the root password, so I entered a 'return again when I was asked to repeat the password, thinking that a empty

Re: Partition not showing up in disklabel

Joseph C. Bender wrote: Nick Guenther wrote: On 5/6/06, Henrik Borgh [EMAIL PROTECTED] wrote: $ sudo fdisk wd0 Password: Disk: wd0 geometry: 4864/255/63 [78140160 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -

Re: www.openbsd.org defaults to Japanese

Jacques wrote: Florin Iamandi wrote: Jacques dixit (2006-05-05, 12:58:02): May we know, what kind of 'incident'? Sounds like a security issue. At this point nobody with a clue will take this or any of its descendents seriously. Think. Imagine I've just managed to crack the OpenBSD

Re: Partition not showing up in disklabel

Nick Guenther wrote: On 5/6/06, Tony Abernethy [EMAIL PROTECTED] wrote: Me, I'd take a closer look at that j OpenBSD partition. It does NOT look like it corresponds to anything in the DOS partitions. Whether or not you redo the disklabel from scratch, the critical operation is writing

Re: Magic numbers, signed binaries (Re: Compilers make a system less secure?)

Otto Moerbeek wrote: Key mananagement is the most important part. The part that continuously will require time and attention from a lot of people, and the part that will cause the headaches. The part where the errors will be made. System managers experiencing problems and needing to get

Re: OpenBSD alternative for Bruce Schneier's password safe

The most popular way of managing passwords: http://iatservices.missouri.edu/images/techknowledge/archive/secconn-0403.jpg Guaranteed to not require any BLOB.

Re: IPsec / vpn configuration issues

doesn't show any relevant traffic being blocked. NAT is being used on both of these gateways, and all boxes inside each respective gateway are able to reach the internet without problems. Thanks in advance Nathan Johnson Did you enable ip forwarding, Nate ? /Tony -- Tony Sarendal - [EMAIL

Re: disk bad block

Paulo Manoel Mafra wrote: Hi misc, I would like to create a large partition on a disk, but this disk has a known bad block. How could I create the partition without the bad block ? One solution is to create two partitions without the bad block and use ccd. Is there another solution ?

Re: Compilers make a system less secure?

Anton Karpov wrote If he can break in as a lowly user uname -a will tell him what it is anyway. And don't tell me we should disable that command or cause it to lie because then I'll shoot you down another way. Re-read my message, please. I didn't tell he cannot stat os version and

Re: 3.9, su command: bug or feature?

Cristiano Deana wrote: Hi, i'm new on OpenBSD. I just installed 3.9 (one week ago sources) and i got this: $ uname -rs OpenBSD 3.9 $ su Password: you are not in group wheel Sorry $ whoami cris $ id cris uid=1000(cris) gid=0(wheel) groups=0(wheel) $ grep cris /etc/passwd

Re: pf firewall question

S t i n g r a y wrote: Now what i want to know , maybe is O T in this list but what is the diffrence , i mean pf in openBSD is refered to as a firewall for home or small offices ? why is that , i mean what is the criteria of an enterprise firewall what is the diffrence between pf MS ISA /

Re: style(9) and return statements

Nick Guenther wrote: On 4/30/06, Matthias Kilian [EMAIL PROTECTED] wrote: Hi! I wonder what the preferred style of return statments is -- for returning simple values, both styles return foo; and return (foo); are used in the sources everythen and now. For

Re: Why advocate Old daemon book?

js wrote: 2006/4/28, Theo de Raadt [EMAIL PROTECTED]: I wonder why http://www.openbsd.org/books.html still recommend old daemon book, The Design and Implementation of the 4.4 BSD Operating System? As most of you know, there's newer version, The Design and Implementation of the

Re: Why advocate Old daemon book?

prad wrote: [snip] (curiously, i've found on my system at least that some things seem to work faster on openbsd than freebsd.) Shouldn't be a surprise, really. Efficiency is really more a case of never being too inefficient rather that occasionally being very efficient. (ie hard.) Anything

Re: bgp(d) question

internet routing. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: OpenBGPd route reflector client ?

as an RFC 2796 route-reflector for this neighbor. An option- al cluster ID can be specified; otherwise the BGP ID will be used. which means that the peer is a route-reflector client. Since the peer doesn't know it's a route-reflector client there isn't any config for it. /Tony

Re: 3.7: weird IP address problem

Toni Mueller wrote: Hello, On Mon, 24.04.2006 at 15:30:55 -0400, Matthew Closson [EMAIL PROTECTED] wrote: [ wrong IP address ] What could that be, and why can't I see this address anywhere? I'd rather not reboot only to make a change in IP numbers effective... Can you send us

Re: advantages/disadvantages of kernel pppoe(4) vs userland pppoe(8)?

with the remote end MRU received during LCP neg. But since it works so well I haven't bothered with looking closer at it. No idea about performance though, my almighty 2272/288 kbps line isn't really enough to make my firewall break a sweat. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix

Re: Best WAN Adaper?

On 21/04/06, Toni Mueller [EMAIL PROTECTED] wrote: Hello, On Wed, 19.04.2006 at 12:57:16 +0100, tony sarendal [EMAIL PROTECTED] wrote: On 19/04/06, Toni Mueller [EMAIL PROTECTED] wrote: Anyway, if someone of you comes across good E3 cards, please drop me a note. Otherwise, try

Re: pf blocking nets in a way like *.google.com ?

is to have pf make a DNS lookup on each and every packet that arrives. Good stuff, disarm the subject with humour. /Tony

Re: Multi Firewalls Admin

with thousands of routers to manage, in the end nothing was better than writing my own tools. I may be drunk now, but I do miss it. /Tony

Re: OpenBGPd Questions

drink, cheers. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: Best WAN Adaper?

haven't had a closer look at the different vendors of those as we used Lucent and Nortel Ethernet over SDH equipment (of varying quality) at the telco I used to work at, but there are man companies out there selling this stuff. If you can find something which can run as a repeater go for that. /Tony

Re: Set up root partition as read only.

Joco Salvatti wrote: Hi all, To increase the security level of my OpenBSD system I have defined at /etc/fstab that the root partition should be read only. /etc/fstab follows: Me, I just lurk here but: 1) if having / ro would actually improve security, they would have done so long

Re: OpenBGP nexthop

On 12/04/06, Sylvain Coutant [EMAIL PROTECTED] wrote: - Shouldn't OpenBGP drop the session if the nexthop is not valid ? Next hop and peer address does not have to be the same thing. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help

Re: OpenBGP nexthop

default to yes for eBGP session and no for iBGP sessions. Would that fit most of usual cases ? That sounds like fixing a bug with an option. In your case the problem is that a connected next-hop is considered invalid, right ? -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion

Re: OpenBGP nexthop

On 12/04/06, tony sarendal [EMAIL PROTECTED] wrote: On 12/04/06, Sylvain Coutant [EMAIL PROTECTED] wrote: What was the state of the parent interface and what kind of interface is it? Bge driver. It was up and running : BGP sessions were established through the vlans reported

Re: OpenBGP nexthop

you mentioned in another thread ? The cluster-list seems a bit screwed up when I trace the prefix from the router with the lowest metric. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: OpenBGP nexthop

On 12/04/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Wed, Apr 12, 2006 at 01:58:24PM +0100, tony sarendal wrote: On 12/04/06, Claudio Jeker [EMAIL PROTECTED] wrote: On Wed, Apr 12, 2006 at 01:36:46PM +0200, Sylvain Coutant wrote: What was the state of the parent interface and what

Re: Will BGP be obsolete soon?

) -Bob Me and my old Betamax vcr are just waiting for OpenIDRP to be included in obsd. Stop whining and start implementig Claudio. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

Re: bgpd, nexthop and dynamically created interfaces

can be when the family is out of the country =) -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-

<    1   2   3   4   5   6   7   >