Re: rate limit echo request

2020-01-23 Thread Jesper Wallin
Hi,

Use the max-pkt-rate parameter instead.  It does exactly what you think
it does and is thoroughly covered in pf.conf(5) with examples and all.


Regards
Jesper Wallin


On Wed, Jan 22, 2020 at 10:42:01PM -0700, myml...@gmx.com wrote:
> Hi,
> 
> I'm just wondering if there is a way to rate limit icmp echo request.
> i.e. pings.
> 
> I tried the following rule but it errors out with "syntax error"
> 
> pass in quick on em1 inet proto icmp from 192.168.0.23  to 192.168.1.2
> icmp-type  echoreq (max-src-conn-rate 1/2, overload  flush)
> 
> I'm trying to avoid even standard pings and especially "ping -f".
> 
> Additionally, I was wondering if there would be a way to block icmp
> that's over a certain size.  "ping -s".
> 
> 
> Thanks in advance!!!
> 



Re: Random system freeze.

2019-05-28 Thread Jesper Wallin
On Tue, May 28, 2019 at 08:10:09PM +1000, Jonathan Gray wrote:
> On Tue, May 28, 2019 at 09:25:52AM -, Stuart Henderson wrote:
> > 
> > Does it seem to be in ddb? Try typing "call cpu_reset" blindly and see
> > if it reboots.

Hi, I'm having the same issue here, on a X1 Carbon (3rd gen)

No luck with "call cpu_reset", I might have done it wrong though, as
english keyboard isn't native to me and I assume that's what ddb use?

> > What does "sysctl kern.timecounter.hardware" say? If it's tsc, try one
> > of the other names shown in "sysctl kern.timecounter.choice", probably
> > acpihpet0 if available.

Had two freezes today, one using tsc and one using acpihpet0.


> All the reports I have seen have been from skylake or kabylake.
> Have never encountered it with ivy bridge or broadwell here.

I'm using a broadwell here (i7-5500U) with the intel drivers for Xorg.

Snapshots are from today and I've had these freezes for the last week or
so.  Doubt it's of importance, but I applied the latest BIOS update to
this machine yesterday and I've had these freezes since before that.



Did OpenBSD just go green?

2018-04-04 Thread Jesper Wallin
Hi all,

For once, I thought I'd go for a fresh install and copy as few configs
as possible from my old backups.  Once my machine was up and running,
I was a bit confused as I didn't remember OpenBSD being this slow and
watching top I noticed programs like firefox was using about 20% CPU
even if I only had a blank page opened.

Took me a while to figure out what was wrong.  Apparantly, apmd isn't
started by default and for some reason, hw.setperf seems to default to
zero.  The output of apm read:

Performance adjustment mode: manual (800 MHz)

Meaning the machine won't ever adjust the performance and it's stuck at
a whooping 800Mhz. ;-)

I also had a chat with abieber@ and it seems he had the same "issue".
So, as the subject says, did OpenBSD go green with 6.3, or has it always
been like this and I've always started apmd right after the installation
was complete?


Regards,
Jesper Wallin



Re: want.html wifi stsp@

2017-11-21 Thread Jesper Wallin
Hi Marcus,

I ordered a "TP-Link TL-WN821N" yesterday with the hopes of it
containing the AR7010 chip.  It will most likely arrive tomorrow or the
day after, if it contains what we want, it will be forwarded to stsp@.


Regards,
Jesper Wallin


On Tue, Nov 21, 2017 at 12:40:32PM +0100, Marcus MERIGHI wrote:
> I want to bring the following to the broader misc@ audience:
> 
> The entry in want.html reads:
> 
> USB wifi devices based on AR7010 chips (see link for specific product
> names), with and without support for 5GHz channels, are needed in
> Berlin, Germany, in order to improve and maintain athn(4) driver support
> for open source firmware which can run on such devices. Contact
> s...@openbsd.org.
> 
> The commit message is:
> 
> 
> Add a request for AR7010 devices which I will need to continue working
> on USB athn(4) open source firmware support.
> 
> These devices come in several variants, most of which are hard to track down,
> and some of which are relatively expensive.
> See https://wikidevi.com/wiki/Atheros_AR7010 for product names.
> 
> I have already received an offer for financial reimbursement, but my
> biggest problem is that hunting these devices down takes time and effort.
> 
> Perhaps somebody has such a device somewhere gathering dust?
> 
> I will need at least a 5GHz (11a/b/g/n) variant and a 2GHz (11b/g/n) variant.
> And having a device with accessible UART would be nice.
> 
> Some people have very vocally complained about closed wifi firmware on
> our mailing lists. Now this is your chance to do something productive
> about that issue and give back to the community.
> 
> 
> I found:
> 
> Panasonic TYWL20U Wireless LAN Adaptor  EUR 137,--
> https://www.amazon.de/Panasonic-TYWL20U-Wireless-LAN-Adaptor/dp/B007HH95F0
> 
> But cannot afford to just hit "buy" atm. 
> 
> 
> Also interesting, previous commit message for want.html:
> 
> Remove my request for Atheros AR5008E-3NX devices.
> 
> One such device was donated some time ago, thanks to Gerrit Meyerheim.
> Additional thanks to everyone else who subsequently offered to obtain
> such a device for me.
> 
> The card I got cannot yet work with our athn(4) driver because it does not
> have an EEPROM (which, among other things, provides the PCI device ID).
> 
> I now need help with finding a generic EEPROM and/or a way to generate
> EEPOM images which contain suitable data. Since this is a narrowly scoped
> task which does not require kernel driver development skills, I want to
> delegate it. If you are interested in working on this task, and especially
> if you have contacts in the OpenWRT community (who have solved this issue
> in their OS), let me know.
> 
> 
> Marcus



Re: Moving a Web site from IIS to httpd

2017-08-31 Thread Jesper Wallin
On Thu, Aug 31, 2017 at 07:20:16PM +, Peter Fraser wrote:
> 
> It would be nice if httpd could be used to convert or ignore case in URL's.

Hi Peter,

First of all, from an SEO standpoint, you shouldn't ignore the case in
URL's, as you end up with duplicate content. Pick a certain naming style
and use it everywhere on your site.

Your best luck is to check your logs for incorrect links. Then simply
add a "location" block for every link and redirect it to the correct one
using a "block return 301". Be sure to use the 301 (Permanently moved)
to tell clients not to use the old URL anymore. 

server "domain.tld" {
listen on * port 80

location "/FOOBAR.HTML" {
block return 301 "http://domain.tld/foobar.html;
}
}

You can probably make this a bit more universal using patterns(7) for
the locations block. Also, the example above is more or less copied from
httpd.conf(5).


Another alternative, like you said, is to create a copy of the page. To
prevent duplicate content and let clients know where your "real" page
is, use a link canonical tag. E.g,

http://domain.tld/foobar.html;>

However, this won't solve the issue with others linking to the wrong
pages and it will probably be a real pain to maintain your site.


Jesper Wallin



Re: gmail and hotmail blocking mail sent from my IP

2017-08-07 Thread Jesper Wallin
On Sun, Aug 06, 2017 at 04:42:09PM -0500, Eric Johnson wrote:
> It can be very aggravating when an ISP still blocks port 25.  With the
> great expansion of smart phones and people getting e-mail on them, it gets
> in the way far more than it helps.  You can't expect every smart phone
> user to change the SMTP settings for every hot spot where they want to use
> it.

Correct, and that's what submission (587) is used for, which normally is
open as it most likely require authentication.



Re: gmail and hotmail blocking mail sent from my IP

2017-08-06 Thread Jesper Wallin
On Sun, Aug 06, 2017 at 05:29:04PM +0200, Walter Alejandro Iglesias wrote:
> Hi Gareth,
> 
> On Sun, Aug 06, 2017 at 04:12:45PM +0100, Gareth Nelson wrote:
> > I'm assuming that you have your SPF records setup correctly.
> > 
> 
> I did that at first, and all the tricks (dkim, etc) they ask to make you
> appear as a legal sender, but after confirming my mail still went to
> SPAM in both (gmail, hotmail) I remove all that trickery.

Why remove it? Having things like SPF and DKIM should be essential when
running your own mailserver. As for gmail and outlook/hotmail, they tend
to use IP reputation when it comes to classifying incoming mail.

Like Martijn pointed out, you're sending mail from a IP which is not
intended for mail-servers. Most ISPs block outgoing traffic on port 25
to prevent their customers sending spam when they get infected with
viruses and such. Even if your ISP allow you to send mail, most
providers will most likely classify it as spam/junk.

Your ISP most likely provide you with an outgoing mailserver. I would
suggest that you configure spamd to use that one to relay all outgoing
mail.