ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

, Soner Tari wrote: On Wed, 2009-12-09 at 10:29 +0200, Soner Tari wrote: On Tue, 2009-12-08 at 23:46 -0700, Theo de Raadt wrote: Don't you dare post that that to our lists again. I don't understand, what's the problem? If you think that I am making money out of ComixWall, you

ComixWall 4.6 released, December 8, 2009

I am pleased to announce the release of ComixWall 4.6. This is the 7th public release of ComixWall ISG. Please go to http://comixwall.org to download the installation CD image, via bittorrent. ComixWall is still the only fully FOSS and freely available UTM firewall running on OpenBSD. You can use

Re: Open Source hardware (Re: can't get vesa @ 1280x800 or nv)

On Sat, 2009-12-05 at 17:08 -0500, Ted Unangst wrote: On Sat, Dec 5, 2009 at 4:09 PM, Soner Tari so...@comixwall.org wrote: On Sat, 2009-12-05 at 21:30 +0100, Matthieu Herrb wrote: Making hardware is a lot more difficult than writing software. So it takes more resources and more skills

Re: Open Source hardware (Re: can't get vesa @ 1280x800 or nv)

On Sun, 2009-12-06 at 10:16 -0500, William Boshuck wrote: Since your reply implicitly replaced making with designing, that shouldn't prove to much of a stretch. My reply explicitly emphasizes the difficulty in designing software, which is part of writing it. Otherwise, I mention I am against

Re: Open Source hardware (Re: can't get vesa @ 1280x800 or nv)

On Sat, 2009-12-05 at 21:30 +0100, Matthieu Herrb wrote: Making hardware is a lot more difficult than writing software. So it takes more resources and more skills. Sorry Matthieu, but I have to say that this is utter bullshit, and I believe such underestimation is the underlying reason that

Translators needed for upcoming ComixWall 4.6

I am planning to release ComixWall 4.6 in December. (Please see further below for a summary of upcoming release announcement.) I am happy to announce that I have frozen the web user interface strings as one of the final few stages of the release process. The ComixWall ISG project needs your help.

Re: apache1.3 without jail and PHP cannot execute some system binaries..why?

On Fri, 2009-08-14 at 09:59 -0500, Andres Salazar wrote: Apache is running without jail (-d) due to special needs. You mean -u, right?

Re: New Project - MICO

On Tue, 2009-07-21 at 20:20 +, Astrid SC!nchez wrote: [1]. http://www.openbsdcolombia.org/mico In spanish Reads PFSENSE ... COMIXWALL ... son ... systemas operativos modificados. With beginner level Spanish of mine, I understand there is a confusion here. ComixWall approach is completely

LocalKeyword in CVSROOT/config

I am trying to achieve a custom $Id$ keyword in my source files with a cvs repository on OpenBSD, just like $OpenBSD$ keyword expansion. - I've tried the instructions at http://cvsman.com/cvs-1.12.12/cvs_104.php - I've tried the FreeBSD way as in

Re: LocalKeyword in CVSROOT/config

On Thu, 2009-07-23 at 12:49 -0400, Dan Harnett wrote: On Thu, Jul 23, 2009 at 06:44:31PM +0300, Soner Tari wrote: I am trying to achieve a custom $Id$ keyword in my source files with a cvs repository on OpenBSD, just like $OpenBSD$ keyword expansion. Did you create your repository

Re: brute force voip QoS

On Wed, 2008-01-23 at 15:53 -0800, David Newman wrote: How you detect a VoIP flow may also be an issue. If your VoIP traffic uses SIP, you can classify the signaling traffic on 5060/udp -- but then the voice or video traffic will use RTP/RTCP and some ephemeral port chosen during call

ComixWall 4.2 released

, if you haven't done so yet (rhymed nicely too :)) Soner Tari, The ComixWall project.

disklabel (?) issues during upgrade to 4.2

The problem I am facing happens during installation of OpenBSD 4.2 -release, -stable, or -current as of January 1st (both amd64 and i386). I can very easily reproduce this issue every time. I've been testing for the last 48 hours, and can confirm that it never happens on 4.0 or 4.1. Happens with

Re: FAM issue; how to fix

On Sat, 2007-11-17 at 07:56 -0800, badeguruji wrote: Nov 16 22:43:23 myopenbsdpc famd[1183]: kqueue can't monitor more than 886 files Setting 'kern.maxfiles=1' in sysctl.conf has solved that issue in my case. (But I still have problems with files on mounted ext3 partitions.)

Re: how to create cdrom42.fs?

On Wed, 2007-11-07 at 13:45 -0500, Steve Shockley wrote: The drivers are in bsd.rd, not in the floppy image specifically. The other images just have smaller bsd.rd files so they fit on a floppy. Try using cdbr as the boot record in no emulation, and put cdboot in the root directory of the

Re: apm -S freezes the laptop

My situation is a bit different. Because it seems like apm -S just blanks the screen, and pressing the power button shuts down the system immediately (of course, I get fsck on bootup, etc). If I enter apm -z, the system looks like really suspending, i.e. screen blanks, the system spends some time

Re: how to create cdrom42.fs?

On Tue, 2007-11-06 at 19:42 -0500, Steve Shockley wrote: Take a look at http://www.openbsd.org/cgi-bin/cvsweb/src/distrib/amd64/ramdisk_cd/Makefile?rev=1.3content-type=text/x-cvsweb-markup It looks like if you comment out the NOFS line it'll generate the cdromXX.fs file. I did not test

Gnome 2.18 bytecode renderer enabled, but still ugly aliased fonts

I am running Gnome 2.18 on 4.2-release. Thanks again to all those who worked on this port. It's quite stable and functional. I want to use Tahoma as my ui font, and have disabled anti-aliasing using gnome-font-properties. Also, I have undef'd TT_CONFIG_OPTION_NO_INTERPRETER (thus enabled bytecode

Re: Gnome 2.18 bytecode renderer enabled, but still ugly aliased fonts

On Tue, 2007-11-06 at 20:12 +0100, Jonathan Schleifer wrote: But Tahoma (and other similar fonts) still looks ugly. Do I need to do anything else? Could somebody help? Disable the autohinter. Thanks Jonathan, that was it. (For the record, I've disabled autohinter in its conf file under

Re: how to create cdrom42.fs?

On Tue, 2007-11-06 at 23:06 +0100, ropers wrote: On 06/11/2007, 23e7 [EMAIL PROTECTED] wrote: Hi, anything script? -- Best Regards, No.23 http://marc.info/?t=11939458983r=1w=2 I guess that's not what the OP was asking for. However, there is a cdrom42.fs in cdemu42.iso

Re: Web configure Firewall

On Tue, 2007-10-09 at 10:51 +0530, Siju George wrote: Anyone knows if there is a mailinglist for comixwall? I am facing a few issues with it :-( Anyone is welcome to e-mail me about issues: soner at comixwall.org However, the IP address of the project is from dynamic pool. Gmail and some other

Re: uvm_fault on Asus M2V-MX

Just for the record, I've been able to obtain a stable bios configuration. See the dmesg output below. I've realized that the problems I've been experiencing (uvm_fault previously, and strange unexpected reboots during boot-ups recently) are related with the audio configuration in bios settings.

Re: uvm_fault on Asus M2V-MX

I actually only add some packages in install.site script, during my 3-4 trials I got uvm_fault error in one of the following lines: pkg_add php5-mysql-5.1.6p1.tgz 21 | tee -a $LOG_FILE pkg_add php5-pear-5.1.6p0.tgz 21 | tee -a $LOG_FILE /usr/local/sbin/phpxs -s 21 | tee -a $LOG_FILE

uvm_fault on Asus M2V-MX

Today I was trying to install OpenBSD/amd64 4.1 GENERIC on a system with the following motherboard: http://www.asus.com/products4.aspx?modelmenu=2model=1418l1=3l2=101l3=324l4=0 But during installation I got the following blue lines (which I've noted on a piece of paper by hand): uvm_fault

Re: Spamd variation

From what I understand from the post, you are suggesting a scheme similar to what snort2pf is doing for snort and pf. In layman terms, when snort issues an alert, snort2pf informs pf about the attacker's IP, and pf takes an action. AFAIK, this is currently the only way to convert snort from an IDS

spamd-setup: pfctl: Cannot allocate memory

Hi All, According to http://www.openbsd.org/spamd/ I have added a couple of new blacklists to my original spamd.conf, previously I had only spews1, china, and korea, and there was no problem. But now pfctl gives me an error: # /usr/libexec/spamd-setup -d Getting

Re: q

I guess the OP means, for example, Ubuntu-like setting, where there is a root account of course but you cannot log in as root (actually, you can drop to root shell in single user mode or by sudo -i). I believe this hopefully serves the purpose of preventing the habit of system admins to log in as

how to configure bridge interface [WAS: snort any interface]

I cannot see any traffic on bridge0 with tcpdump -i bridge0, so that's why I don't see any alerts on snort. My physical interfaces are already configured and have their own IP addresses. I need to assign different IPs to all 3 cards (LAN, WAN1, WAN2). And here is what I run on the command line to

snort any interface and 2.6.1.4 mysql problem

Hi All, I have more than one interface I need to monitor with snort. I've read http://www.snort.org/docs/faq/1Q05/node35.html, To do that, I've created bridge0 and added both interfaces. Since I need to assign IP addresses to each interface, I could not just up the interfaces and add them to the

snort alert timestamps are close to random

I'm running snort on OpenBSD 4.0 amd64. I've tried 2.4.5 among the packages, and built 2.6.1.4 from the source (are there any special configure options I should use?). Also I've tried many combinations of rules: registered user, community and bleeding-edge rules. The same result. For example,

where to download IOBSD iso?

Well, I'm surprised nobody has mentioned here this year's joke (or have I missed those posts?). Only two drivers written, in the last two months! rocks, but I'm especially amazed that you guys have really paid for the iobsd.org domain name just to crack a joke on April fool's day :). I just

Re: SIP on OpenBSD

On Tue, 2007-02-13 at 11:09 +0100, Claudio Jeker wrote: The only problem is that we don't support zaptel. It is an incredible ugly interface that only works with the digium cards that are not supported. Head of the ftp://ftp.sangoma.com/OpenBSD/current_wanpipe/README reads: Future release:

Re: destination-port-based routing for multiple links

Thanks a lot for all the replies, public and private (especially Berk for detailed explanations). It turns out that my nat rule was not complete/correct (just as all of the replies had implied this possibility). So, for the record, the rules I'm using right now are as follows, and work perfectly:

destination-port-based routing for multiple links

Hi All, I'm running Postfix on OpenBSD and have multiple external links on the same box. I want outgoing smtp connections to be routed to ext_if2, but the rest to ext_if1. To achieve this, default route being ext_if1, I tried a couple of things: pass out log quick route-to ($ext_if2 $ext_gw2) \

Re: destination-port-based routing for multiple links

One correction, keep state in the rule prevents the duplicate to $ext_if2. So to have the duplicate, it should have been like the following: pass out log quick route-to ($ext_if2 $ext_gw2) \ proto tcp to any port smtp user _postfix Sorry, On Sun, 2007-01-28 at 13:03 +0200, Soner Tari wrote

Re: destination-port-based routing for multiple links

On Sun, 2007-01-28 at 16:39 -0800, J.C. Roberts wrote: On Sunday 28 January 2007 03:03, Soner Tari wrote: I'm running Postfix on OpenBSD and have multiple external links on the same box. I want outgoing smtp connections to be routed to ext_if2, but the rest to ext_if1. why? Because

Re: multiple external links not working ..

Hi, I'm using two external interfaces myself, and I believe I had the same problem you describe in your message. I bet when you do: netstat -rnf inet | grep default you will see that your (ext_if2 ext_gw2) comes on top. Thus, my theory is that the kernel is preferring your second external

reverse http proxy on OpenBSD (or not)?

Hi All, On my network, ASP sites are served on a Microsoft IIS, and PHP sites are on OpenBSD Apache, and there is only one Internet connection with a single IP (all DNS records point to this IP). Since these web servers run on different hardware/IPs, I need to distribute http requests based on

Re: reverse http proxy on OpenBSD (or not)?

Thanks for all the replies, public and private. They've provided plenty to work on.

Re: CD orders to Turkey?

some damage all the way from Canada anyways.) Overall, this was a highly recommended purchase for many reasons. Cheers, On Wed, 2006-11-22 at 14:38 +0200, Soner Tari wrote: Those who live in Turkey and purchased OpenBSD CDs in the past using the ordering web page, did you have any problems

SiS 964 ethernet with sis(4)?

I'm planning to purchase a motherboard with SiS 661FX/964 chipset. Can I assume sis(4) driver on OpenBSD 4.0 amd64 supports the ethernet on SiS 964? (In other words, sis(4) mentions SiS 900, does it mean 9xx?) Thanks,

CD orders to Turkey?

Those who live in Turkey and purchased OpenBSD CDs in the past using the ordering web page, did you have any problems with Turkish customs processing? Were you able to receive your CDs safe and sound? Because I'm planning to order a 4.0 CD set to an address in Turkey. (I know first-hand stories

select(2) performance and optimal timeout choice?

priority? (I'll submit these findings to DG also, but it seems these timeout values are OK with Linux. Or perhaps, the only processes running on their Linux are DG. I have many other processes too. So I wanted to ask misc@ first.) Thanks, On Sat, 2006-08-19 at 13:53 +0300, Soner Tari wrote: Hi All

Problems with DansGuardian 2.9.7.5 on OpenBSD 3.9

PROTECTED] In-Reply-To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] Organization: Kulustur-Comix Message-Id: [EMAIL PROTECTED] X-Mailer: Evolution 2.6.2 (2.6.2-1.fc5.5) X-Virus-Scanned: amavisd-new at akset.com X-Originating-IP: 81.215.105.114 X-eGroups-Msg-Info: 2:3:4:0 From: Soner Tari [EMAIL

time-based pf rules in crontab do not survive a reboot (naturally)?

Hi All, I have time-based pf rules using cron and anchors (such as to restrict HTTP access after hours). But as you can guess, they do not survive a reboot. Is there any solution? Thanks,

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

Have your cron job copy the current anchor rules to pf-current.conf, then add pfctl -f pf-current.conf to rc.local. Thank you for the reply (and Gaby too). But I am not sure if this would be an elegant workaround. Because by chance there may be cron jobs scheduled to run exactly during

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

their minds, and there is already some development effort to add such support. May I ask if that's the case, hopefully? Thanks, On Sat, 2006-07-15 at 15:36 -0400, jared r r spiegel wrote: On Sat, Jul 15, 2006 at 08:27:32PM +0300, Soner Tari wrote: Have your cron job copy the current anchor

GA-8S661FXM-775 Rev.1 P4 motherboard cannot reboot or halt

Hi All, I'm running OpenBSD on a box with GA-8S661FXM-775 Rev.1 motherboard, with the latest bios F4 (please see dmesg below). Previously I know that FreeBSD and Linux could not reboot this hardware, but I was hoping OpenBSD could, but it can't either. Linux can halt though, but others can't halt

Re: smtp-gated alternative for OpenBSD

connections to your server, and thats all :) Craig Skinner wrote: On Sun, Jun 11, 2006 at 03:43:24PM +0300, Soner Tari wrote: Hi all, I'm trying to find a fully transparent smtp proxy for outgoing mails from NATed hosts behind my firewall (smtp proxy will run on this firewall). smtp

smtp-gated alternative for OpenBSD

Hi all, I'm trying to find a fully transparent smtp proxy for outgoing mails from NATed hosts behind my firewall (smtp proxy will run on this firewall). smtp-gated of FreeBSD seems like an exact match. What is the equivalent of smtp-gated for OpenBSD? I tried to google too, but failed to find