On 11 Nov 2020 at 20:48, len zaifman wrote:
> Thanks Tom,Aaron: I did 2 things,
>
> 1 re IPs - all ips removed from aggr0 and 1 ip for each vlan
>
> ifconfig -A | grep -A 7 vlan7 | grep -E 'vlan7
> inet' ; ifconfig aggr0 | grep inet
> vlan70: flags=8843 mtu 1500
> inet 10.10.70.1 netmask
On 28 May 2019 at 15:14, Carlos Aguilar wrote:
> Hi,
>
> I am having lots of problems to execute a shell script at boot time.
>
> My crontab is as follows;
> >>
> SHELL=/bin/ksh
>
> @reboot $HOME/bin/app-ferre
> <<
> My shell script is as follows:
> >>
> #!/bin/ksh
>
>
at the risk of feeding a troll... see below
On 8 Jan 2017 at 0:02, Martin Hanson wrote:
> ludovic coues said:
>
> > You are free to use OpenBSD code.
> > You are free to copy OpenBSD code.
> > You are free to modify OpenBSD code.
> > You are free to distribute you fork.
> >
> > So unless your
On 20 Apr 2015 at 0:11, Ton Muller wrote:
i have last week setup my old asus laptop, model A6000 ,1GB ram, 80GB HDD.
SK0 is the internal interface.
RE0 is the WAN interface
i kept my pf.conf as simple posible to get it start
START CONFIG ##
#
int_if = sk0
ext_if = re0
On 28 Mar 2015 at 8:00, Jeff wrote:
Hi,
We've been using pf.conf and tables for years but have
recently embarked on a project to optimize pf.conf.
In reading about tables it's not clear when tables are more
efficient than individual rules. Is there a definitive point? Is it
and may introduce state.
Clearly no state. Is it just ignoring the option? Maybe I have to
modify my script.
pfctl -t AUTOBLOCK -T add $ip
pfctl -k $ip
--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:da...@vex.net
VoIP: sip:da...@vex.net
On 18 Feb 2015 at 15:18, Gene wrote:
To expand on Alexander's point, look at the FAQ:
http://www.openbsd.org/faq/pf/perf.html
If you aren't doing a lot of filtering, just passing traffic over
multiple interfaces, more cores might be beneficial.
-Eugene
Actually, at this time and the
On 3 Dec 2014 at 18:36, dev wrote:
You are speaking out of turn, basically insulting people who
want
to make sure that older architectures do work. The Sun Fire
V890
and Niagara machines are not sparc architecture. They are
sparc64.
Not sure where the anger is
In the description of the -b option:
...
three elliptic curve sizes: 256, 384 or 521 bits.
Is 521 correct or is it supposed to be 512?
In OpenBSD 5.6, the prototype and man-page for hosts.equiv(5) have
disappeared. However, this file is still referenced in sshd_config(5)
and (if I'm searching the sources correctly) in /usr/src/usr.bin/ssh
auth-rhosts.c which is included in the sshd/Makefile.
Is the removal accidental or an
The answer to your question is right there in the very manpage
paragraph you quoted below.
On 21 Oct 2014 at 10:24, Alan McKay wrote:
Anyone?
Anyone?
Buehler?
On Fri, Oct 17, 2014 at 9:41 AM, Alan McKay alan.mc...@gmail.com
wrote:
Hi folks,
The manpage for relayd.conf has this
Responding here at the risk of continuing to feed the troll, but in the
interest of setting the record straight (i.e. for the archives).
On 4 Oct 2014 at 13:53, Matti Karnaattu wrote:
Many a naïve person believe you can add security as an afterthought
but I'm not aware of this approach ever
No, the one lacking understanding is you -- the fact that 99.9% of the
Internet users are clueless (and even worse, *lax*) about security,
probably never heard of OpenBSD and most likely will never use it
because it interferes with their daily fill of spam and malware is
totally irrelevant for
On 3 Oct 2014 at 23:48, Matti Karnaattu wrote:
...
etc...and that's not the only way javascript can be used maliciously
These are called security holes.
There is good reason not to explicitly trust javascript or any other
browser plugin that allow the remote site to execute code on your
On 4 Oct 2014 at 1:41, Matti Karnaattu wrote:
...
I don't think that is pragmatic to expect people to use computers
without applications. Or expect users of some software doesn't want to
use applications.
why not be the ultimate pragmatist you preach and go run Windows?
(Isn't that what
On 2 Oct 2014 at 18:15, Andy wrote:
Setup some queues and prioritise your ACK's ;)
The box is fine under the load I'm sure, but you'll still need to
prioritise those TCP acknowledgments to make things snappy when lots of
traffic is going on..
All these (otherwise valid) suggestions are
On 28 Sep 2014 at 8:44, Andy Lemin wrote:
On 28 Sep 2014, at 05:00, System Administrator ad...@bitwise.net
wrote:
On 27 Sep 2014 at 18:50, Andrew Lester wrote:
Hey guys,
I have what I hope is a simple syntax question for pf rules. I have
not been able to find any example
On 27 Sep 2014 at 18:50, Andrew Lester wrote:
Hey guys,
I have what I hope is a simple syntax question for pf rules. I have not
been able to find any example of this online or in the man pages. I
suspect it is perhaps not possible. Basically I want to allow out
certain web services, with a
On 18 Sep 2014 at 17:33, Stan Gammons wrote:
On 09/18/14 17:21, Steve Litt wrote:
On Thu, 18 Sep 2014 16:54:13 -0500
Stan Gammons sg063...@gmail.com wrote:
On 09/18/14 16:47, Steve Litt wrote:
How many ethernet ports does it have? I'd love to use something like
that as a
On 11 Sep 2014 at 12:23, Scott Bonds wrote:
On Thu, Sep 11, 2014 at 07:35:47PM +0200, Christer Solskogen wrote:
On Thu, Sep 11, 2014 at 7:21 PM, Ingo Schwarze schwa...@usta.de wrote:
Hi Scott,
Scott Bonds wrote on Thu, Sep 11, 2014 at 09:38:10AM -0700:
My daily insecurity email
If you look at the header line of the dmesg you quoted below, you will
notice that it says GENERIC -- that is the official name of the SP
(single processor) kernel. To utilize more than one CPU core, you need
to be running the MP (multi-processor) kernel, as in GENERIC.MP.
On 1 Sep 2014 at
And what does OP's message have to do with pfSense ??? (especially
since he's clearly indicating currently supported OpenBSD versions 5.4
and 5.5 near the bottom...)
On 30 Aug 2014 at 14:22, Chuck Burns wrote:
On Saturday, August 30, 2014 8:27:24 AM Tony Sarendal wrote:
Good morning,
I need to deploy a BGP router in the next week or so. Generally, I run
stable in production, but having watched on the lists the many
advancements from 5.5 (last release) to current which is about to
become 5.6 release, my question is thus -- is there or soon will be a
stable snapshot that is
On 30 May 2014 at 13:56, Sebastian Benoit wrote:
Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.30 11:32:14 +0200:
Hi,
let's say for example I have web server on internal network, and I
have redirected tcp port 80 from firewall to it:
pass in on $ext_if inet proto tcp from any to
wasn't the registry database a dead giveaway???
On 8 Apr 2014 at 17:22, Dag Richards wrote:
all sarcasm on my part.
hate the whole /etc/hourly /etc/daily /etc/whim-time cron crap
was happy to see Theo's reaction. Was jerking the list's chain.
sven falempin wrote:
Look what linux are
On 31 Mar 2014 at 18:13, Chi wrote:
On Mon, 31 Mar 2014 18:34:39 +0100
skin...@britvault.co.uk (Craig R. Skinner) wrote:
Reverse.Net uses OpenBSD on AMD hardware to provide shell
accounts,
website hosting, and domain name hosting.
results to
Access Denied:
Because of high
On 29 Mar 2014 at 22:10, Stéphane Guedon wrote:
Hello
I am currently trying to run two nameserver on the same Openbsd
server.
The first one is an autoritative (let's say bind or nsd, no one
cares).
the second will be dnsmasq.
You guess the objective of the construction : give local
Hi J. Lewis,
I am not a developer, but I've been lurking on this list for a very
long time and on that basis can tell you that you've committed two
cardinal sins as far as this mailing list is concerned:
1) you failed to do your homework -- had you done some research, in
particular about the
On 25 Aug 2013 at 10:50, Tony Abernethy wrote:
josef.win...@email.de wrote
I read fdisk(8) carefully (At least I think so), but I repeatedly failed to
install two OBSDS on two primary partitions of a HDD.
The idea was to realize a multiboot by toogleing the boot-flag to the primary
On 27 Mar 2013 at 16:01, David Ruggiero wrote:
Thanks to Jan for pointing out I neglected to include the macro defs
for the nets (though they're vanilla and what you'd expect). Here's
the full source for the first rule, the one I think should catch the
bogon packets but doesn't:
int_net =
On 7 Mar 2013 at 20:24, David Ruggiero wrote:
I've been using OpenBsd for 8+ years on my main router/firewall (4
NICs).
Time to upgrade (I'm back on v3.8, yikes). Past time, really.
Solots to
learn / re-learn here. Have patience. First question:
I'll be loading 5.2 on a low-power,
OpenBSD is all about KISS (simplicity) -- have you tried running the bi-
annual release update procedure? have you read (carefully) the FAQ
section on upgrading? Many users report it takes less than 15 minutes
to perform a *remote* upgrade. Also you need to mind that OpenBSD does
not support
On 9 Feb 2013 at 21:11, Crookedmaze wrote:
On 02/09/2013 08:42 PM, System Administrator wrote:
OpenBSD is all about KISS (simplicity) -- have you tried running the bi-
annual release update procedure? have you read (carefully) the FAQ
section on upgrading? Many users report it takes less
I finally got to deploy a CARP firewall cluster (HA failover for now).
Using only the official OpenBSD.org documentation, everything went very
smoothly even though the setup is not quite trivial (14 carp addresses
on 6 active interfaces). I even got system replication going using
rdist(1).
On 30 Jan 2013 at 9:29, Johan Beisser wrote:
On Wed, Jan 30, 2013 at 8:56 AM, System Administrator ad...@bitwise.net
wrote:
I finally got to deploy a CARP firewall cluster (HA failover for now).
Using only the official OpenBSD.org documentation, everything went very
smoothly even though
To simplify maintenance of a carp firewall cluster, I setup system
replication with rdist(1), which works rather nicely with one notable
exception where cmdspecial fires even when there are no updated files.
It is the only instance of cmdspecial that misfires, it is also the
only instance that
Thank you Alexander (and Johan) for confirming what I kinda suspected --
use shared keys if it is a published (ie. failover required) service,
otherwise bind only to dedicated address(es) using dedicated keys.
On 30 Jan 2013 at 18:33, Alexander Hall wrote:
On 01/30/13 17:56, System
On 14 Dec 2012 at 16:43, Sha'ul wrote:
The driver for AR9485 seems to be fully function in libre Linux from
what I've tried, don't need the vanilla Linux version for at least the
wifi to work. Would it not be possible to thereby port over the libre
linux driver version to get some kind of
Looking to build a firewall for a fairly busy (25+mb) site. Hardware is
Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software
is primarily pf(4) and relayd(8).
Not so long ago the recommendation was to use the i386 build for a
slight perfomance and stability benefit. Is that
On 1 Mar 2010 at 21:01, Thomas Schwarz-Gulden wrote:
Hi,
Interface re0 of the external firewall is configured as
10.1.0.1/16.
That's your problem, see below.
netstat -rn
on external firewall lists 10.1/16 with flags UC.
So I think that anything with a destination like
10.1.x.x would
On 11 Feb 2010 at 23:15, Dirk Mast wrote:
Daniel Ouellet wrote:
On 2/11/10 2:46 PM, Henning Brauer wrote:
disk i/o is irrelevant. you will need a very very very fast
opengl
capable graphics card with loads of memory of course.
???
I am sure I am missing something big here, but
On 12 Feb 2010 at 11:44, Aaron Mason wrote:
On Fri, Feb 12, 2010 at 9:48 AM, System Administrator
ad...@bitwise.net wrote:
On 11 Feb 2010 at 23:15, Dirk Mast wrote:
Daniel Ouellet wrote:
On 2/11/10 2:46 PM, Henning Brauer wrote:
disk i/o is irrelevant. you will need a very very
consideration that may address your needs in a
different way.
Best,
Daniel
-
System Administratorad...@bitwise.net
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston
On 22 May 2009 at 15:05, Aaron Martinez wrote:
Hi All,
I am setting up an openbsd 4.5 stable based pf firewall and was
wondering if there is a way to make it so only certain users could log
in from certain IP addresses. I have authpf set up and working well,
but the problem is if someone
On 22 May 2009 at 16:37, Aaron Martinez wrote:
On 22 May 2009 at 15:05, Aaron Martinez wrote:
Hi All,
I am setting up an openbsd 4.5 stable based pf firewall and was
wondering if there is a way to make it so only certain users could log
in from certain IP addresses. I have authpf
On 15 May 2009 at 17:11, Chuck Robey wrote:
I'm trying to see if there's any way I can get my Raid controller, which is a
AMCC (3Ware) 9650-4, to work under OpenBSD. The man page for the twe driver
says it works for several different 3Ware controllers, but it seems to omit
the
9000
On 14 May 2009 at 21:29, John Bond wrote:
On Thu, May 14, 2009 at 9:16 PM, Russell Howe rh...@bmtmarinerisk.com wrote:
These should work fine - the S518 presents itself as a special ADSL
controller on the PCI bus, but AFAIK the 519 is actually an ethernet chip
(Realtek 8139?) paired up
CUPS and Linux/Windows blobs are so often required because printers
have gone the way of the modems -- i.e. minimal intelligence in the
device with most of the processing happening on the host. If you stick
to real hardware printers that provide built-in Postscript (or at
least PCL) language
On 21 Feb 2009 at 0:46, Jean-Francois wrote:
Hi All,
It looks like my server running since few days has already been hacked.
It looks like a new user called 'daemon' ID 1 and a new group daemon.
User's full name 'The devil itself' First time I find out evidence
of hack on my server,
On 22 Jan 2009 at 14:54, Morris, Roy wrote:
I know this is more of a general 'huh' kind of thing, but I figured someone
could kick start my brain for me. Anyone know why this doesn't work? It
appears to find the files ok but the -exec part thinks it can't?
spider:/var/log# find . -name
missed the list when replying...
--- Forwarded message follows ---
On 7 Jan 2009 at 21:59, Toni Mueller wrote:
Hi,
On Sat, 03.01.2009 at 20:51:40 +0300, Kirill S. Bychkov ya...@linklevel.net
wrote:
This is a resubmit of apcupsd port.
Any comments/oks?
I have no comment on
keep state
pass in on $int_if proto tcp from class2 to any port $out_tcp keep state
pass in on $int_if proto udp from class2 to any port $out_udp keep state
pass out keep state
-
System Administratorad...@bitwise.net
On 27 Dec 2008 at 1:02, fRANz wrote:
On Fri, Dec 26, 2008 at 7:50 PM, System Administrator ad...@bitwise.net
wrote:
Here is a hint to simpler life: to avoid assymtric routing make sure
that all you redirect (RDR) rules fully traverse the firewall, i.e. the
source and destination
This list tends to favor those who do at least some basic homework
before asking redundant questions. Had you read the authpf man page or
searched the list archives, you would have certainly realized that what
you are describing is EXACTLY the intended behavior, in other words,
your system is
On 2 Dec 2008 at 14:33, Juan Miscaro wrote:
2008/12/2 Daniel Ouellet [EMAIL PROTECTED]:
Juan Miscaro wrote:
2008/12/2 Tony Abernethy [EMAIL PROTECTED]:
Juan Miscaro wrote:
I turn off those annoying checks and I use the same password.
Works great.
/juan
... until it
I have an i386 box that used to be running 4.3-stable and was recently
upgraded to 4.4 using a CD and following the instructions. Everything
seemed to be working fine including rum wireless in its primary
location. However, a previously working configuration in an alternate
location now
On 16 Nov 2008 at 10:55, Don Jackson wrote:
My system installation script (similar to install.site, run right after
the system was installed, and before first boot) attempts to configure a
user account using sometime pretty much like this:
/usr/sbin/useradd -mv -b /home -c name of user -u
On 14 Nov 2008 at 1:18, STeve Andre' wrote:
On Thursday 13 November 2008 19:54:55 Juan Miscaro wrote:
I'm providing wireless internet access for a small building with
OpenBSD 4.3 (some snapshot) as access point. I'm using the ral
driver. I regularly need to bring down and then back up
On 14 Nov 2008 at 21:50, Stuart Henderson wrote:
On 2008-11-14, STeve Andre' [EMAIL PROTECTED] wrote:
On Thursday 13 November 2008 19:54:55 Juan Miscaro wrote:
I'm providing wireless internet access for a small building with
OpenBSD 4.3 (some snapshot) as access point. I'm using the ral
list.
Thanks for your time.
-Jesus
--- End of forwarded message ---
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
). If you are successful at picking and solving these engagements,
you eventually become a recognized expert -- see previous paragraph.
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock
an existing one.
~Mayuresh
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
software to OpenBSD, for
example.
--
pozdrawiam / regards
Zbigniew Baniewski
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet
directive in the include file.
Every clue is welcome,
-Jacob.
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210
with openbsd or knows if
it will work?
thanks,
matthias
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210
drives had developed serious hardware flaws
that the card did not detect until the full reboot! Apparently they do
NOT do SMART monitoring of connected drives...)
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet
Eckley
http://xifos.org
-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210 fax: (617) 439-4941
an hour ...
this system and I do not think that putting forth the effort is worth
it, especially when I still have 11 other systems to setup and configure
by May 13th. :)
--
Thx
Joshua Gimer
-
System Administrator
.
Is it better to use apc-upsd from ports?
It seems to be a bit old and I could not find any documentation
on how to configure and use it.
Any recommandations would be much appreciated.
Regards,
Thierry.
-
System Administrator
70 matches
Mail list logo