On Tue, 24 Nov 2009 08:38:07 -0700
Theo de Raadt dera...@cvs.openbsd.org wrote:
Damn right it will.
Where is it written up? In the manual pages. I can't believe
we are here in 2009 and people still believe they can get away
with being an idiot because they believe they are above doing
Hello,
I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
rl0 connected directly with internet
rl1 our network.
I configured dhcp and and added it in my rc.conf.local. Restarted the
openbsd box.
In my pf.conf, i added this line :
pass in on $int_if inet proto { tcp, udp } from any to $gw_obsd
On Tue, Nov 24, 2009 at 12:16 PM, open...@e-solutions.re wrote:
pass in on $int_if inet proto { tcp, udp } from any to $gw_obsd port 67
keep state
Hello, you're also missing 68. Just as a point, you shouldn't need tcp
at all, all 67,68 is udp, also keep state is implied now.
Cheers,
Steph
On Tue, Nov 24, 2009 at 04:16:06PM +0400, open...@e-solutions.re wrote:
Hello,
I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
rl0 connected directly with internet
rl1 our network.
I configured dhcp and and added it in my rc.conf.local. Restarted the
openbsd box.
In my pf.conf, i
On Tue, Nov 24, 2009 at 04:16:06PM +0400, open...@e-solutions.re wrote:
Hello,
I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
rl0 connected directly with internet
rl1 our network.
I configured dhcp and and added it in my rc.conf.local. Restarted the
openbsd box.
In my pf.conf, i
Claudio Jeker wrote:
Neither dhcpd nor dhclient need any pass rules in pf. Both tools use bpf
to steal the packets before they're checked by pf.
I see that has been there for a while.
Now that I look I see that dhcpd can add addresses to a PF table using
the argument -L. Useful!
Where are
On Tue, Nov 24, 2009 at 04:45:25PM +0200, Lars Nooden wrote:
Claudio Jeker wrote:
Neither dhcpd nor dhclient need any pass rules in pf. Both tools use bpf
to steal the packets before they're checked by pf.
I see that has been there for a while.
Now that I look I see that dhcpd can add
Where are the details written up for how pf is bypassed by dhcpd and
dhclient?
Would that mean that the machine with dhcpd could still serve dhcp
requests despite a filter ruleset like this:
block in all
pass out all
Damn right it will.
Where is it written up? In the manual
On Tue, Nov 24, 2009 at 7:38 AM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
Where is it written up? B In the manual pages. B I can't believe
we are here in 2009 and people still believe they can get away
with being an idiot because they believe they are above doing
research:
For the
On Tue, Nov 24, 2009 at 10:54:54AM -0800, Gerald Chudyk wrote:
On Tue, Nov 24, 2009 at 7:38 AM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
Where is it written up? B In the manual pages. B I can't believe
we are here in 2009 and people still believe they can get away
with being an idiot
Theo de Raadt wrote:
Where are the details written up for how pf is bypassed by dhcpd and
dhclient?
Would that mean that the machine with dhcpd could still serve dhcp
requests despite a filter ruleset like this:
block in all
pass out all
Damn right it will.
Where is it
Gerald Chudyk wrote:
For the record:
Thanks to this thread I discovered another idiot in this very cubicle
who failed to perform proper research and was sometimes setting pf
rules to pass dhcp messages. Particularly when troubleshooting a dhcp
problem. I beat him severely, but it probably won't
Red Midnight wrote:
Whenever I use a default block *log* rule to keep an eye on things, it
can be noisy. To help a bit (even though they don't actually do
anything), I use rules like this just to keep it out of the pf logs
That can be way too noisy. You can do 'regular' logging to pflog0 as
13 matches
Mail list logo
