> /etc/bridgename.bridge0
> add fxp0 add fxp1 add vlan0 add vlan1 add vlan1 add
> vlan 3 up
What's about "add vlan2"? I see only 0, 1, 1, 3.. is that right?
--
Oskar
I have a question dealing with vlans
and bridges on an OpenBSD-stable box.
First, what I am trying to do is below in ascii art as much as I hate ascii art.
-
| Cisco 6509 |
Hello,
Does enyone have a howto on this:
OpenBSD with 3 NIC's+SNORT with mysql+Apache with
ACID
2 NIC's are used for bridge
pf firewall
OpenBSD is also with SNORT and mysql
1 NIC is used for hookup with my
labtop.
Labtop is with apache and
ACID.
If U have one that U would
Title: RE: Why isn't this port blocked?
This was the problem:
>>Just replace <> with ><.
tcp 3.3.0.10:12002 <- 2.2.20.0:2913 ESTABLISHED:ESTABLISHED
[498402552 + 63219] [922621281 + 63919]
age 00:03:52, expires in 23:59:56, 207 pkts, 42135 bytes, rule 43
@43 pass in inet pro
>
> that doesn't work either, dude.
> expands to
> pass in on rl0 from any to !1.2.3.4/32
> pass in on rl0 from any to !2.1.0.0/24
> one will always match.
>
I've understood, i've to switch the rule from a pass to a block rule so my
goal is reached.
So the only way to accomplish that is with t
ok easy answer - get a fourth NIC, put it on the 192.168.1.50 net and use it
to NAT out to the internet. When you bridge interfaces they are consumed and
not available for anything other than the bridge.
2 NICs bridge 192.168.1.50 and 192.168.1.60 (if your doing a bridge, they
will look like one s
On Mon, Mar 10, 2003 at 11:34:34AM +0100, Jedi/Sector One wrote:
> What software do you use to read .smil files?
you need realplayer for those webcasts.
- jolan
On Mon, Mar 10, 2003 at 11:08:32AM +0100, Ed White wrote:
> Design and Performance of the OpenBSD Stateful Packet Filter (pf)
> by Daniel Hartmeier
> [ http://linuxforum.mmmanager.net/1045982346433661373/view ]
What software do you use to read .smil files?
--
__ /*- Frank DENIS (Jedi/Se
Hi all,
is there exist a tool that would check if a given packet would pass the
firewall or not and which rule would apply?
I'm looking for something like
$ checkpacket --in-interface dc0 --source 10.20.30.40:1234 \
--destination 1.2.3.4:5678 --proto tcp --flags SYN,URG,DF --tos 0x10 ...
...and
On Mon, Mar 10, 2003 at 10:06:55PM +1100, Damien Miller wrote:
> Henning Brauer wrote:
> >On Mon, Mar 10, 2003 at 09:43:16PM +1100, Damien Miller wrote:
> >>Henning Brauer wrote:
> >>>either you have more queuedefs you are hiding from us
> >yes, you have.
> >look, the error is obvious.
> Ah, ok. H
Henning Brauer wrote:
On Mon, Mar 10, 2003 at 09:43:16PM +1100, Damien Miller wrote:
Henning Brauer wrote:
either you have more queuedefs you are hiding from us
>
yes, you have.
look, the error is obvious.
Ah, ok. Has the checking been tightened? This worked for ages...
the really right thing i
On Mon, Mar 10, 2003 at 09:43:16PM +1100, Damien Miller wrote:
> Henning Brauer wrote:
> >either you have more queuedefs you are hiding from us
> No.
yes, you have.
look, the error is obvious.
> altq on tun0 cbq bandwidth 50Kb queue { root, std, dns, http, mail, ssh }
> queue root bandwidth 100%
Henning Brauer wrote:
On Mon, Mar 10, 2003 at 08:24:33PM +1100, Damien Miller wrote:
Philipp Buehler - sysfive.com GmbH wrote:
On 10/03/2003, Damien Miller <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
After updating -current about a week ago I started getting the following
error upon trying
On Mon, Mar 10, 2003 at 08:24:33PM +1100, Damien Miller wrote:
> Philipp Buehler - sysfive.com GmbH wrote:
> >On 10/03/2003, Damien Miller <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> >
> >>After updating -current about a week ago I started getting the following
> >>error upon trying to load
On Mon, Mar 10, 2003 at 09:50:19AM +0100, Philipp Buehler - sysfive.com GmbH wrote:
> > pass in on $Ext_If from any to !$MyVar
> Use { !1.2.3.4/32, !2.1.0.0/24}
that doesn't work either, dude.
expands to
pass in on rl0 from any to !1.2.3.4/32
pass in on rl0 from any to !2.1.0.0/24
one will alw
w00t!
Design and Performance of the OpenBSD Stateful Packet Filter (pf)
by Daniel Hartmeier
[ http://linuxforum.mmmanager.net/1045982346433661373/view ]
Showtime:
http://linuxforum.mmmanager.net/1045982346433661373/SMIL.smil
Ed
Philipp Buehler - sysfive.com GmbH wrote:
On 10/03/2003, Damien Miller <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
After updating -current about a week ago I started getting the following
error upon trying to load my ruleset:
# pfctl -vf /etc/pf.conf
[...]
altq on tun0 cbq bandwidth 50Kb tbr
[EMAIL PROTECTED] wrote:
I'm almost totally new to pf.
I'v noticed that this syntax is not accepted:
Ext_If = rl0
MyVar = { 1.2.3.4/32, 2.1.0.0/24 }
pass in on $Ext_If from any to !$MyVar
beware of rule expansion.
PF would expand that to:
pass in on $Ext_If from any to !1.2.3.4/32
On 10/03/2003, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote To Philipp Buehler -
sysfive.com GmbH:
> >Use { !1.2.3.4/32, !2.1.0.0/24}
>
> Sure, i've already done that, thanks.
>
> Anyway i think that syntax interpreted as you've done could be an
> improvement in easing the ruleset of pf.conf file
On 10/03/2003, Damien Miller <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> After updating -current about a week ago I started getting the following
> error upon trying to load my ruleset:
>
> # pfctl -vf /etc/pf.conf
> [...]
> altq on tun0 cbq bandwidth 50Kb tbrsize 1500 queue { root std dns
On 10/03/2003, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> I'm almost totally new to pf.
> I'v noticed that this syntax is not accepted:
>
> Ext_If = rl0
> MyVar = { 1.2.3.4/32, 2.1.0.0/24 }
>
> pass in on $Ext_If from any to !$MyVar
>
>
> I think this should be
>No, you cannot use negated lists. They would always match in one or
>the other way. Short, it wouldnt do what you want to achieve there.
>
>Use { !1.2.3.4/32, !2.1.0.0/24}
>
Sure, i've already done that, thanks.
Anyway i think that syntax interpreted as you've done could be an
improvement in ea
After updating -current about a week ago I started getting the following
error upon trying to load my ruleset:
# pfctl -vf /etc/pf.conf
[...]
altq on tun0 cbq bandwidth 50Kb tbrsize 1500 queue { root std dns http
mail ssh}
queue root cbq( red ecn default ) { std dns http mail ssh }
pfctl: DIOCAD
I'm almost totally new to pf.
I'v noticed that this syntax is not accepted:
Ext_If = rl0
MyVar = { 1.2.3.4/32, 2.1.0.0/24 }
pass in on $Ext_If from any to !$MyVar
I think this should be a honest rule, am i wrong somewhere !?
Best Regards,
Thelmo
__
24 matches
Mail list logo
