On Fri, Jan 10, 2003 at 07:53:47AM +0100, Saad Kadhi wrote:
> > echo 'block in quck from $attacker to any' | pfctl -a attacks -R -f -
> is the '-R' flag required for this? wouldn't it just make pf reload the
> whole bunch of rules instead of just adding a rule to the anchor rule
> subset?
No
On Thu, Jan 09, 2003 at 08:21:29PM -0500, Marina Brown wrote:
> On Thu, 09 Jan 2003, Srebrenko Sehic wrote:
>
> > > 4) I've never used authpf, but I wonder why authpf does not
> > > call the pfctl binary, to have the benefit of code reuse without
> > > that tricky sharing of files. Combining binar
On Thu, Jan 09, 2003 at 11:12:35PM +0100, Daniel Hartmeier wrote:
> See the updated patch in the -current ports tree, it's fixed.
Thanks :)
> There's no reason to gamble with sanity by trying to backport features,
> people running 3.0, 3.1 and 3.2 -release or -stable are supposed to use
> the appr
On Thu, Jan 09, 2003 at 07:17:05PM -0700, [EMAIL PROTECTED] wrote:
> Basically, find the spot in the ruleset where you want to insert
> your rules, and drop an "anchor attacks" in there.
>
> Then, for an attack in progress, do a:
>
> echo 'block in quck from $attacker to any' | pfctl -a attacks -
> ...Guess i should take a look at the authpf and pfctl code
Or just look at anchors in the -current code.
Basically, find the spot in the ruleset where you want to insert
your rules, and drop an "anchor attacks" in there.
Then, for an attack in progress, do a:
echo 'block in quck from $att
On Thu, Jan 09, 2003 at 08:21:29PM -0500, Marina Brown wrote:
> I run an ISP that is almost totally OpenBSD. While i understand the
> need for pfctl to be lightweight, it would be VERY nice to have a
> utility to add or delete a temporary rule when an attack is on.
Check out the 'anchor' feature
On Thu, 09 Jan 2003, Srebrenko Sehic wrote:
> > 4) I've never used authpf, but I wonder why authpf does not
> > call the pfctl binary, to have the benefit of code reuse without
> > that tricky sharing of files. Combining binaries is usually the
> > Unix way, I believe.
>
> pfctl does not support
On Thu, Jan 09, 2003 at 09:27:01PM +0100, Srebrenko Sehic wrote:
> On Thu, Jan 09, 2003 at 07:50:09PM +0100, Henning Brauer wrote:
>
> > > pfctl does not support inserting rules on the fly and authpf needs that.
> > > On the other hand, the overhead of having that would be too big.
> >
> > h,
On Thu, Jan 09, 2003 at 09:22:47PM +0200, Can Erkin Acar wrote:
> Right now things are changing too fast. I had to stop working on pftop
> or risk losing my sanity ;) (Ouch! it is broken again, I will make a new
> release in a week). I think we need a 'pf version' incremented with
> api/structure
On Thu, Jan 09, 2003 at 11:13:41PM +0100, Henning Brauer wrote:
> > Didn't know that. So, authpf can insert rules on fly using anchors, but is
> > this possible with arbitrary applications? Say I want my snort box to insert
> > filter rules into pf, by sending a messages (something like
> > 'block
On Thu, Jan 09, 2003 at 09:43:34PM +0100, Daniel Hartmeier wrote:
> As for a library, that would only make sense if it were an additional
> abstraction layer somewhere between pf(4) ioctls and pfctl command line.
> Whether you find a level that changes less often than pf(4) but is more
> generic t
On Thu, Jan 09, 2003 at 10:00:55PM +0100, Srebrenko Sehic wrote:
> Nic. Btw, what's the main difference between tables and
> anchors?
An anchor is a bunch of rules, while a table is a bunch of addresses (or
netmasks).
If you have a block of rules in your main ruleset like
pass out from 10
On Thu, Jan 09, 2003 at 09:52:56PM +0100, Cedric Berger wrote:
> There is a "table" feature that has just been commited to the kernel.
> You can write in pf.conf:
>
> table persist
> block in from to any
>
> And then, your snort box can do the following:
> ssh firewall pfctl -t snortblacklis
Srebrenko Sehic wrote:
On Thu, Jan 09, 2003 at 07:50:09PM +0100, Henning Brauer wrote:
pfctl does not support inserting rules on the fly and authpf needs that.
On the other hand, the overhead of having that would be too big.
h, things changed... authpf uses anchors now, that IS pos
On Thu, Jan 09, 2003 at 09:27:01PM +0100, Srebrenko Sehic wrote:
> Didn't know that. So, authpf can insert rules on fly using anchors, but is
> this possible with arbitrary applications? Say I want my snort box to insert
> filter rules into pf, by sending a messages (something like
> 'block 192.16
On Thu, Jan 09, 2003 at 07:50:09PM +0100, Henning Brauer wrote:
> > pfctl does not support inserting rules on the fly and authpf needs that.
> > On the other hand, the overhead of having that would be too big.
>
> h, things changed... authpf uses anchors now, that IS possible with
> pfctl...
On Thu, Jan 09, 2003 at 06:52:40PM +0100, Srebrenko Sehic wrote:
> On Thu, Jan 09, 2003 at 06:34:13PM +0100, Daniel Hartmeier wrote:
> >
> > But it would be worth carefully looking at the currently shared modules,
> > and sorting all functions and shared globals to into either shared or
> > privat
On Thu, Jan 09, 2003 at 07:40:52PM +0100, Srebrenko Sehic wrote:
> pfctl does not support inserting rules on the fly and authpf needs that.
> On the other hand, the overhead of having that would be too big.
h, things changed... authpf uses anchors now, that IS possible with
pfctl... hmmm.
--
On Thu, Jan 09, 2003 at 07:22:14PM +0100, Cedric Berger wrote:
> >If we leave out all the technical challenges involved, the real question
> >is if the pf developers find this idea useful at all?
> >
> A few points, in wrac:
>
> 1) I kind of like libraries, but they are difficult to get right,
>
If we leave out all the technical challenges involved, the real question
is if the pf developers find this idea useful at all?
A few points, in wrac:
1) I kind of like libraries, but they are difficult to get right,
and probably more difficult is to have people agree to use it.
2) Theo doesn'
On Thu, Jan 09, 2003 at 06:34:13PM +0100, Daniel Hartmeier wrote:
> On Thu, Jan 09, 2003 at 06:20:55PM +0100, Srebrenko Sehic wrote:
>
> > What do you think about this?
>
> There is some sharing of pfctl code with authpf already, but it's done
> by compiling and linking some source modules of pf
On Thu, Jan 09, 2003 at 06:20:55PM +0100, Srebrenko Sehic wrote:
> What do you think about this?
There is some sharing of pfctl code with authpf already, but it's done
by compiling and linking some source modules of pfctl from authpf.
I guess you could try and move those shared functions into a
I've sent this some time ago to misc@, but didn't get much response. I
thought I might try the pf specific list.
While working on my own tool, rpfcd (remote pf control dameon,
http://www.insecure.dk/rpfcd/) I found myself reusing a lot of code from
pfctl for pf(4) related routines. While some of s
23 matches
Mail list logo
