Re: DRI with ATI graphics chip
On Tue, Sep 26, 2006 at 06:34:38AM +0200, Thomas Schlesinger wrote: Ok, I've thought the free drivers would only lack hardware 3D accelleration :-( And you don't need DRI for the rest. Says someone with a X300. Joerg
Re: Bridging again
Tiv wrote:
I'm no expert, but unless you intend to block ICMP messages,
you just might want to use something like this...
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
If you can't ping/arp a host (icmp disabled), I'd think you'd have
trouble connecting ssh...
When i block/filter icmp on a Cisco router I get this:
ssh: connect to host targa port 22: No route to host
...just something to consider.
No, I never had to explicitly allow ICMP on any of my firewalls, because
stateful filtering takes care of internet connection messaging protocol
as well. I only had to explicitly allow echo requests and echo replies.
Otherwise I would have allowed ICMP.
Re: boot problem, disk mess.. thinking of suicide.
Vladimir Mitiouchev wrote: Lessons? 1. Do *NOT* use broken IDE cables. And if you did, you should newfs(8) the file system when you replaced the cables with good ones. According to your initial description, it appears that some write accesses did not hit the disk successfully, which can lead to random corruption. After such an incident, the best thing you can do is newfs(8) the file systems on the disk (_after_ you made sure that cables and disks are OK). Then re-install from your backup. DragonFly's journaling feature allows for nice live backup streams that can be stored on another media. ;-) Or if you have a mirror (RAID1) setup, and the problem did not affect all mirror disks, then you can simply rebuild the failed component, of course. 2. BSD is amazing ;-) It couldn't be possible to get things working without reinstall of whole system in Linux. 3. Backups of disklabel and fdisk is GOOD idea. Backups of _anything_ is a good idea. ;-) PS2 Thanks God i wasn't running softupdates! I don't think it would have made much of a difference. If the hardware fails (controller, cable, disk), you'll have damage, no matter whether you run with softupdates or not. There isn't really much you can do in software to prevent that. Except, of course, running a mirror with components on different cables (and also different controllers, if possible). Or even on different PCs. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way.
Re: Bridging again
Op dinsdag 26 september 2006 12:04, schreef Gergo Szakal: No, I never had to explicitly allow ICMP on any of my firewalls, because stateful filtering takes care of internet connection messaging protocol as well. I only had to explicitly allow echo requests and echo replies. Otherwise I would have allowed ICMP. I would definately allow ICMP, because ICMP is just necessary. If you don't want ping to work, just disallow icmp echo and reply. Cheers, Emiel -- Don't speak about Time, until you have spoken to him. pgpzTM96fAFSi.pgp Description: PGP signature
Heads up: no more 1.4 binary package
Hi all, since Justin announced it already, I can also make it public. I won't do anymore public package builds for DragonFly 1.4. I'm working on a setup which allows me to do HEAD builds as well, but that will need some more time. But from 2006Q3 on, you will find at least 1.6 release binaries for pkgsrc-current and updated between those builds for pkgsrc-stable. Joerg
Re: Bridging again
Emiel Kollof wrote: I would definately allow ICMP, because ICMP is just necessary. If you don't want ping to work, just disallow icmp echo and reply. Again: that config works on OpenBSD 3.8, just we cannot ping, but other ICMP works. This is from the PF users' guide: 'Another advantage of keeping state is that corresponding ICMP traffic will be passed through the firewall. For example, if keep state is specified for a TCP connection and an ICMP source-quench message referring to this TCP connection arrives, it will be matched to the appropriate state entry and passed through the firewall.' http://www.openbsd.org/faq/pf/filter.html
Re: Heads up: no more 1.4 binary package
:On Tue, September 26, 2006 9:05 am, Joerg Sonnenberger wrote: : Hi all, : since Justin announced it already, I can also make it public. : I won't do anymore public package builds for DragonFly 1.4. : I'm working on a setup which allows me to do HEAD builds as well, but : that will need some more time. But from 2006Q3 on, you will find at : least 1.6 release binaries for pkgsrc-current and updated between those : builds for pkgsrc-stable. : :Would there be any objection to setting PKG_PATH to the appropriate :location in each release, as part of the installation? I like the idea, but only if we can set it to a DNS CNAME within dragonflybsd.org. -Matt Matthew Dillon [EMAIL PROTECTED]
Re: Bridging again
Emiel, I tried your idea and that one does not work either.
Re: How to disable the boot0 menu?
Thomas Schlesinger wrote: Hi. I've installed only DFly on my notebook as the onliest OS, so I have no need for the boot0 menu. I've tried to minimize the time it's appearing by doing a boot0cfg -s 1 -t 1 ad0 (-t 0 didn't work). -t is the number of ticks and there should be circa 18.2 ticks per second, according to the handbook, but with -t 1 the boot0 menu appears longer. I there a way to disable the appearance of the boot0 menu completely? Thanks, Thomas So basically, you want to get rid of BootEasy (the boot manager that prompts you for an OS), right? I may have done this before on DragonFlyBSD, or maybe I'm thinking of FreeBSD. Honestly, I can't say for sure I did it under DrgaonFlyBSD but I might have. I just can't remember since all these BSD's are starting to become one in my head. Anyway, I can say for sure that I have done it in FreeBSD but it was a lng time ago. Here's a link to the information that I used to do it in FreeBSD: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/boot-blocks.html If I remember correctly, I used boot1 instead of boot0 on the MBR. I don't know if this will work with DragonFlyBSD. Maybe someone can chime in with more in-depth knowledge of DragonFlyBSD's bootloader and let us know if this won't hose the boot-up process. Good luck, and remember this could make your system not boot. Don't shoot me if it screws up. ;) Joey
Re: Bridging again
I think I fixed it. Here is the relevant config piece:
-
int_if=sk1
ext_if=sk0
tcp_opts=flags S/SA modulate state
# omitting previously mentioned config options
# default block policy
block in log all
block out log all
# we just don't give a fuck here:
pass quick on {$int_if,lo0,bridge0} all
##
# otubound 'filtering'
#
pass in log quick on $ext_if proto tcp from intnet to any keep state
pass in log quick on $ext_if proto udp from intnet to any keep state
# inbound ports' opening
# ssh
pass out log quick on $ext_if proto tcp from any to intnet port 22
keep state
-
This testconfig works. What were the errors?
- it does not like the merged $tcp_opts somehow
- the directions are reversed somehow, I can recall having the same
issues with OpenBSD 3.7. Need to physically (cables) or logically (pf
and rc.conf) reverse the directions. :-)
I think both issues are caused by having an outdated pf in DF. I know
it's in the works, so please do not consider this as a demanding statement.
Thanks for the hints, guys. Good ol' RTFM helped me, so did 'tcpdump
-nettt -i pflog0'.
:-)
Re: How to disable the boot0 menu?
Justin C. Sherrill wrote: On Tue, September 26, 2006 2:59 pm, Thomas Schlesinger wrote: I there a way to disable the appearance of the boot0 menu completely? 'fdisk -B ad0' or maybe 'boot0cfg -B -b /boot/mbr' or maybe If you have a Windows boot floppy, boot from that and type 'fdisk /mbr'. I have not tried any of these recently, so it may mangle your entire drive... Showing my age, roots, or something no longer in vogue Finding the binary and replacing it with the op-code for a 'noop', 'return' or 'jump' (to the next module) used to work wonders... S'pose these days they are hash fingerprinted or such tho'... And I've long since given up memorizing op codes... 'Too many architetcures, too little time.' Bill
Re: How to disable the boot0 menu?
:The boot0 menu is run from /boot/loader.rc. You can pretty much :do whatever you want there... in the forth language :-) : :It is also possible to bypass the forth loader entirely by :modifying /boot.config (the boot2 config file). By default boot2 :runs /boot/loader but you can give it a different command to run :in /boot.config. I'm not entirely sure of the format, it might just :be the path to the program to load and options, e.g. '/kernel', or it :might not. If you screw up you might have to boot from the live CD :to get back in and fix it. Oops, I'm sorry I misspoke. I meant the boot2 menu. People have already posted how to get rid of the boot0 menu. However, I recommend against it. Having the prompts there give you a safety valve to boot a backup kernel or boot into single-user mode if you blow something up. -Matt Matthew Dillon [EMAIL PROTECTED]
Re: How to disable the boot0 menu?
Justin C. Sherrill wrote: On Tue, September 26, 2006 2:59 pm, Thomas Schlesinger wrote: I there a way to disable the appearance of the boot0 menu completely? 'fdisk -B ad0' +5 correct I have not tried any of these recently, so it may mangle your entire drive... or make your mouse plushy. just do the occasional dd if=/dev/ad0 count=1 of=mbr.backup cheers simon -- Serve - BSD +++ RENT this banner advert +++ASCII Ribbon /\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \ signature.asc Description: OpenPGP digital signature
