praudit after work leaves /dev/auditpipeX files.
Hi all. I run command praudit /dev/auditpipe and watch its output to the console, and i stop the praudit, but /dev/auditpipeX files remain. I have not found a way how to remove the files /dev/auditpipeX - only to rebooted. Is it a bug? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Creating kernel distribution from sources
Hi All,
I've generated a DVD iso and imported it into a provisioning platform.
After this integration, a decision was made to rebuild the kernel
with an option enabled. As opposed to executing a full `make
release`, I just want to build the kernel distribution. In reading
the manpage, it looks like I can just run `make release.3 make
release.5 make release.6` to accomplish this. Is this correct?
Would the resulting files be installed in ${CHROOTDIR}/R?
--
Take care
Rick Miller
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Creating kernel distribution from sources
On Sep 24, 2012, at 6:03 AM, Rick Miller wrote:
Hi All,
I've generated a DVD iso and imported it into a provisioning platform.
After this integration, a decision was made to rebuild the kernel
with an option enabled. As opposed to executing a full `make
release`, I just want to build the kernel distribution. In reading
the manpage, it looks like I can just run `make release.3 make
release.5 make release.6` to accomplish this. Is this correct?
Would the resulting files be installed in ${CHROOTDIR}/R?
Almost! Don't forget you need to first remove the target files created by each
of those targets.
In example:
rm -f /usr/release/usr/obj/usr/src/release/release.{3,5,6}
make release.{3,5,6}
Yes, the resulting files will be in (by default) /usr/release/R
--
Devin
_
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
question for ipfw2 experts
Hello, I have removed all references of OpenBSD Packet Filter from my kernel and have just completed my first (excluding some experimentation back a decade ago) configuration of ipfw2. At the moment, FreeBSD -current is building world and the applicable /etc/rc.conf entries are like this: firewall_enable=YES firewall_script=/etc/rc.firewall.myFile firewall_quiet=NO firewall_logging=YES firewall_nat_enable=NO The kernel modifications are as follows: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=5 options DUMMYNET - my configuration file for ipfw2: // BEGIN #!/bin/sh ipfw -q flush // MACROS block_tcp_in=2869,5355,commplex\\-main,loc\\-srv block_udp_in=1900,3544,5355,dhcp6\\-client,dhcp6\\-server,netbios\\-ns block_tcp_out=2869,bootpc,commplex\\-main,loc\\-srv block_udp_out=1900,3544,netbios\\-ns eif=anyIF cmd=ipfw -q add ks=keep-state icmp6_types=1,2,128,129,135,136 local4=this4address local6=this6address localnet=thisNet/mask localnet6=prefix::/prefixlen tcp4_svcs2628,ident tcp6_svcs=ident,ssh udp4_svcs=ntp,radacct,radius udp6_svcs=ntp,radacct,radius out_tcp4=49152-65535,domain,ftp,http,ident,smtp,smtps,ssh,svn out_udp4=33433-33636,49152-65535,domain,ntp out_udp6=33433-33636,49152-65535,domain,ntp out_tcp6=49152-65535,domain,ftp,http,ident,smtp,smtps,ssh,svn // TABLES // ipfw table 1 add 192.168.2.0/24 10.23.2.1 someNet.org // PASS EARLY, ANTISPOOF,CHECK-STATE, and FRAG REASSEMBLE $cmd 27 check-state $cmd 28 reass all from any to $local4 recv $eif $cmd 29 drop ip from any to $local4 not verrevpath recv $eif $cmd 30 drop ip from $local4 to any not versrcreach xmit $eif $cmd 31 pass all from any to any via lo0 $cmd 32 drop all from any to 127.0.0.0/8 recv $eif $cmd 33 drop all from 127.0.0.0/8 to any xmit $eif $cmd 34 drop all from any to ::1 recv $eif $cmd 35 drop all from ::1 to any xmit $eif $cmd 36 drop tcp from any to $local4 in recv $eif frag // $cmd 38 pass log ipv6-icmp from :: to ff02::/16 xmit $eif $cmd 39 pass log ipv6-icmp from fe80::/10 to fe80::/10 $cmd 40 pass log ipv6-icmp from fe80::/10 to ff02::/16 $cmd 41 pass log ipv6-icmp from any to any icmp6types $icmp6_types $cmd 42 unreach6 admin-prohib log ipv6-icmp // BLOCK EARLY # rfc 1918 private address $cmd 45 drop all from 192.168.0.0/16 to any xmit $eif $cmd 46 drop all to 192.168.0.0/16 from any recv $eif # rfc 1918 private address $cmd 48 drop all from 172.16.0.0/12 to any xmit $eif $cmd 49 drop all to 172.16.0.0/12 from any recv $eif # rfc 1918 private address $cmd 51 drop all from 10.0.0.0/8 to any xmit $eif $cmd 52 drop all to 10.0.0.0/8 from any recv $eif #dhcp auto-config $cmd 54 drop all from 169.254.0.0/16 to $local4 recv $eif $cmd 55 drop all to 169.254.0.0/16 from $local4 xmit $eif #reserved for docs $cmd 57 drop all from 192.0.2.0/24 to $local4 recv $eif $cmd 58 drop all from $local4 to 192.0.2.0/24 xmit $eif # sun cluster interconnect $cmd 60 drop all from 204.152.64.0/23 to $local4 recv $eif $cmd 61 drop all from $local4 to 204.152.64.0/23 xmit $eif # class d and e multicast $cmd 63 drop all from 224.0.0.0/3 to $local4 recv $eif $cmd 64 drop all from $local4 to 224.0.0.0/3 xmit $eif // PROTOCOLS DROPPED EARLY $cmd 66 drop udp from any to $local4 $block_udp_in $cmd 67 reset tcp from any to $local4 $block_tcp_in setup // PUBLIC INTERFACE ICMP $cmd 69 pass log icmp from $local4 to any out xmit $eif $ks $cmd 70 pass log icmp from any to $local4 in recv $eif icmptypes \ 8,3 $ks $cmd 71 drop log icmp from any to any // PUBLIC INTERFACE UDP $cmd 73 pass udp from $local4 to any $out_upd4 out xmit $eif $ks $cmd 74 pass udp from $localnet to $local4 $udp4_svcs in recv $eif // PUBLIC INTERFACE TCP $cmd 78 pass tcp from $local4 to any $out_tpc4 out xmit $eif setup \ $ks $cmd 79 pass tcp from $localnet6 to $local6 $tcp6_svcs recv $eif \ setup $ks $cmd 2000 allow ip6 from $localnet6 to $local6 ssh in recv $eif \ setup $ks #$cmd 4 allow tcp from any to $local4 80 in recv $eif setup limit \ src-addr 3 $cmd 5000 drop log tcp from any to any // DROP STATEMENT $cmd 65000 drop all // END Advice, hints, and criticism of my setup and ruleset are welcomed. - also: Can someone please send an exmaple of how to properly use tables? Can someone please expound about using IPv6 in the ruleset? An effort for potentially constructive criticism regarding the documentation- I noticed these points: - file that does not exist: /etc/rc.firewall6 Good that it does not exist, please remove it from the handbook. - statement about internal interfaces: In cases where one or more than one NICs are connected to a private LAN behind the firewall, those interfaces must have rules coded to allow free unmolested movement of packets originating from those LAN interfaces. Is this a fact? Today I am only dealing with one interface. If I wrote rules for both interfaces of a router would it actually not work? Kind regards, Darrel ___ freebsd-questions@freebsd.org mailing list
Re: praudit after work leaves /dev/auditpipeX files.
On 24 Sep 2012, at 09:36, Ivan Klymenko wrote: I run command praudit /dev/auditpipe and watch its output to the console, and i stop the praudit, but /dev/auditpipeX files remain. I have not found a way how to remove the files /dev/auditpipeX - only to rebooted. Hi Ivan: Cloning device nodes will garbage collect as a result of pressure from other device nodes being created, or possibly if system memory gets low. At some point we may transition to using a single device nodes with per-session state, supported as of FreeBSD 8.x if I recall, and patches have been circulated -- however, it should make no practical difference from a user perspective. So, in conclusion, no, not a bug, just a feature that might be surprising. Robert___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Wine-fbsd64 updated to 1.5.13 (32bit Wine for 64bit FreeBSD)
Hi, NOTICE: - fix: CUPS support should now work - fix: GNUTLS support should now work - CFT: with FreeBSD(-current) planning on switching to clang as default compiler (for world/kernel) could you please check if wine runs with a clang compiled world. Previous reports indicate wine (and libreoffice) didn't work with a clang libc however that may have been fixed. Please report for both success or failure and include `uname -a` and `clang --version`. Thanks Packages [1] for wine-fbsd64-1.5.13 have been uploaded to mediafire [2]. The packages for FreeBSD 10 use the pkgng [3] format. Please read the installation messages, if you use the nVidia graphics driver, for further information. Regards, David [1] MD5 (wine-1.5.x-freebsd8/wine-fbsd64-1.5.13,1.tbz) = fa31279a464b3ddb0074467899c3b57d MD5 (wine-1.5.x-freebsd9/wine-fbsd64-1.5.13,1.txz) = ff19bfbc987560fd8685879210c0bb5c MD5 (wine-1.5.x-freebsd10/wine-fbsd64-1.5.13,1.txz) = 6752cf8b20956e29910b2cf1fa3e3509 [2] http://www.mediafire.com/wine_fbsd64 [3] http://wiki.freebsd.org/pkgng signature.asc Description: This is a digitally signed message part.
PR 161548
Is there any specific reason that this PR: 161548 is still marked as open? o 2011/10/13 bin/161548 [patch] getent(1) inconsistent treatment of IPv6 host data -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: question for ipfw2 experts
On Mon, Sep 24, 2012 at 12:35 PM, Darrel levi...@iglou.com wrote:
Can someone please send an exmaple of how to properly use tables?
Quick, trivial example - this doesn't help you understand tableargs,
this is just efficiently to handle a very large list of sparse nets.
PEERS=/etc/ipfw/permitted_hosts.txt
cat $PEERS | awk '/^[1-9][0-9\.][0-9\.]*/ { print ipfw table 1 add, $1 }' | sh
$FW add 01000 check-state
[ a bunch of rules ]
$FW add 05000 allow tcp from table\(1\) to me 7514 in recv $OUTSIDE_IF
setup keep-state
$FW add 06000 deny tcp from any to me in recv $OUTSIDE_IF
Now, if you want to atomically change tables without altering
instantiated dynamic rules, you can use separate tables and swap
rulesets. You can use tableargs (the second parameter when adding an
entry to the table) as a rule number to skipto, or as a tag in
logging, etc.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Change in /etc/rc.d/namend script
Hi, Yesterday I upgraded my DNS server from 7.2 to 8.3 and has the unpleasant suprise to find that named would not restart after the upgrade. I think I traced it back to the new /etc/rc.d/named script. I am runing in named in a chrooted environment and it seems that with the new script the configuration file must exist in /etc/namedb as well as in /chroot/etc/namedb. Having to duplicate the configuration files to the not chrooted environment is something new. With the /etc/rc.d/named script 1.22.2.3.4.1 2008/10/02 that was not needed, and I don't see why it would be needed now. Is there a way to run the new startup script without duplicating (not even symlinking) the configuration? Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
misc/171937: Notebook Toshiba Satellite C850-B1K and problem with sound
Hi! Sorry for my bad English... Please help me to solve problem with sound in notebook Toshiba Satellite C850-B1K part number PSKCAR-00X00GRU (with latest pre-installed BIOS) and FreeBSD 9.1-RC1-i386. Works only beeper in console (if mixer igain 0), when I am press Backspace key at beginning of line, and works beep in XFCE 4.10 Exit menu. Music files are not played (zero time counter in xmms, when press File Play button ). May be incorrect sound system configured. I am try to use sysctl hw.snd.default_unit=1 but it did not help. On Win 7 Linux Mint 13 sound play fine out the box. Please, help me! PR N 171937 % dmesg | grep hda hdac0: Intel Panther Point HDA Controller mem 0x9251-0x92513fff irq 22 at device 27.0 on pci0 hdacc0: Realtek ALC269 HDA CODEC at cad 0 on hdac0 hdaa0: Realtek ALC269 Audio Function Group at nid 1 on hdacc0 pcm0: Realtek ALC269 (Analog 2.0+HP/2.0) at nid 20,21 and 24 on hdaa0 pcm1: Realtek ALC269 (Internal Analog Mic) at nid 18 on hdaa0 hdacc1: Intel Panther Point HDA CODEC at cad 3 on hdac0 hdaa1: Intel Panther Point Audio Function Group at nid 1 on hdacc1 pcm2: Intel Panther Point (HDMI/DP 8ch) at nid 7 on hdaa1 % mixer Mixer vol is currently set to 85:85 Mixer pcm is currently set to 100:100 Mixer speaker is currently set to 74:74 Mixer mic is currently set to 67:67 Mixer mix is currently set to 74:74 Mixer rec is currently set to 37:37 Mixer igain is currently set to 1:1 Mixer ogain is currently set to 100:100 Recording source: mic # kldstat Id Refs Address Size Name 1 1 0xc040 fd24dc kernel # cat /dev/sndstat FreeBSD Audio Driver (newpcm: 32bit 2009061500/i386) Installed devices: pcm0: Realtek ALC269 (Analog 2.0+HP/2.0) (play/rec) default pcm1: Realtek ALC269 (Internal Analog Mic) (rec) pcm2: Intel Panther Point (HDMI/DP 8ch) (play) # pciconf -lv | grep hda hdac0@pci0:0:27:0: class=0x040300 card=0xfb321179 chip=0x1e208086 rev=0x04 hdr=0x00 # sysctl hw.snd hw.snd.vpc_reset: 0 hw.snd.vpc_0db: 45 hw.snd.vpc_autoreset: 1 hw.snd.latency_profile: 1 hw.snd.latency: 5 hw.snd.report_soft_matrix: 1 hw.snd.report_soft_formats: 1 hw.snd.compat_linux_mmap: 0 hw.snd.feeder_eq_exact_rate: 0 hw.snd.feeder_eq_presets: PEQ:16000,0.2500,62,0.2500:-9,9,1.0:44100,48000,88200,96000,176400,192000 hw.snd.feeder_rate_quality: 1 hw.snd.feeder_rate_round: 25 hw.snd.feeder_rate_max: 2016000 hw.snd.feeder_rate_min: 1 hw.snd.feeder_rate_polyphase_max: 183040 hw.snd.feeder_rate_presets: 100:8:0.85 100:36:0.92 100:164:0.97 hw.snd.vpc_mixer_bypass: 1 hw.snd.verbose: 0 hw.snd.maxautovchans: 16 hw.snd.default_unit: 0 hw.snd.version: 2009061500/i386 hw.snd.default_auto: 0 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
