Re: a GOOD idea to harden OpenSSH!

On Tue, Apr 19, 2011 at 11:56:51AM +0200, Peter N. M. Hansteen wrote: Alexander Schrijver alexander.schrij...@gmail.com writes: I think it's a bad idea to disable ssh login while someone is bruteforcing your account. (...) industrial-scale password guessing (...) If you allow

Re: syslog and interfaces

On Tue, Apr 19, 2011 at 09:08:52AM +, Julien Dyie wrote: Hi, after the reading of syslog.conf (5) and syslogd (8), I can't find how to disable syslog's listening on specifical interfaces. syslogd always opens a UDP port, but it silently drops all traffic unless you pass the -u option. Yes,

Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8

On Tue, Apr 19, 2011 at 12:00 PM, Indunil Jayasooriya induni...@gmail.com wrote: many thanks. I got it working. I changed from http_port 3129 intercept to http_port 127.0.0.1:3129 intercept in squid.conf file. Here's the rule in pf.conf pass in log on $int_if proto tcp from $lan_net to

Re: Building from the source -Current

* Insan Praja SW insan.pr...@gmail.com [2011-04-19 21:50]: Hi Misc@, Tried to build kernel from the source but something like this; $ sudo config GENERIC.MP Don't forget to run make depend Kernel options have changed -- you must run make clean $ cd ../compile/GENERIC.MP/ $ sudo make clean

Re: Citrix ICAclient hangs whole PC with latest i386 PC

Sorry, still same issue as yesterday even with latest sources so I can't build new kernel. I tried make clean make depend make too even as make depend is not needed anymore, but just to be sure. ERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET

Re: CARP compatibility

Router 2 carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 carp: INIT carpdev none vhid 2 advbase 1 advskew 0 groups: carp This mightily looks like some other interface is trying to use the same IP-address (the 00:00:00:00:00:00 hints at that). In

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

On Tue, Apr 19, 2011 at 08:11:10PM +, Miod Vallat wrote: The OpenBSD project does not receive any proceeds from tshirt, posters, doll or book sales. In any case, the OpenBSD project receives more money from the sale of one CD set than from the sale of one clothing attire, due to

Re: 4.7 ospfd FIB/RIB synchronization

you might be able to upgrade your passive firewall to 4.9 next to the active 4.7 one. it looks like the protocol stayed the same so they should be able to talk to each other. however, it looks like bulk updates were broken in 4.7, which would explain your failover problems. you can work around

En Abril nuestras Bases de Datos al 2 x 1 (ID:243807)

Me interesa la promocisn de todo al 2 x 1... dar click aqum Una base de datos es determinante para el ixito de un negocio. Durante Abril todas nuestras bases de datos al 2 x 1 Hola: Durante el mes de Abril todas nuestras bases de Datos al 2 x 1. En la compra de una se lleva otra de igual o

Re: OpenBSD-Wiki.org

e( 2011e944f19f%ffd:oWayne Oliver wayn0...@gmail.com ei
o -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 18 Apr 2011, at 5:22 PM, Kenny wrote: Due to an circumstances beyond my control, I'm not longer able to host / maintain /work with OpenBSD-Wiki.org. I was in the process

Re: CARP compatibility

* Marcus M|lb|sch muelbue...@as-infodienste.de [2011-04-20 13:34]: Router 2 carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 carp: INIT carpdev none vhid 2 advbase 1 advskew 0 groups: carp This mightily looks like some other interface is trying

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

* Stuart VanZee stua...@datalinesys.com [2011-04-20 14:12]: I hang out in the most red-neck hick places. They would likely try to put the cd in the juke box and would get mad that it didn't play. You should see them look at the OpenBSD shirts that I wear there occasionally. I think they

Re: 4.7 ospfd FIB/RIB synchronization

On Wed, Apr 20, 2011 at 4:22 AM, David Gwynne l...@animata.net wrote: you might be able to upgrade your passive firewall to 4.9 next to the active 4.7 one. it looks like the protocol stayed the same so they should be able to talk to each other. This would seem to be the case. This

About destroying tunX ifaces with ifconfig and ppp.linkdown

There is any differences in do (when I connect to my isp via modem): pkill ppp or ifconfig tun0 destroy my real doubt it's that I need to know if the ppp.linkdown it's executed in the second case.

Re: Citrix ICAclient hangs whole PC with latest i386 PC

On Mon, Apr 18, 2011 at 4:57 PM, Paul Irofti p...@irofti.net wrote: Try this, let me know what happens. Index: linux_exec.c === RCS file: /cvs/src/sys/compat/linux/linux_exec.c,v retrieving revision 1.33 diff -u -p -r1.33

Re: 4.7 ospfd FIB/RIB synchronization

On 20/04/2011, at 11:08 PM, Jonathan Lassoff wrote: On Wed, Apr 20, 2011 at 4:22 AM, David Gwynne l...@animata.net wrote: you might be able to upgrade your passive firewall to 4.9 next to the active 4.7 one. it looks like the protocol stayed the same so they should be able to talk to each

Re: syslog and interfaces

On Tue, Apr 19, 2011 at 09:08:52AM +, Julien Dyie wrote: Hi, after the reading of syslog.conf (5) and syslogd (8), I can't find how to disable syslog's listening on specifical interfaces. syslogd always opens a UDP port, but it silently drops all traffic unless you pass the -u

Re: Citrix ICAclient hangs whole PC with latest i386 PC

You have to rm -rf the kernel directory I always do it. The # is always 0 in my case if I build it. rm -rf /usr/src/sys/arch/YOUR_ARCH/compile/GENERIC{.MP} On Wed, Apr 20, 2011 at 5:26 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Sorry, still same issue as yesterday even with latest

Re: Citrix ICAclient hangs whole PC with latest i386 PC

I've done that of course, but it was still complaining during make phase about something in vfs code (see previous posts from me). After rm -rf /usr/src and complete new checkout from AnonCVS I was able to continue. On Wed, Apr 20, 2011 at 4:30 PM, Amit Kulkarni amitk...@gmail.com wrote: You

Re: Citrix ICAclient hangs whole PC with latest i386 PC

That happens sometimes :) good luck. PS: my src was messed somewhat so that's why I was not able to build kernel properly

Routing all traffic through IPSEC VPN

Hello @misc I seem to still be having some problems but I have made progress. The branch office cannot get out to the internet at large which I think may be a NAT problem. At least, when changing the default route on the branch office, I don't lose connectivity to it. On the branch office,

dd command on a compact flash

Hi, I prepared a file : disk.image(4GB sectors as my compact flash) ... doing it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. (I followed this : http://glozer.net/soekris/cf-install.html) disk.image contain OpenBSD system 4.8-stable Now i want to put it on my compact flash

issues with acer aspire one

I've always wanted a netbook for OpenBSD. The form factor reminds me of the TS1000, my first computer. I picked up this refurbished Acer Aspire One (D255-1268) for just $229, and have 7 days (5 more now) to return it to the store. So far it's running OpenBSD pretty well, but I found some issues

La vostra carta bancaria e stata bloccata.

Carta bancaria bloccata, Per garantirti la massima sicurezza e prevenirne l'uso fraudolento durante i pagamenti on-line questa carta bancaria e stata bloccata per ulteriori acquisti con Verified by Visa e MasterCard SecureCode, ed in tutti gli sportello elettronico. Per riabilitare la tua carta

PROMOS PRINTEMPS BIGBILLOU.FR

Si la newsletter ne s'affiche pas correctement sur votre C)cran allez C cette adresse: http://www.dhinformatique.fr/mailing/bigbillou_08042011/bigbillou_08042011.ph p?email=misc@openbsd.org si vous ne souhaitez plus recevoir de message de BIGBILLOU.FR allez C cette adresse:

Re: dd command on a compact flash

On Apr 20 20:48:58, OpenBSD Geek wrote: Hi, I prepared a file : disk.image(4GB sectors as my compact flash) ... doing it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. (I followed this : http://glozer.net/soekris/cf-install.html) disk.image contain OpenBSD system

Re: dd command on a compact flash

Use a larger block size. On Apr 20, 2011, at 12:48 PM, OpenBSD Geek open...@e-solutions.re wrote: Hi, I prepared a file : disk.image(4GB sectors as my compact flash) ... doing it using dd/vnconfig/fdisk/disklabel/newfs/instalboot steps. (I followed this :

Re: /dev/pf permission for squid 3.2.0.6 on openbsd 4.8

On 2011-04-20, Indunil Jayasooriya induni...@gmail.com wrote: On Tue, Apr 19, 2011 at 12:00 PM, Indunil Jayasooriya induni...@gmail.com wrote: many thanks. I got it working. I changed from http_port 3129 intercept to http_port 127.0.0.1:3129 intercept in squid.conf file. Here's the rule in

authpf and google authenticator

I have used authpf sucessfully and was wondering if it is possible to use authpf with the google authenticator to add one time passwords. Has anyone done this?

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

On 2011-04-19 16.27, Theo de Raadt wrote: Income: The direct income from sales (Computer Shop (primarily) + distributors) - Keeps the electrons flowing - Keeps me from taking that cushy Microsoft job Donations: The OpenBSD Foundation - Funds the big

Re: Updating 'Release' with packaged Security Fixes

... there are file sets for -stable releases available www.openbsd-stable.org. It's not an official part of OpenBSD, so it's up to you to trust those files or not. Thank you for pointing me to this option. I understand from Marco Peereboom's reply that they are open for additional help in

Howto set an IPv6 route?

Hello, I tried: route add -inet6 2a00:1ff8:101::/48 2a00:1ff8:102:ac01::1 and got: route: 2a00:1ff8:101::/48: bad value I do not understand, what is wrong with that net? Can anyone give me a hint? Roger.

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

When ordering a CD it lets you tack on a donation. Call it 20 CDs and tax life is good. - or - Order 20 CDs, give 19 away. Not very hard... On Thu, Apr 21, 2011 at 02:07:20AM +0200, Benny Lofgren wrote: On 2011-04-19 16.27, Theo de Raadt wrote: Income: The direct income from sales

Re: Howto set an IPv6 route?

route add -inet6 2a00:1ff8:101:: -prefixlen 48 2a00:1ff8:102:ac01::1 Have a look at /etc/netstart for some guidance On 21/04/2011 9:57 AM, Roger Schreiter wrote: Hello, I tried: route add -inet6 2a00:1ff8:101::/48 2a00:1ff8:102:ac01::1 and got: route: 2a00:1ff8:101::/48: bad value I do

Re: Howto set an IPv6 route?

pbr I think I see what is happening here. You have the prefix wrong. Try using /64brbr/p pSent from Yahoo! Mail on Android/p

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

On 2011-04-21 02.51, Marco Peereboom wrote: When ordering a CD it lets you tack on a donation. Call it 20 CDs and tax life is good. Yes I know, but as I tried to explain it doesn't help me if the receipt says donation or anything like it. You clearly don't know my accountant... :-) A simple

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

Theo, Please don't take this offensively as it touches a sensitive area. Benny's proposal is good! License the CD's as 10, 50, 100 user license set, exactly like you do for the old CDs which are $500+. This way OpenBSD taps into the commercial market. Commercial users buy the commercial CDs.

Re: issues with acer aspire one (now tested with -current)

A couple listers suggested trying -current, so here it is again on a 4.9 snapshot dated 201104119 (summary: no change, all issues still present) 1. screen blacks out during boot Still blacks out, but the location changed. This is the last line I see before

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

It isn't a good idea. jdixon tried, got exactly 0 responses. Really the horse is dead. Very very very dead. On Wed, Apr 20, 2011 at 07:54:52PM -0500, Amit Kulkarni wrote: Theo, Please don't take this offensively as it touches a sensitive area. Benny's proposal is good! License the CD's

Re: Like OpenBSD? Like to see new stuff happening? You really need to order a CD today :)

Please don't take this offensively as it touches a sensitive area. Right. We should not be offended when you say You are not getting any sales because you don't do enough. Do more. Benny's proposal is good! License the CD's as 10, 50, 100 user license set, exactly like you do for the old

Compiling OpenBSD source in order to get the customized 'uname' version.

Hi All, I have a plan to do some testing to compile and build release of OpenBSD from the source code. My question is which part of the source code do I need to modify in order to get and use the my own and customized 'uname' (eg: TestBSD)? # uname -a TestBSD server.lab.com 1.0-RELEASE

Re: Compiling OpenBSD source in order to get the customized 'uname' version.

On 04/20/11 22:33, Stefan N wrote: Hi All, I have a plan to do some testing to compile and build release of OpenBSD from the source code. My question is which part of the source code do I need to modify in order to get and use the my own and customized 'uname' (eg: TestBSD)? # uname -a TestBSD

any working example of IPv6 /etc/hostname.carpXXX ?

Dear Sirs, I need to configure ipv6 over carp interface. It seems that carp doesn't like things in one line ifconfig carp470 vhid 70 pass xxx carpdev vlan470 advskew 20 inet6 2a00:1a70:80:470::2 prefixlen 128 it says something wrong about ipv6. don't have any idea why. so, one-line config for

Re: dd command on a compact flash

Hi I think dd is not a good solution for you. I suggest you visiting this link. http://www.nmedia.net/flashdist/flashdist-20090216.tar.gz flashdist.sh and growimg.sh in this package are very very usefull for you. you can write your new script ;) You should read and save partition table Then