RE: What ports need to be open on a firewall to allow cvsup?
Hi For a stateful firewall: check-state allow tcp from my-server to outside-mirror cvsup setup keep-state Non stateful firewall: allow tcp from any to any established allow tcp from my-server to outside-cvsmirrror cvsup setup The port number for cvsup according to /etc/services is 5999(tcp) Hope it helps Peut -Original Message- From: stan [mailto:[EMAIL PROTECTED] Sent: 07 August 2003 03:04 To: Free BSD Questions list Subject: What ports need to be open on a firewall to allow cvsup? The company I work for is implementing a new firewall, and there is some posibilty I might be able to get the apropriate ports to cvsup my FreeBSD machines open. Assuming pasive mode cvsup, what ports would I need open? -- They that would give up essential liberty for temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: firewall
Yes, you can use just and normal file with the ipfw rules in it. E.g: /etc/myipfw.rules a a a f a t a via lo0 a deny a f a t 127.0.0.1/8 a deny a f 127.0.0.1/8 t a And in your /etc/rc.conf file you have: firewall_type=/etc/myipfw.rules You can add and delete rules on the command line untill you'r happy. Then change your rules by editing the file, and when your done and happy with your new rules you can reload them into the firewall over a remote link with the following command: # ipfw -f flush; ipfw /etc/myipfw.rules The '' starts it as a background process to prevent it from being killed when your shell closes because of the connection being terminated by the 'ipfw -f flush' command. The firewall will reload the new rules and you can connect to the box again, having the same effect as rebooting the box and loading the new firewall rules from the config file. Hope it helps Peut -Original Message- From: Ryan Thompson [mailto:[EMAIL PROTECTED] Sent: 15 July 2003 10:20 To: K Anderson Cc: RYAN vAN GINNEKEN; [EMAIL PROTECTED] Subject: Re: firewall K Anderson wrote to RYAN vAN GINNEKEN: ipfw isn't some sort of daemon to be stopped and started. If you want to add rules, delete rules or what ever then you just do it. Yes, unless you're doing this over a network, in which case you want to make sure you don't break connectivity with an intermediate rule. Take a look at the script in /etc/rc.firewalls and you'll see that's all they are doing. so your firewall file should be a shell script. Even if you do man ipfw you'll see that in no way does ipfw accept a file name as an arguemnt. Pretty simple eh? While you can write a shell script to call firewall rules (in the style of /etc/rc.firewall), you're wrong in your subsequent assertion; ipfw *does* accept a pathname to a file which, according to ipfw(8): To ease configuration, rules can be put into a file which is processed using ipfw as shown in the first synopsis line. An absolute pathname must be used. The file will be read line by line and applied as argu- ments to the ipfw utility. And, actually, this is pretty darn convenient, especially in conjunction with firewall_type=/path/to/ruleset in rc.conf, once you have tested the ruleset, of course. :-) - Ryan -- Ryan Thompson [EMAIL PROTECTED] SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: passwd
Here is a list of libraries and files accessed by passwd from ktrace: Exec: /sbin/passwd /bin/passwd /usr/sbin/passwd Libraries: /usr/libexec/ld-elf.so.1 /usr/lib/libcrypt.so.2 /usr/lib/librpcsvc.so.2 /usr/lib/libutil.so.3 /usr/lib/libc.so.4 Files: /etc/malloc.conf /etc/spwd.db /etc/login.conf /etc/login.conf.db /etc/auth.conf /etc/master.passwd /etc/localtime Devices: /dev/tty /dev/urandom Enjoy... Peut -Original Message- From: Mark Redding [mailto:[EMAIL PROTECTED] Sent: 06 June 2003 02:53 To: [EMAIL PROTECTED] Subject: Re: passwd #snip# passwd needs to run setuid root, so it can write the new password to /etc/master.passwd: [homer: danielby: ~]$ ls -l `which passwd` -r-sr-xr-x 2 root wheel 32824 19 May 11:04 /usr/bin/passwd* You need to re-enable the setuid bit. #end-snip# That's not it I'm afraid. The setuid bit was set anyway, and anyway, users who are members of the wheel group can execute the passwd command without trouble (I've only switched off 'other' access). :-( = Mark W J Redding __ Yahoo! Plus - For a better Internet experience http://uk.promotions.yahoo.com/yplus/yoffer.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Can you copy freebsd from one of my present machine and loaditto a new
You can use dd to make a copy of your disc to another disc (the easiest way is to slot the other disc into your current machine), then slot that disc back into your backup machine and bootup as always (given your backup server has more or less the same HW configuration, especially the type of NIC's etc., else you will need to modify your config accordingly) To copy your current system to CDR wouldn't work since the system needs a writable filesystem to bootup in normal (multi user) mode. To accomplish this with a CD you'll need to twist and tweak things. Hope this Helps Peut -Original Message- From: Matt Heath [mailto:[EMAIL PROTECTED] Sent: 03 June 2003 12:53 To: [EMAIL PROTECTED] Subject: Re: Can you copy freebsd from one of my present machine and loadit to a new DanB wrote: Can you copy freebsd and its configuration from one of my present machine and load it to a new machine so I can do some repairs on it. Maybe copy to a CDR and boot from that. Dan sure, for $500 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]