setting sysctl net.inet6.ip6.fw.deny.unknown.extension.headers off crashes R51
Hello List, Now using FreeBSD 6.0-STABLE. If I disable net.inet6.ip6.fw.deny_unknown_exthdrs, then Thinkpad R51 crashes. Has this been fixed in HEAD? using standard ip6fw allow from any to any rules... kldstat Id Refs AddressSize Name 1 16 0xc040 462e4c kernel 21 0xc0863000 1bd9cc w22n50_sys.ko 31 0xc0a21000 590d0acpi.ko 41 0xc26f2000 3000 fdescfs.ko 51 0xc26fe000 6000 linprocfs.ko 61 0xc2751000 15000linux.ko 71 0xc28a2000 3000 snp.ko 81 0xc2b4a000 5000 ip6fw.ko Routing tables Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%em0/64 link#1UC em0 fe80::211:25ff:fe82:95b5%em0 00:11:25:82:95:b5 UHL lo0 fe80::%lo0/64 fe80::1%lo0 U lo0 fe80::1%lo0 link#4UHL lo0 fe80::%vlan1/64 link#6UCvlan1 fe80::211:25ff:fe82:95b5%vlan100:11:25:82:95:b5 UHL lo0 fe80::%vlan2/64 link#7UCvlan2 fe80::211:25ff:fe82:95b5%vlan200:11:25:82:95:b5 UHL lo0 fe80::%vlan3/64 link#8UCvlan3 fe80::211:25ff:fe82:95b5%vlan300:11:25:82:95:b5 UHL lo0 fe80::%vlan4/64 link#9UCvlan4 fe80::211:25ff:fe82:95b5%vlan400:11:25:82:95:b5 UHL lo0 fe80::%vlan5/64 link#10 UCvlan5 fe80::211:25ff:fe82:95b5%vlan500:11:25:82:95:b5 UHL lo0 fe80::%wo0/64 link#14 UC wo0 fe80::209:5bff:fe54:82a5%wo0 00:09:5b:54:82:a5 UHL lo0 ff01:1::/32 link#1UC em0 ff01:4::/32 ::1 UC lo0 ff01:6::/32 link#6UCvlan1 ff01:7::/32 link#7UCvlan2 ff01:8::/32 link#8UCvlan3 ff01:9::/32 link#9UCvlan4 ff01:a::/32 link#10 UCvlan5 ff01:e::/32 link#14 UC wo0 ff02::%em0/32 link#1UC em0 ff02::%lo0/32 ::1 UC lo0 ff02::%vlan1/32 link#6UCvlan1 ff02::%vlan2/32 link#7UCvlan2 ff02::%vlan3/32 link#8UCvlan3 ff02::%vlan4/32 link#9UCvlan4 ff02::%vlan5/32 link#10 UCvlan5 ff02::%wo0/32 link#14 UC wo0 Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire 104link#14UC 00wo0 127.0.0.1 127.0.0.1 UH 02lo0 wo0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 104.129.0.63 netmask 0xff00 broadcast 104.255.255.255 inet6 fe80::209:5bff:fe54:82a5%wo0 prefixlen 64 scopeid 0xe ether 00:09:5b:54:82:a5 media: IEEE 802.11 Wireless Ethernet DS/11Mbps adhoc status: associated ssid olsr.freifunk.net channel 10 bssid 02:09:0b:66:82:a5 stationname foobar-e0 authmode OPEN privacy OFF txpowmax 100 bintval 100 net.wlan.debug had before set been to 1 then this causes the os to freeze: sysctl net.inet6.ip6.fw.deny_unknown_exthdrs1-0 any ideas? ip6fw show 00100407 10596 allow ipv6 from any to any 00200 0 0 allow log ipv6 from any to any 65535 43 1068 deny ipv6 from any to any greetz Wolfgang Lausenbart -- E7AC 1E9B 87D8 5BD2 E2F2 6F4A 3177 ED68 8185 480C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re:SSH root logins using public key only confusion
ref: http://lists.freebsd.org/pipermail/freebsd-questions/2005-August/095052.html With a default sshd_config but PermitRootLogin set to 'without-password' I find that root is still allowed to login with a user/pass what about turning PasswordAuthentication off? greetz wmiuser/u at netbeisser.de E7AC 1E9B 87D8 5BD2 E2F2 6F4A 3177 ED68 8185 480C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
cloning installed packages?
Hi List, I want to setup a FreeBSD 5.4 Server, which should have all packages, as an older 4.11 based Server. What is the best way of providing the same packages to as installed on the 4.11 based? Note that it must not be *exactly* the same :o) Is there any option to sysinstall/pkg_* to import a list of packages? Well, the ports collection might then be cvsupd'd... greetz wmiuser/u at netbeisser.de E7AC 1E9B 87D8 5BD2 E2F2 6F4A 3177 ED68 8185 480C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
little small patch for /etc/periodic/400.passwdless
Hello listreaders :-), maybe this has already be done. I posted it here, because I couldn't figure out where to send such little stuff... --- 400.passwdless.backup Wed Jun 29 19:21:24 2005 +++ 400.passwdless Wed Jun 29 19:22:10 2005 @@ -45,4 +45,16 @@ *) rc=0;; esac +#exit $rc + +case $daily_status_security_passwdless_enable in +#this needs to be defined first +#case $daily_status_security_pam_enable in +[Yy][Ee][Ss]) + echo + echo 'Checking for weak pam configuration:' + grep 'optional' /etc/pam.d/* | grep -v '#' | grep -v README;; + + *) rc=0;; +esac + exit $rc greetz and best regards wmiuser/u at netbeisser.de E7AC 1E9B 87D8 5BD2 E2F2 6F4A 3177 ED68 8185 480C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
matching tos 0x0 with ipfw2?
Hi List, I'am trying to match 0x0 (Normal Service) with ipfw iptos [TOS-Value] as far as I can see one can only use names to refer to, as reliabilty, congestion .. but the tag normal or normal-service does not exist. background is, that I want to stop nmap from scanning my radius server. Noticed that nmap sends with tos 0x0. shall I switch to pf now? best regards ; wmiuser/[EMAIL PROTECTED] -- E7AC 1E9B 87D8 5BD2 E2F2 6F4A 3177 ED68 8185 480C ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: vlan - pls help
Hi ann, as few/far as I know, you cannot ping from one vlan to another. thats the clue. you have to free the ports on the switch to allow trunking. I used this http://www.expresshosting.net/howto/VLAN-802.1q-Tagging-in-FreeBSD-For-Rate-Limiting-and-Firewalling.html howto, and could send vlan frames, but I am not sure if they are working. (no hardware yet) In the howto above a cisco device is configured. The em(4)driver is vlan capable, you should see something like VLAN_MTU next to UP,BROADCAST and so on. you should be capable to generate 8021.q Frames. btw. you used the same arp adresses. does this make sense? I asked that here: http://lists.freebsd.org/pipermail/freebsd-questions/2005-June/089833.html good look wmiuser/[EMAIL PROTECTED] --Nq2Wo0NMKNjxTN9z Content-Type: application/pgp-signature Content-Disposition: inline -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCqHSPMXftaIGFSAwRAgq8AJ0Yud3nbczrd1Wqx1CirlAoAnIsMQCdGxP1 UwCw49+xc3Qb+QM812ALVX4= =1llJ -END PGP SIGNATURE- --Nq2Wo0NMKNjxTN9z-- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]