failure of libGL to compile on 9.2-PRERELEASE
i'm having trouble compiling libGL on 9.2-PRERELEASE using portmaster. firefox requires it. here's how the compile log file that i created ends: gmake[3]: Nothing to be done for `default'. gmake[3]: Leaving directory `/usr/ports/graphics/libGL/work/Mesa-8.0.5/src/mesa/x86' cc -c -o main/api_exec_es1.o main/api_exec_es1.c -DFEATURE_GL=1 -DHAVE_POSIX_MEMALIGN -DUSE_XCB -DGLX_INDIRECT_RENDERING -DGLX_DIRECT_RENDERING -DPTHREADS -DUSE_EXTERNAL_DXTN_LIB=1 -DIN_DRI_DRIVER -DHAVE_ALIAS -I../../include -I../../src/glsl -I../../src/mesa -I../../src/mapi -I../../src/gallium/include -I../../src/gallium/auxiliary -I/usr/local/include -O2 -pipe -fno-strict-aliasing -Wall -Wmiss ing-prototypes -std=c99 -fno-strict-aliasing -fno-builtin-memcmp -O2 -pipe -fno-strict-aliasing -fPIC -DUSE_X86_ASM -DUSE_MMX_ASM -DUSE_3DNOW_ASM -DUSE_SSE_ASM -fvisibility=hidden python2 -t -O -O ../../src/mapi/glapi/gen/gl_table.py -f ../../src/mapi/glapi/gen/gl_and_es_API.xml -m remap_table -c es2 main/api_exec_es2_dispatch.h gmake[2]: Leaving directory `/usr/ports/graphics/libGL/work/Mesa-8.0.5/src/mesa' gmake[1]: Leaving directory `/usr/ports/graphics/libGL/work/Mesa-8.0.5/src' *** [do-build] Error code 1 Stop in /usr/ports/graphics/libGL. i'm not clear exactly what the error is nor, therefore, how to correct it, nor how to work around it. suggestions, please. david coder daco...@dcoder.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Thousands of ssh probes
+++ Erik Norgaard [06/03/10 02:44 +0100]: On 05/03/10 13:54, John wrote: My nightly security logs have thousands upon thousands of ssh probes in them. One day, over 6500. This is enough that I can actually feel it in my network performance. Other than changing ssh to a non-standard port - is there a way to deal with these? Every day, they originate from several different IP addresses, so I can't just put in a static firewall rule. Is there a way to get ssh to quit responding to a port or a way to generate a dynamic pf rule in cases like this? This is a frequent question on the list, search the archives. Basically there are few things that you can do: 1. limit the access to a range of IPs, for example, even if you travel a lot you go to al limited number of countries, why permit access from other continents? 2. limit access to certain users, there is no need to allow games or root user to authenticate via ssh. Use AllowUsers or AllowGroups to restrict access to real users. 3. limit the amount of concurrent non-authenticated connections, number of failed attempts and similar. 4. prohibit password authentication. If the problem is that these attacks consume significant bandwidth then moving your service to a different port may be a good solution, but if your concern is security, then the above is more effective. BR, Erik -- Erik Nørgaard Ph: +34.666334818/+34.915211157 http://www.locolomo.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- has anybody suggested having sshd listen on a high port? regards, david coder network engineer emeritus, verio/ntt telluride, co washington, dc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
need network printer printcap example
has anybody got an example of a printcap file w/ an entry for a standalone network printer? i'd be grateful for one. thx. david coder network engineer emeritus ntt/verio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
puzzling ipnat behavior
i've asked this question before, but i must have been unclear. i hope this is better: i'm puzzled by how ipnat works, particularly by the fact that when the ip's on an inside nic are mapped to the ip on my outside nic, i have to configure ipfilter to allow any ip that might hit the outside nic access to the ip's on the inside nic. so, where wpi0 is the outside nic the 1st /24 in 10.0.0.0 contains the ip of the inside nic everything behind it: ipnat.rules: allow wpi0 10.0.0.0/24 - ip on outside nic/32 ipf.rules:pass in quick from any to 10.0.0.0/24 i should have thought that since everything coming from outside to 10.0.0.0/24 is addressed to the ip on outside nic this would be sufficient: pass in quick from ip on outside nic to 10.0.0.0/24 but it isn't. what's wrong w/ my thinking? why isn't this rule a security hazard? david coder network engineer emeritus ntt/verio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ipfilter, ipnat, and if driver ath: what's just changed?
updating my system friday from the feb 7 version of 7.1 to the latest broke tcp and udp (but *not* icmp) over ipnat, which had worked forever with my current ipfilter rules and ipnat mapping rules, which are pretty simple. what has changed? /etc/ipnat.rules: map age0 10.0.0.0/24 - external ip/32 @ the top of /etc/ipf.rules: pass out quick on age0 proto tcp/udp from any to any keep state keep frags pass out quick on age0 proto icmp from any to any keep state keep frags that used to work. now it doesn't, witness ipmon: 01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 - 10.0.0.253,2914 PR tcp len 20 48 -AS IN NAT what's changed? ipf? ipnat? age? am i using an obsolete therefore unworkable set of ipfilter rules? icmp still works, btw. i'd be grateful for any help. thx. david coder network engineer emeritus ntt/verio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ipfilter, ipnat, and if driver ath [should have been age]: what's just changed?
+++ dacoder [01/03/09 13:17 -0500]: updating my system friday from the feb 7 version of 7.1 to the latest broke tcp and udp (but *not* icmp) over ipnat, which had worked forever with my current ipfilter rules and ipnat mapping rules, which are pretty simple. what has changed? /etc/ipnat.rules: map age0 10.0.0.0/24 - external ip/32 @ the top of /etc/ipf.rules: pass out quick on age0 proto tcp/udp from any to any keep state keep frags pass out quick on age0 proto icmp from any to any keep state keep frags that used to work. now it doesn't, witness ipmon: 01/03/2009 13:07:46.274707 age0 @0:28 b 74.125.93.102,80 - 10.0.0.253,2914 PR tcp len 20 48 -AS IN NAT what's changed? ipf? ipnat? age? am i using an obsolete therefore unworkable set of ipfilter rules? icmp still works, btw. i'd be grateful for any help. thx. david coder network engineer emeritus ntt/verio ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org i meant, of course, age, not ath in my subject line. sorry for the confusion. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
usb port use causes kernel panic on boot. why?
can someone explain to me, please, why i get a kernel panic on boot w/ the latest 7.1 when i have something plugged into a usb port? thx. david coder network engineer emeritus verio/ntt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
circular link /us/share/locale/nb_NO.UTF-8/LC_TIME -- ../nb_NO.UTF-8/LC_TIME
make installworld on 7.1-PRERELEASE had been failing for me on: install /us/share/locale/nb_NO.UTF-8/LC_TIME w/ the error message: Too many levels of symbolic links until i removed the link: /us/share/locale/nb_NO.UTF-8/LC_TIME -- ../nb_NO.UTF-8/LC_TIME anybody know how that circular link got in there to begin with? thx. david coder ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
