Re: NPF ruleset not blocking IPs

2022-06-05 Thread Emile `iMil' Heitor 

On Fri, 3 Jun 2022, Emile `iMil' Heitor wrote:



As the rules in the ruleset are declared as "final", I presume the default
`pass all` is not reached, am I right?


So, no, I was wrong. Changing the order made the rules apply. I simply removed
the "external" group and inserted the ruleset before the pass all:

group default {
pass final on lo0 all
pass stateful out final all

ruleset "blacklistd"
block in final from 

pass all

block in family inet6 all
pass proto ipv6-icmp all
pass stateful in family inet6 proto tcp to any port $tcp_allowed
pass stateful in family inet6 proto udp to any port $udp_allowed
}



Emile `iMil' Heitor  | https://imil.net

Keybord seems to be attached to ttyE0 after wdm starts

2022-06-05 Thread BERTRAND Joël 
Hello,

My main server (Netbsd-9 from cvs tree) doesn't run X until yesterday
as I have to configure a new 4G modem (my DSL line is broken...). Thus,
I have configured Xorg, Windowmaker and wdm.

legendre:[/etc] > uname -a
NetBSD legendre.systella.fr 9.2_STABLE NetBSD 9.2_STABLE (CUSTOM) #11:
Thu Mar 31 11:43:25 CEST 2022
r...@legendre.systella.fr:/usr/src/netbsd-9/obj/sys/arch/amd64/compile/CUSTOM
amd64

In rc.conf, I have added wdm=YES and modified /etc/ttys and
/etc/wscons.conf to avoid "getty repeating too quickly" error in console:

legendre:[/etc] > cat ttys
#
#   from: @(#)ttys  5.1 (Berkeley) 4/17/89
#   $NetBSD: ttys,v 1.6 2012/06/13 20:49:12 martin Exp $
#
# name  getty   typestatus  comments
#
console "/usr/libexec/getty Pc" vt100   off secure
constty "/usr/libexec/getty Pc" vt100   off secure
ttyE0   "/usr/libexec/getty Pc" wsvt25  off secure
ttyE1   "/usr/libexec/getty Pc" wsvt25  on secure
ttyE2   "/usr/libexec/getty Pc" wsvt25  on secure
ttyE3   "/usr/libexec/getty Pc" wsvt25  on secure
tty00   "/usr/libexec/getty std.9600"   unknown off secure
tty01   "/usr/libexec/getty std.9600"   unknown off secure
tty02   "/usr/libexec/getty std.9600"   unknown off secure
tty03   "/usr/libexec/getty std.9600"   unknown off secure
tty04   "/usr/libexec/getty std.9600"   unknown off secure
tty05   "/usr/libexec/getty std.9600"   unknown off secure
tty06   "/usr/libexec/getty std.9600"   unknown off secure
tty07   "/usr/libexec/getty std.9600"   unknown off secure
legendre:[/etc] > cat wscons.conf
#   $NetBSD: wscons.conf,v 1.19 2011/07/22 19:06:23 christos Exp $
#
# workstation console configuration

# fonts to load
#   namewidth   height  enc file
#font   ibm -   8   ibm /usr/share/wscons/fonts/vt220l.808

# Note: "pcvt" encoded fonts are only useful with the "*bf" screen types
#  of the "vga" driver. The kernel must be compiled with the option
#  "WSCONS_SUPPORT_PCVTFONTS" turned on. See vga(4).
#font   pcvt-   -   pcvt/usr/share/wscons/fonts/vt220h.816
#font   pcvt-   8   pcvt/usr/share/wscons/fonts/vt220h.808

# Font for central european languages (ISO 8859-2).
#  Uncomment to load. Needs to be explicitly enabled (see below).
#font   latin2  -   16  iso /usr/share/wscons/fonts/latin2.816

# screens to create
#   idx screen  emul
# Screen 0 is already configured as console in most cases.
#  Uncomment if a serial console is used.
#screen 0   -   vt100
screen  1   -   vt100
screen  2   -   vt100
screen  3   -   vt100
screen  4   -   -
#screen 4   80x25bf vt100
# Note: You must uncomment the 'fontibm' line above to get a useful
#   font for any 50 line screens.
#screen 5   80x50   vt100

#keyboard   auto

# Select a kernel builtin keyboard map by uncommenting the following
line and
# altering the country code to your requirements
# (choose from user, us, uk, be, cz, dk, nl, fi, fr, de, gr, hu, it, jp, no,
# pl, pt, ru, es, sv, sf, sg, ua)
# See wsconsctl(8), pckbd(4), ukbd(4) etc. for more details.
encoding fr
#encoding us.swapctrlcaps

# Redefine individual keys from a file containing "keysym" and/or "keycode"
# entries.
# See wsconsctl(8) and /usr/share/wscons/keymaps for more details.
#mapfile /usr/share/wscons/keymaps/pckbd.sv.svascii

# Set arbitrary wscons variable using specified control device
#   ctldev  var value
#setvar ttyE0   fontibm
#setvar ttyE1   fontibm

# Uncomment for ISO 8859-2 support
#setvar ttyE0   fontlatin2
#setvar ttyE1   fontlatin2
#setvar ttyE2   fontlatin2
#setvar ttyE3   fontlatin2

# Change keyboard repeat speed to faster settings.
#setvar wskbd   repeat.del1 250
#setvar wskbd   repeat.deln 30
legendre:[/etc] >

When NetBSD starts, wdm is launched, mouse works fine, but keyboard not
! I cannot switch from X console to ttyE1, but from a remote server, if
I kill X or wdm, I see that keyboard has sent characters to ttyE1 (login
I have enter in wdm is written after 'login: ' on ttyE1).

If I restart wdm, keyboard is active in wdm.

I don't understand why wdm loses keyboard when it is started during
boot. Explanation will be welcome.

Best regards,

JB

Re: Keybord seems to be attached to ttyE0 after wdm starts

2022-06-05 Thread RVP 

On Sun, 5 Jun 2022, BERTRAND Joël wrote:


When NetBSD starts, wdm is launched, mouse works fine, but keyboard not
! I cannot switch from X console to ttyE1, but from a remote server, if
I kill X or wdm, I see that keyboard has sent characters to ttyE1 (login
I have enter in wdm is written after 'login: ' on ttyE1).

If I restart wdm, keyboard is active in wdm.

I don't understand why wdm loses keyboard when it is started during
boot. Explanation will be welcome.



Those config. files look OK. Can you post your Xorg config. file and the
/var/log/Xorg.0.log file?

-RVP

Re: Keybord seems to be attached to ttyE0 after wdm starts

2022-06-05 Thread Matthias Petermann 

Hi,

Am 05.06.2022 um 23:11 schrieb RVP:

On Sun, 5 Jun 2022, BERTRAND Joël wrote:

When NetBSD starts, wdm is launched, mouse works fine, but 
keyboard not

! I cannot switch from X console to ttyE1, but from a remote server, if
I kill X or wdm, I see that keyboard has sent characters to ttyE1 (login
I have enter in wdm is written after 'login: ' on ttyE1).

If I restart wdm, keyboard is active in wdm.

I don't understand why wdm loses keyboard when it is started during
boot. Explanation will be welcome.



Those config. files look OK. Can you post your Xorg config. file and the
/var/log/Xorg.0.log file?   

-RVP


The symptom is familiar to me. If I remember correctly, you had to start 
the X server on a tty that is not occupied by a getty yet, otherwise the 
keystrokes are not passed on.


If you start wdm via /etc/ttys, something like this (ttyE4):

```
ttyE0   "/usr/libexec/getty Pc" wsvt25  off secure
ttyE1   "/usr/libexec/getty Pc" wsvt25  on secure
ttyE2   "/usr/libexec/getty Pc" wsvt25  on secure
ttyE3   "/usr/libexec/getty Pc" wsvt25  on secure
ttyE4   "/usr/pkg/bin/wdm -nodaemon"wsvt25  on secure
```

it required me to put the following to /usr/pkg/etc/wdm/Xservers:

```
:0 local /usr/X11R7/bin/X vt5
```

I hope this helps.

Many greetings
Matthias