Re: pf and snort_inline
Mohamed Berzig wrote: Hello, I would like to use snort_inline with PF, exists an equivalent of libipq in iptables. Greetings. I'm not sure about native OpenBSD support but in FreeBSD even with divert support compiled in, inlining function cannot work because the proper BSD divert socket functionality isn't available in Snort. Marty Roesch did *somehow* hinted about it here, http://taosecurity.blogspot.com/2005/05/is-anyone-successfully-running-inline.html -- Thank you for your time, Ihsan Junaidi Ibrahim, http://ihsan.synthexp.net
Re: ALTQ question
Russell Sutherland wrote: > 3. All src IPs in the queue share >the bandwith equally. That is each machine gets >a maximum allocation of N/n Mbps. E.g. If there are 10 src > IP >addresses sending traffic each one gets a maximum >bandwidth of: N/10 Mbps > > Can this be done using ALTQ? I believe its possible using dummynet. It is possible in dummynet using masking. But, as far as I know, ALTQ does not yet offer a way of saying "equal share to each host in this range". You can do it manually, by adding queuing rules for each IP, but even with only three IPs I find that pretty ugly. -- Bob
OpenBSD + STP + pfsync.
Hi, I have being working arround these days with the configuration mentiones in the subject, it works nicely as a failover filtering bridge, it geaves a nice failover response time (I have measured like 10 seconds) from unplugging one firewall until the other firewall comes up. As I am not an STP guru I have several questions: We use here HP Procurve 2650 switches which have the possibility of enabling STP on them, but I dont know how would this benefit my configuration, I am using one of those swithes with two port based VLAN's, to separate external wan from internal wan (I call them this way to distinguish which is directly connected to the internet -external wan- from the one that is directly connected to the net but behind the firewall -internal wan-) my question is enabling STP on the switch would make transsition from one firewall to the other quiker?, I have being reading a nice tutorial from: http://www.seattlecentral.edu/~dmartin/docs/bridge.html in which he uses a very similar configuration except with the difference that he algo enables STP on his Catalyst switches, would this make any difference on my config?. Thanks :)
