> On Oct 6, 2023, at 10:59, Diego Zuccato wrote:
>
> Il 06/10/2023 10:36, Sinh Lam ha scritto:
>> With the above said, I do not see what you mean there is a chicken and the
>> egg problem.
>
> To approve a minion key, Salt does have to trust the request is coming from
> the right minion, b
Don’t.
Generally, these things should be used to alert if an internal service has
been compromised (akin to using Canary Tokens), and the key copied. It is,
at best, a way to hear someone knocking.
On Wed, May 8, 2019 at 15:59 Stefan R. Filipek wrote:
> There's a blog post going around that has
You can also just set client keepalives. Set TCPKeepAlive in ~/.ssh/config.
This has solved a bunch of random timeout problems due to carrier NAT or
similar.
On Sat, Sep 15, 2018 at 15:36 Constantine A. Murenin
wrote:
> On 15 September 2018 at 09:50, Chris Bennett <
> cpb_m...@bennettconstruction
Yes.
We're looking at bootstrapping in EMR...
On Sat, May 23, 2015 at 07:21 Joe Wass wrote:
> I used Spark on EC2 a while ago
>
If you could also add the Hamburg Apache Spark Meetup, I'd appreciate it.
http://www.meetup.com/Hamburg-Apache-Spark-Meetup/
On Tue, Feb 17, 2015 at 5:08 PM, Matei Zaharia wrote:
> Thanks! I've added you.
>
> Matei
>
>> On Feb 17, 2015, at 4:06 PM, Ralph Bergmann | the4thFloor.eu
>> wrote:
>>
no.
Sent form my iFoe.
> On Jan 4, 2015, at 05:34, bofh wrote:
>
> https://medium.com/@shazow/ssh-how-does-it-even-9e43586e4ffc
>
> --
> http://www.glumbert.com/media/shift
> http://www.youtube.com/watch?v=tGvHNNOLnCk
> "This officer's men seem to follow him merely out of idle curiosity." -
Man. Thanks for the reminder.
+1
Sent form my iFoe.
> On Aug 27, 2014, at 16:21, Diana Eichert wrote:
>
> I don't think it's off topic but others might. I'm writing this post to
> remember Chuck Yerkes, a long time contributor to the misc@openbsd list.
> While riding his motorcycle 10 years
On Thu, Jun 5, 2014 at 5:09 PM, Giancarlo Razzolini
wrote:
> Em 05-06-2014 20:45, Eric Furman escreveu:
>> I predict that within a year OpenSSL will go the way of IPF.
>> For much the same reason...
>>
> IPF? Care to elaborate?
Well, in 2001 there was this drama around Darren Reed's IPF, that
cau
On Wed, May 14, 2014 at 12:40 AM, Kevin Lyda wrote:
>
> On 14 May 2014 08:20, "Johan Beisser" wrote:
>>
>> On Tue, May 13, 2014 at 11:57 PM, Otto Moerbeek wrote:
>> >
>> > Op 14 mei 2014 om 07:48 heeft Johan Beisser het
>> > volgende ges
On Tue, May 13, 2014 at 11:57 PM, Otto Moerbeek wrote:
>
> Op 14 mei 2014 om 07:48 heeft Johan Beisser het volgende
> geschreven:
>
>
> There are more reasons dynamic route entries are createf. For example to
> record results of mtu path discovery.
That implies a success
On Tue, May 13, 2014 at 10:31 PM, Johan Ryberg wrote:
> Yes, it's related to a SSH brute force attack.
>
> I have just never seen the the "client" IP in the routing table before. My
> IP does not exist in the routing table when I SSH to the host.
The IP shouldn't be there, at all. But, according
>> On May 13, 2014, at 18:47, Stuart McMurray wrote:
>>
>>
>> And, 163data.com.cn is a large source of shady activity.
I blocked the bulk of China and Asia outright at the router.
Quick solution, if not clean.
On Tue, May 13, 2014 at 4:58 AM, Magnus wrote:
> Hello Misc-Users,
>
> I'm looking in to the possibility to do multihoming (more than one isp)
> on a Carp setup.
> To do live failover if one isp goes down, the other takes over.
> Just as carp does if one of the routers goes down.
You can do this
On Thu, Apr 17, 2014 at 3:18 PM, Alex Naumov wrote:
> Thank you for link, but... why? I mean, we are not going to continue work on
> translation anymore? Reason?
Read this thread on the topic from earlier this month.
http://marc.info/?t=13965139876&r=1&w=2
http://marc.info/?l=openbsd-cvs&m=139637003025491&w=2
You did.
On Thu, Apr 17, 2014 at 3:08 PM, Alex Naumov wrote:
> Hello,
>
> I just want to ask about "not English" (translated) pages. I can't find
> these.
> Also translation.html and steelix are not avaliable.
> Did I missed something?
>
>
I feel like a bit of a jackass for the response.
Check smtpd/smtp_session.c
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/smtp_session.c?rev=1.192
On Thu, Jan 30, 2014 at 7:41 AM, Johan Beisser wrote:
> http://www.faqs.org/rfcs/rfc821.html (1982)
>
> Section 4.2.1.
http://www.faqs.org/rfcs/rfc821.html (1982)
Section 4.2.1.
https://www.ietf.org/rfc/rfc2821.txt (2001)
Section 4.2.1 defines the groups, and 4.2.2.x defines specific codes.
https://www.rfc-editor.org/rfc/rfc2487.txt (1999)
Secure SMTP over TLS.
On Thu, Jan 30, 2014 at 3:19 AM, STeve Andre'
I'm kind of at a loss as to where I'm going wrong on this. So far, my
searches in the code hasn't gotten me very far.
I'm attempting to get softupdates working correctly to systematically
update older Lenny systems to Squeeze (then eventually to Wheezy).
What I'm discovering is that the NFSROOT mo
On Fri, Nov 15, 2013 at 9:00 PM, jordon wrote:
> A few years back I put m0n0wall (FreeBSD-based) on it, hooked it up to 2
> machines (1 WAN, 1 LAN) and pushed a file through it. Its max bandwidth was
> well under my Internet connection speed.
>
> It was replaced with a net5501.
>
It's not belo
I'm not sure what you mean by "too slow to route."
I've a net4501 with 64mb of RAM that's handling all of my IP traffic
at home. Biggest problem is swapping taking out available interrupts.
Modern networks are actually just too fast for the hardware these
days. It works fine for home stuff.
On F
> On Oct 21, 2013, at 2:57, Henning Brauer wrote:
>
> * Илья Шипицин [2013-10-11 04:52]:
>> I was just curious why that timestamping is enabled by default.
>
> 'cause there is no reason to disable it.
>
> why is tcp enabled by default?
>
Everyone knows that TCP, like IP, and the Internet is
On Wed, Oct 16, 2013 at 11:04 AM, Norman Golisz wrote:
> On Wed Oct 16 2013 08:54, Johan Beisser wrote:
>> Or cam I still just do very basic priority queueing in 5.5?
>
> See pf.conf(5), 'set prio'. This doesn't even require you to define
> queues, etc.
R
> On Oct 16, 2013, at 8:05, Otto Moerbeek wrote:
> This will not be in 5.4, it wil be in 5.5. If you see shortcomings in
> the docs explain in more detail.
I just read the QUEUEING section in the man page. Seems fairly clear to me, and
in some ways more clear.
One thing I'd like to see is a sug
hanism other than ssh.
>
> -Joel
>
>
> Johan Beisser wrote:
>>
>> DNS proxy uses less bandwidth on your end.
>>
>> There are a dozen DNS proxy services out there for media, they all
>> work on the same basic principle.
>>
>> On Sun, Sep 15, 2013
DNS proxy uses less bandwidth on your end.
There are a dozen DNS proxy services out there for media, they all
work on the same basic principle.
On Sun, Sep 15, 2013 at 4:55 AM, Monah Baki wrote:
> Hi all,
>
>
> I'm running OpenBSD 5.2 with squid for a friend who owns an ISP outside the
> U.S and
On Tue, Aug 13, 2013 at 9:48 AM, Marian Hettwer wrote:
> Hi Loic,
>
>
> Am 13.08.13 15:43, schrieb � Blot:
>
>> Hello Marian,
>> i think you are right, because bsd.rd is required for last chance to
>> repair system, among others.
>>
>
> right. And I'd like to leave it untouched. This hopefully als
siteXX.tgz, yes, but this is not
> the main problem here
>
> --
> Best regards,
> Loïc BLOT,
> UNIX systems, security and network expert
> http://www.unix-experience.fr
>
>
> Le lundi 12 août 2013 à 12:09 -0700, Johan Beisser a écrit :
>> read the FAQ,
read the FAQ, Loic.
http://openbsd.org/faq/faq4.html#site
Site*.tgz, install.site and upgrade.site are a good starting point.
On Mon, Aug 12, 2013 at 11:59 AM, Loïc BLOT
wrote:
> Hello @misc.
>
> Today i'm working on automated deploy with PXE. I have successful found
> and made automated PXE in
On Jul 6, 2013, at 21:53, Nick Holland wrote:
>
> Feel free to take this off list with me if you prefer.
>
I kind of hope you keep this on list, actually. While I'm not affected by the
problem, I'm interested in the problem and solutions.
On Jul 3, 2013, at 20:23, Brad Smith wrote:
> On 03/07/13 11:07 PM, openda...@hushmail.com wrote:
>> Why do we need FUSE anyway?
>
> To be able to utilize FUSE based filesystems.
>
Fuse is a terrible hack.
But, a useful one that solves all kinds of problems.
Sent form my iFoe.
On Tue, May 14, 2013 at 3:13 PM, Stuart Henderson wrote:
> On 2013-05-14, Mattias Lindgren wrote:
>> Hello,
>>
>> I'm using a OpenBSD 5.3 (release) machine as my router connecting
>> to Comcast. Comcast provides native IPv6 access, however it does
>> so a little bit differently than what is proba
Back in the day I'd abuse lndir(1) to link to the nfs mounted source
directory.
http://www.openbsd.org/cgi-bin/man.cgi?query=lndir&sektion=1
Sent form my iFoe.
On Mar 31, 2013, at 7:48, David Higgs wrote:
> In trying to avoid multiple copies of OpenBSD source on my VMs, I am
> trying to use NF
I had a problem with tun interfaces and npppd. Try the pppx interface instead.
Sent form my iFoe.
On Mar 5, 2013, at 13:35, Jason Markowitz wrote:
> Hello,
>
>
> I'm receiving the following errors when attempting to establish a vpn
> session via l2tp, the ipsec side works fine and phase 1
On Thu, Jan 31, 2013 at 4:06 PM, Aaron Mason wrote:
> If you can, change to a different type of VPN. Not because of the storm,
> but because PPTP has been broken security-wise. Good results have been
> achieved with OpenVPN.
I'm having remarkable success with npppd(8) and L2TP. I'm using it
wit
On Wed, Jan 30, 2013 at 2:03 PM, Jiri B wrote:
> On Wed, Jan 30, 2013 at 09:29:42AM -0800, Johan Beisser wrote:
>> Don't monitor SSH on the CARP address.
>
> Doesn't it depend on the purpose of this SSH service?
> If it is to manage individual boxes, then sshd sh
On Wed, Jan 30, 2013 at 9:44 AM, System Administrator wrote:
> On 30 Jan 2013 at 9:29, Johan Beisser wrote:
>
>> > While testing the failover and trying to ssh to a carp address I got
>> > hit with the server key mismatch; hence this email. What is considered
>> >
On Wed, Jan 30, 2013 at 8:56 AM, System Administrator wrote:
> I finally got to deploy a CARP firewall cluster (HA failover for now).
> Using only the official OpenBSD.org documentation, everything went very
> smoothly even though the setup is not quite trivial (14 carp addresses
> on 6 active int
Are you using just ipsec, or L2TP?
On Wed, Jan 23, 2013 at 11:48 PM, Jan Lambertz wrote:
> Hi,
>
> Running OpenBSD 5.2 AMD64 release as homeserver.
> Got Andoid 2.3 Samsung Mobile.
> Want to connect via vpn IPSEC.
> Config:
> ike passive esp tunnel from any to any \
> main auth hmac-sha1 enc des
I just upgrade in place via bsd.rd on my net4501. Guess I could do the other
methods as well.
Sent form my iFoe.
On Jan 14, 2013, at 10:59, Nick Holland wrote:
> On 01/14/2013 10:15 AM, Sarah Caswell wrote:
>> Hi all,
>>
>> I'm having a frustrating problem getting OpenBSD-current (or
>> sna
On Thu, Jan 10, 2013 at 6:54 PM, Erling Westenvik
wrote:
> Is it possible to have PF filter on MAC address on a machine with only
> one physical nic? I'm aware that MAC filtering can only be done on a
> machine configured as a bridge, but how to configure such a bridge?
Add the single interface t
On Fri, Jan 4, 2013 at 4:41 PM, Aaron Mason wrote:
> On Sat, Jan 5, 2013 at 7:58 AM, Dan Shechter wrote:
>> You have all failed to mention that the ALIX devices come with Swiss
>> chocolates in the package!
>>
>
> I've ordered direct from PCEngines before and never got that.
Perhaps you should a
On Dec 30, 2012, at 8:31, pe...@bsdly.net (Peter N. M. Hansteen) wrote:
> A case in point: one of the firewalls I maintain for old friends is a
> Pentium III box with a whopping 512 MB of RAM, 8GB hard drive, you get
> the idea. As in, seriously, you'll get better hardware for free or the
> price
On Sat, Dec 22, 2012 at 7:43 PM, Nick Holland
wrote:
> On 12/22/12 07:54, Friedrich Locke wrote:
> ...
>> But for other services i don't have now what i could use. A example: i need
>> a file system that must expand by adding more machine in the network in a
>> simple way.
>
> in plain English: "I
On Tue, Nov 13, 2012 at 2:45 AM, Ignatios Souvatzis
wrote:
> At least a sixth, IIRC. You left out MirBSD from your distribution list.
> Also, you could argue that Minix, with its NetBSD compatibility,
> is a seventh and MacOS-X, with its partially (Free-/Net-)BSD compatible
> userland, an eighth.
On Tue, Nov 13, 2012 at 2:45 AM, Ignatios Souvatzis
wrote:
> At least a sixth, IIRC. You left out MirBSD from your distribution list.
> Also, you could argue that Minix, with its NetBSD compatibility,
> is a seventh and MacOS-X, with its partially (Free-/Net-)BSD compatible
> userland, an eighth.
On Mon, Nov 12, 2012 at 5:14 PM, Greg 'groggy' Lehey wrote:
> - Then DragonflyBSD split from FreeBSD. Mainly personality driven
> AFAICT. Again, this doesn't imply any criticism of the founder of
> the new project.
There were some very valid technical reasons at the time as well, IMHO.
On Mon, Nov 12, 2012 at 5:14 PM, Greg 'groggy' Lehey wrote:
> - Then DragonflyBSD split from FreeBSD. Mainly personality driven
> AFAICT. Again, this doesn't imply any criticism of the founder of
> the new project.
There were some very valid technical reasons at the time as well, IMHO.
___
On Thu, Nov 8, 2012 at 9:58 AM, Ariel Burbaickij
wrote:
> If money is not a problem -- go buy high-trading on the chip solutions and
> have sub-microsecond resolution.
>
> http://lmgtfy.com/?q=high+frequency+trading+FPGA
I'd love to see PF offloading on to something like that. Not that I
can just
On Thu, Nov 8, 2012 at 4:12 AM, Dan Shechter wrote:
> Hi All,
>
>
> A windows 2008 server is receiving TCP traffic from a stock exchange
> and sends it, almost as is, using UDP multicast to automated high
> frequancy traders.
>
> StockExchange --TCP---> windows2008 ---MCAST-UDP>
>
> On averag
On Oct 28, 2012, at 8:02, pe...@bsdly.net (Peter N. M. Hansteen) wrote:
> I stumbled across this little gem of a blog post, I think this deserves
> a wider audience, via my twitter feed:
> http://mina.naguib.ca/blog/2012/10/22/the-little-ssh-that-sometimes-couldnt.html
>
> To be filed under "tcpd
On Tue, Sep 11, 2012 at 9:06 PM, Sean Kamath wrote:
> I ended up buying direct from PC Engines for my alix 2d13's. Even though I'm
> in the US, it was cheaper than netgate (where I bought a bunch of the exact
> same thing for work). I ended up getting the red metal cases because they
> were che
On Aug 30, 2012, at 22:28, "Simon ALFRED" wrote:
>
> Thank you for this first reply.
> So, the only way is to use OpenBSD-current with npppd, and there's no other
way to do it ?
I can't say there's no other way to do it. PPTP is an option, via PoPToP. I
just found that npppd worked better for me
On Thu, Aug 30, 2012 at 12:05 PM, Simon ALFRED wrote:
> Hi everyone,
>
> I have a firewall at work running OpenBSD 5.1-RELEASE
> I need to make a vpn access for outside clients, they use MacOs 10.6 and
> Windows XP/7.
> I can't add thrid software on theses clients. So i need a VPN Server on th
Yep, that was exactly it.
Thank you, again.
On Aug 15, 2012, at 16:01, YASUOKA Masahiko wrote:
> Hi,
>
>> real.local.concentrate: tun0
>
> this should be
>
> realm.local.concentrate: tun0
>
> I hope this will help you.
>
> --yasuoka
>
> On Wed,
t;
> On Wed, 15 Aug 2012 09:11:06 -0700
> Johan Beisser wrote:
>> I've hit a bit of a wall digging around getting L2TP working with OpenBSD
5.1.
>>
>> I've enabled pipex in kernel:
>> # sysctl -a | grep -E '(pipex|gre)'
>> net.inet.gre.allow=
I've hit a bit of a wall digging around getting L2TP working with OpenBSD 5.1.
I've enabled pipex in kernel:
# sysctl -a | grep -E '(pipex|gre)'
net.inet.gre.allow=0
net.inet.gre.wccp=0
net.pipex.enable=1
Before anyone asks, yes, I had GRE enabled as well. But, I'm not
looking to run PPTP via npp
On Mon, Jul 23, 2012 at 9:01 AM, Wojciech Puchar
wrote:
> http://www.gwebtools.com/ns-spy/
>
> Anyone know from what data does it get such an info? By scanning every
> possible registered domain ?
Legal? I don't know. Ask a lawyer who specializes in these things.
They exist. My assumption is "yes
You're confusing a SOCKS proxy with a HTTP proxy. They are not the same thing.
Sent form my iFoe.
On Jul 18, 2012, at 16:07, Paolo Aglialoro wrote:
> @Abel
>
> I've had a look at dsocks page, the "instructions" are kinda criptic but
> just did something this way:
>
> # ssh -D 1080 user@sshdhost
On Fri, Jun 22, 2012 at 5:57 AM, Eric Furman wrote:
> So what is wrong with perl??
> It is nearly a standard in the UNIX Admin world.
It's a terrible language, and you should feel terrible for using it.
On Tue, Apr 24, 2012 at 6:07 AM, Otto Bretz wrote:
> On Tue, Apr 17, 2012 at 21:20, mxb wrote:
>> I rolled out L2TP/IPSec (npppd) on OpenBSD-current with RADIUS-auth.
>> Used mostly by OSX and Win7. Stable and works without any additional
>> third-party software.
>
> If you could write an article
On Mon, Apr 16, 2012 at 9:43 AM, Ingo Schwarze wrote:
> Hi,
>
> Johan Beisser wrote on Mon, Apr 16, 2012 at 09:18:22AM -0700:
>> On Mon, Apr 16, 2012 at 9:00 AM, Laurence Rochfort
>> wrote:
>
>>> Is there a DynDNS client for OpenBSD?
>
>> Rolled my o
On Mon, Apr 16, 2012 at 9:00 AM, Laurence Rochfort
wrote:
> Hello,
>
> Is there a DynDNS client for OpenBSD?
Rolled my own in Python a while back. There are a few that're utter
overkill for "simple updater."
You could do it in shell with tools in base with a little bit of
scripting effort.
http
On Wed, Apr 11, 2012 at 11:02 AM, Christian Weisgerber
wrote:
> Gilles Chehade wrote:
> This must be satire. Right?
> I mean, "local-echo mode"? What is this? 1975?
In lossy or high latency environments I find a local echo to be really
useful. To the point I occasionally dump stdout through
Dell has an ugly habit of changing components even within the same
model year of hardware. You can't predict how well supported something
is based on "PowerEdge R410" until you have your specific one in front
of you.
On Wed, Apr 4, 2012 at 1:14 PM, Kostas Zorbadelos wrote:
> Hello all,
>
> we are
On Sat, Mar 10, 2012 at 9:15 AM, Nico Kadel-Garcia wrote:
> With multiple drives, especially for bulky softraid setups, it might get
> overwhelming pretty fast.
>
> The idea is interesting, and especially helpful if the machine was
> previously built and the drives ordered differently in a differ
Sent form my iFoe.
On Mar 9, 2012, at 10:19, Nick Holland wrote:
>
>
> Hey, if having an OS which takes the quality of its product -- and not much
else! -- seriously is important to you, this would be a good time to make a
donation to the project. Make Theo smile!
>
Theo never smiles. Not onc
On Feb 20, 2012, at 8:49, Jan Stary wrote:
> On Feb 20 10:19:48, Daniel mora wrote:
>> I've worked with several different OS and phone brands (Nokia/Symbian,
>> iPhone, HTC/Android).
>> The one I feel more comfortable is the Nokia N900 it runs Maemo 5, is
>> a Debian like Linux, you can use it as
On Sat, Feb 18, 2012 at 3:06 PM, Marcos Ariel Laufer
wrote:
> What newer smartphones do you recommend for using also as a tool for
> managing OpenBSD servers (maybe windogs too) ? What experiences had you had
> with smartphones and OpenBSD managing?
Your experience really depends on a few things
On Sun, Feb 19, 2012 at 9:14 AM, Anonymous wrote:
> BlackBerry has built in VPN and you can also buy a few different SSH and
> SFTP apps.
If you're cheap, there's also BBSSH. While it's not perfect, it is
under active -if slow- development. As of November 2011, the developer
claims there's an sc
On Sun, Feb 19, 2012 at 7:14 AM, Luke Tymowski wrote:
> I use iSSH on an iPhone. But only in an emergency when I don't have
> anything else. I wouldn't make regular use of it. (ie, twice in the
> last year)
I've grown to like Panic's Prompt, and found it does really well with
tmux, etc as well.
On Mon, Jan 2, 2012 at 10:59 AM, ropers wrote:
> On 2 January 2012 18:10, Nomen Nescio wrote:
>> I don't rely on anyone's work.
>
> Ladies and gentlemen: The great American delusion.
Randian delusion. It's not purely American, and never has been.
On Tue, Dec 27, 2011 at 10:09 AM, Dave U. Random
wrote:
> Are the Longson/Godson MIPS boxes available over the counter yet? If so
> where is the best place to order one? Thanks.
A brief search of the archives gives a few resources. Spelling the
architecture right helps, but searching for "lemote"
On Tue, Dec 20, 2011 at 2:41 PM, Jannik Pruitt
wrote:
> Hi everyone.
> i am brand new purchased my open bsd 5.0 on 11 Nov 2011.
>
> I booted the CD on another computer installed every thing on a 32GB CF card.
> Placed in my old thin client and it booked.
>
> But the network card does not work.
> I
On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik
wrote:
> After upgrading (re-installing from scratch) my firewall from 4.6 (or
> 4.7) to 5.0, I have not been able to get OpenVPN back working. Please
> forgive me for asking here at misc but I have spent two days Googling,
> reading tons of HOWTO'
On Thu, Dec 1, 2011 at 8:02 AM, Rares Aioanei wrote:
> As a citizen of an English-speaking country AND a guru, John, you should
> at least know how to spell. David's right, you know.
You don't need to know how to spell. People have spell checkers these days.
On Thu, Oct 20, 2011 at 11:11 AM, wrote:
> Johan Beisser wrote:
>
>> Check dhclient.conf(5) and read about the supersede statement.
>
> Thank you very much for your kind answer. Of course I read not
> only dhclient.conf (5), but also a lot of man pages, a lot of
> pos
Check dhclient.conf(5) and read about the supersede statement.
jb
Semt frim my ipHnoe.
On Oct 20, 2011, at 8:35, sophia.ort...@googlemail.com wrote:
> Dear Sirs!
>
> I realy do not want that dhclient touch resolv.conf.
>
> The recomendation in
>
> http://www.openbsd.org/faq/faq6.html#DHC
I pointed out that Dennis Ritchie did something we all should admire:
Got to watch what he created blossom, and change the world.
Remarkably, for the better.
We should all be so lucky.
On Thu, Oct 13, 2011 at 10:38 AM, Stefan Midjich wrote:
> So many lives touched, so many that don't even know
"block all"
Permit inbound port 80, but do not permit new outbound connections.
Consider each interface a separate firewall, with separate flows
entirely, then use policy enforcement (see tagging:
http://cvs.openbsd.org/faq/pf/tagging.html) to ensure only properly
tagged packets are passed out fro
On Wed, Sep 7, 2011 at 5:24 PM, roberth wrote:
> don't be sorry, just tell me why, i am just curious.
- Following -stable with security patches matches my existing in house
corporate policy for Linux.
- It reduces variations between configurations of a given machine
function (simple transfer of
find / -type f -perm -0111 -exec ldd {} 2>/dev/null \; -print | awk
'/libc.so/ {print $7}' | sort | uniq
On Fri, Jul 29, 2011 at 8:50 AM, johnw wrote:
> (23:24:04) john@pdc:[~]$ du -sh /usr/lib/libc.so.*
> 704K /usr/lib/libc.so.34.2
> 704K /usr/lib/libc.so.35.0
[snip]
> 2.4M /usr/lib/libc.so.57.0
On Thu, Jul 28, 2011 at 2:00 PM, R0me0 *** wrote:
> Hello misc.
>
> I would like to know if is possible do the following:
>
> clients--OpenBSD_FWExternal_mail_server
>
> when clients send or receive an email, OpenBSD catch this mail and send a
> copy of this to anot
On Tue, Jul 19, 2011 at 1:20 PM, Nico Kadel-Garcia wrote:
> On Tue, Jul 19, 2011 at 12:59 PM, Johan Beisser wrote:
> It takes significant, thoughtful re-organizaton and a saner workflow.
Yes. It's non-trivial to make that happen as a default.
> What would be considere
On Tue, Jul 19, 2011 at 11:38 AM, Amit Kulkarni wrote:
> Can you elaborate? Where they suck?
RT: written in perl, painful to upgrade (painful enough, that we've
not touched ours in over a year). Ugly interface, but that's the least
of its problems. Without a good way to manage users, access, or
2011/7/19 Mikael Vsterdahl :
> Terrible? In what way? I use it in my work and I think it works great.
>
> What ticket software do you think is better?
I don't have one. I think they all suck equally.
On Tue, Jul 19, 2011 at 9:57 AM, Amit Kulkarni wrote:
>
> http://openports.se/www/rt
> ?
> written in perl.
As someone who uses this for ticket tracking, let me be the first to
say it's terrible.
On Wed, Jul 13, 2011 at 1:01 PM, Paolo Aglialoro wrote:
> Watch out for using apple desktop boxes as servers: apple has always put
> "style" in front of reliability and, especially for such "big" boxes when
> run 24/7, airflow and heat can become serious issues when you least expect
> it. Not exac
On Jul 4, 2011, at 12:26, Wesley MOUEDINE ASSABY
wrote:
> Hi,
>
> I have a question :
> Is it possible with OpenBSD to bond 2 adsl connections (download=8Mb/s ;
> upload=1Mb/s) with different ISP?
No. Unless you have your own IP space, and both ISPs are willing to advertise
those for you.
> An
On Thu, Jun 23, 2011 at 11:57 AM, Brett wrote:
>>Sure. Not to mention it came with source code, which you only got from
>
>> AT&T if you had a source license, and those were*expensive*. I was
>> fortunate enough to work for a company that had exactly that source
>> license during the 1980:s, and I
On Jun 21, 2011, at 20:20, vadi...@gmail.com wrote:
> Sorry I really did not want to start any flame. I just thought that
> getting answer from the mailing list would be faster than spending my
> time studying source code of the new system.
>
>> What you should do is relearn the proper way. :-)
>
On Jun 21, 2011, at 18:48, Benny Lofgren wrote:
> On 2011-06-22 03.03, vadi...@gmail.com wrote:
>>> Please continue to use Linux.
>>> That's ugly, useless and dangerous.
>>
>> Oops, looks like that was a "holy war" type of question. Sorry I did
>> not want to start that.
It's not.
> Linus didn
On Wed, Jun 1, 2011 at 6:02 PM, Simranjit Gill wrote:
> Hello,
>
>
>
> I want to use the IPv6 source code in one of the products manufactured by my
> company and need to know if there are any restrictions or limitations
> regarding the use of source code in commercial products. Please let me know
On May 28, 2011, at 5:36, Jean-FranC'ois SIMON wrote:
> All
>
> Thanks for your answers, I've set up my question not accurately enought. I
> would like to have a file logging the activity of dmesg after boot as well.
> I'm not sure it is the reight way to set it up.
>
> Here's my problem, I've se
On Sun, May 8, 2011 at 3:25 PM, roberth wrote:
> Uhum. Sure that's a way to approach this.
> That's the supported way. With that ammount of "support" required.
> Fine with that.
I usually build the new kernel, major utilities that require the new
kernel as per http://openbsd.org/faq/current.html
On Feb 3, 2011, at 5:17, Martin SchrC6der wrote:
> 2011/2/3 Bret Lambert :
>> Counting my toaster?
>
> Your toaster has an IP?
>
Yours doesn't?
I prefer to tar(1)...
On 1/7/11, Jeff Ross wrote:
> Hi,
>
> I have 2 servers that get backed up to tape. I was scping the daily
> dump files to the server with the tape attached but now I no longer have
> hard disk room to do that.
>
> So I read the man page for rdump/dump and that led me to rm
On Thu, Dec 23, 2010 at 9:19 AM, Alessandro Baggi
wrote:
>
> Hi list, I've tried to use the groups field for pfsync. I've changed in my
> pf rules, the wan interface ext="xl0" with ext="egress", then when I try to
> get a fault with firewall 1, firewall 2 become master, but all connections
> die.
On Tue, Dec 14, 2010 at 2:06 PM, Tomas Vavrys wrote:
> Is there a light at the end of the tunnel somewhere to make email
> secure even for amateurs who don't know how to use PGP? I'm very
> curious about the future of email, especially now. I would like to
> hear opinions of OpenBSD wizards. The t
On Sun, Oct 31, 2010 at 3:39 PM, Jamie Paul Griffin wrote:
>> Everytime one of you write to Theo directly,
>> I feel like I'm watching gay porn.
>
> would someone please block this prick. it was funny to start with but now
> it's intensely annoying.
You could just toss his email in to your killf
"pass all"
On Wed, Aug 4, 2010 at 3:32 PM, Peter Merritt wrote:
> What would be the most barebones pf.conf for a OpenBSD 4.7 nat firewall
> with 2 nics, that passes everything.
>
> Peter
1 - 100 of 277 matches
Mail list logo
