also a 'fwd' rule, which would be no use (who needs a
reflexive 'fwd' rule?). However, in reality a parent 'fwd' rule seems
to create an 'allow' dynamic rule, which is useful but confusing.
Where exactly is this pl
ny to any
It seems that the 'fwd ... keep-state' statement does create a useful
dynamic rule. It contradicts the ipfw(8) man page but works. Thank you
for enlightment.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
fr
arded packets to create a dynamic "allow" rule.
> >
>
> You can combine fwd and keep-state.
I hope so. I just don't understand how.
> Could you be more specific?
A packet generated locally 1) should be forwarded by a 'fwd'
rule and 2) should cr
re is also the skipto action which can alter the way packets
> flow through the rules.
>
> Could you describe in a conrete example what you're trying to
> achieve?
I want forwarded packets to create a dynamic "allow" rule.
--
Victor
Am I asking something unreasonable?
Victor Sudakov wrote:
>
> What tricks do you use if you need to allow a packet and then fwd
> it (or vice versa)? The search terminates and the packet quits ipfw on
> "fwd" as well as on "allow".
>
> How do I allow
Colleagues,
What tricks do you use if you need to allow a packet and then fwd
it (or vice versa)? The search terminates and the packet quits ipfw on
"fwd" as well as on "allow".
How do I allow a packet and then policy route it? An example ruleset
will be appreciated.
--
V
hink so. You either have to use Kerberos like I do (mutt
supports GSSAPI), or you have to store you password in ~/.mutt/muttrc
(see the "imap_pass" directive etc). Yes, in cleartext.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
_
utt -f
imaps://y...@yourserver.edu/~otheru...@somevirtualdomain.com/foo/bar/mbox
Of course if IMAP ACLs permit you. I have never seen another IMAP
client who could use such IMAP URIs.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.to
==
defaults
protocol pop3 mda "/usr/local/bin/procmail -d %T" nokeep fetchall
set syslog
poll mail.sibptus.tomsk.ru auth gssapi
====
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
of conversation about cvs mode in cvsup.
> I thought you were talking about cvs not working...
If subversion could be used to mirror whole repositories I will
consider switching to it.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
Dan Nelson wrote:
> In the last episode (Dec 25), Victor Sudakov said:
> > > I cvsup the FreeBSD CVS repository daily from cvsup.ru.freebsd.org.
> > > Both the client and the server run CVSup Software version: SNAP_16_1h,
> > > Protocol version: 17.0.
> > &g
.
Sure, but even as a package it would depend on
expat-2.0.1
neon28-0.28.6
sqlite3-3.6.19
gdbm-1.8.3_3
libiconv-1.13.1
apr-ipv6-gdbm-1.3.8.1.3.9
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.or
vs to a bunch
of hosts at the local network. Updating every host in my network from
anoncvs.fr.FreeBSD.org or a similar server would be a waste of
bandwidth and resources.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
fre
Victor Sudakov wrote:
[dd]
> > I would be happy to use svn as I do for my own projects.
>
> To run a cvs repository, you just need /usr/bin/cvs started from
> inetd. It is even in the base system.
>
> To run a subversion repository, you need much more infrastructure and
ystem.
To run a subversion repository, you need much more infrastructure and
more overhead (lots of dependencies from ports, probably a Web server,
a database backend etc). Besides, cvs is conveniently integrated with
Kerberos (we use :gserver: all the time) which I am not sure is
possible with s
Colleagues,
Am I the only one to have this problem?
Victor Sudakov wrote:
>
> I cvsup the FreeBSD CVS repository daily from cvsup.ru.freebsd.org.
> Both the client and the server run CVSup Software version: SNAP_16_1h,
> Protocol version: 17.0.
>
> Recently I noticed that
If this question is offtopic here, please direct me to a more relevant
mailing list. TIA.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/
ed
to see what mergemaster considers changed.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
.so.6
/lib/libcrypto.so.4
/rescue/[
[dd]
What gives? Can it be because its database is inherited from 6.3-RELEASE?
Should I comply and run "freebsd-update install"? Or should I clean
the freebsd-update database? Perhaps "rm -rf /var/db/freebsd-update/" ?
Thanks in advance for
Victor Sudakov wrote:
> If we consider a simple example below, how would you replace the 600th
> rule for a stateful one?
>
> 00100 divert 8668 ip from any to table(1) out via rl0
> 00200 deny log logamount 100 ip from 10.0.0.0/8 to any out via rl0
> 00300 deny log log
c. You might think of something like
650 allow ip from any to table(1) out via rl0 keep-state
However, if we place the "keep-state" rule at 650, only already
diverted packets will reach it, and it will be useless because the src
address will already have become the public one. I need a
Vasadi I. Claudiu Florin wrote:
>
> >>
> >>Is "getfacl -d" what you are looking for?
> >>
> >
> >
> >Maybe I didn't speak corectly. I already set the ACL (yes, setfacl -d
> >[...]) but when I do "getfacl file",
to any out via rl0
00400 deny log logamount 100 ip from 192.168.0.0/16 to any out via rl0
00500 divert 8668 ip from table(1) to any in via rl0
00600 check-state
00700 deny log logamount 100 ip from any to 10.0.0.0/8 in via rl0
00800 deny log logamount 100 ip from any to 172.16.0.0/12 in via rl0
0
s "getfacl -d" what you are looking for?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send an
ate". My
question was however if it was possible to do without "skipto".
And a simple example would be most appreciated, not a fully functional
fuleset.
I am also thinking about using "natd -deny_incoming" for keeping state,
instead of "keep-state" rules. Is this f
in via rl0
00800 deny log logamount 100 ip from any to 172.16.0.0/12 in via rl0
00900 deny log logamount 100 ip from any to 192.168.0.0/16 in via rl0
65535 allow ip from any to any
Thank you in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptu
Victor Sudakov wrote:
>
> I am setting up a jumpstart server for networked FreeBSD installation
> (tftp only). My /tftpboot/boot/loader.rc is rather simple:
>
> load /boot/kernel
> load /boot/acpi.ko
> load -t mfs_root /boot/mfsroot
> set vfs.root.mountfrom="ufs:/d
rnel (with statically compiled in device hints).
However, I would like to use a stock kernel, so I need to tftp download
device.hints and set the kernel environment accordingly. Could you
please help me with the loader.rc code that will do that?
Thank you in advance.
--
Victor Sudakov, VAS4-R
Victor Sudakov wrote:
> > >
> > >I have been updating 6.2-RELEASE with freebsd-update. Recently I
> > >upgraded it to RELENG_6_3 from source. Can I continue using
> > >freebsd-update or must I upgrade only from source from now on?
> > >
> > >
ly identical. In fact if you just
> recompile the kernel now, it will report -p2
If i recompile GENERIC now, freebsd-update will suggest updating
it again and again
P.S. I know that freebsd-update will leave the kernel alone if
"uname -i" is not GENERIC|SMP, but my question
ly identical. In fact if you just
> recompile the kernel now, it will report -p2
If i recompile GENERIC now, freebsd-update will suggest updating
it again and again
P.S. I know that freebsd-update will leave the kernel alone if
"uname -i" is not GENERIC|SMP, but my question
?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
> spdadd 10.1.1.0/24 10.0.0.0/8
> > ...
Thank you Brian, this works. I should not have worried.
On FreeBSD 6.2 it works even without any "null" policy (I think you
meant the "none" policy).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
_
it?
Thanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[
eally dumping a
> >snapshot though it says it is?
> >
>
> man dump (the section regarding -L) says
> "The snapshot is unlinked as soon as the dump starts, and is thus
This explains why there is no visible snapshot file in /home/.snap/
However, I thought that snapinfo
/home/.snap/
total 0
[EMAIL PROTECTED] ~]
Is this normal? Does it mean that dump is not really dumping a
snapshot though it says it is?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
y to obtain sectors of the full
> system but to actually install FreeDOS somewhere (on virtual machine or
> on a real slice).
I think if we have a floppy image, we can obtain the VBR with
something like
dd if=fdboot.img bs=512 count=1
i.e. the very first sector of the floppy.
--
Victor
how to borrow and how much. :)
>
I got the idea. Thank you. For FreeBSD, it should be like
% dd if=/dev/ad0s1 of=/tmp/dos_fat16.dd bs=512 count=1
% dd if=/dev/ad0s1 of=/tmp/dos_fat32.dd bs=512 count=3
BTW about FreeDOS: how many sectors for its bootblock must I copy?
I did not know that fat
Colleages,
I need to create a bootable MS-DOS slice on a HDD.
Where can I obtain a DOS VBR for "newfs_msdos -B" ?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.f
e.
>
> As to whether wins.dat should exist is beyond me.
> If you believe it should, then that would be data loss
If it (or any other file) does exist in the filesystem, it should
exist also in the backup. Otherwise we have a defective backup.
--
Victor Sudakov, VAS4-RIPE, VAS47-RI
ted next file 2828988, got 2828987
>
> Uh-oh :-(. I have no idea how the code works, but just a wild guess:
> what happens when a file is being created and a snapshot taken at the
> same time?
I would very much like to know that. Creating a snapshot can t
Jerry McAllister wrote:
>
> > Victor Sudakov wrote:
> > >
> > > I always use "dump -L" to dump a live filesystem.
> > > However, when I restore the dump, I sometimes get messages like
> > > "foo.txt (inode 12345) not found on tape&quo
tape blocks.
DUMP: dumping (Pass III) [directories]
DUMP: dumping (Pass IV) [regular files]
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
the answer, but I get essentially the
> same behaviour. I have never seen any data loss,
I gave an example below. The file "wins.dat" was not dumped. It is
indeed missing from the tape.
If this is not a data loss, what is it then?
[EMAIL PROTECTED] ~] restore -b64 -rN
./spool/samb
Victor Sudakov wrote:
>
> I always use "dump -L" to dump a live filesystem.
> However, when I restore the dump, I sometimes get messages like
> "foo.txt (inode 12345) not found on tape" or
> "expected next file 12345, got 23456"
>
> I thought
259101 ./usr/share/tmac/m.tmac
$ restore -tvf test.dmp | grep " 11"
Level 0 dump of / on test.sibptus.tomsk.ru:/dev/ad0s1a
Label: none
dir1130496 ./media
$
This means that
1. "/var/db/entropy/saved-entropy.1" was not dumped for some reason, though
"-L" was giv
> But I am more worried about "foo.txt (inode 12345) not found on tape".
> > Indeed, some files fail to get into the dump.
>
> Are the files active at the time of the dump?
Yes, they are.
These are files edited by Samba users, mrtg files etc.
--
Victor Sudakov, VAS4
fail to get into the dump.
>
> > I thought this should _never_ happen when dumping a snapshot.
> >
> > What is it?
>
> I don't know. Perhaps it is the inode of the snapshot file
> itself?
"find -inum" does not support this assumtion.
--
Victor Sudakov,
pshot.
What is it?
Thanks in advance for any input.
I am ready to provide additional info if required to understand the
problem.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://list
hanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
101 - 150 of 150 matches
Mail list logo