Re: Mount USB disk

ion table with no valid OpenBSD partition I think I remember reading in the 4.4 FAQ that this is no longer supported. Use fdisk to create a single bsd partition that takes up the whole drive, then disklabel that partition. > mount /dev/sd0i /mnt > mount_ntfs: /dev/sd0i on /mnt: Operation not supported > > What is wrong ? > doug.

Issues with FTP and PF

Hi. I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g. 78.78.78.78) are refused. Here's part of my pf.conf: # WAN vpn_if="tun0" # LAN int_if="vr1" # External Addr

chaplIn...

. . . out of all the lies said to mE i love you was my favouriTe . . . [EMAIL PROTECTED] . . .

Re: Using a separate boot partition

On Wed, Nov 12, 2008 at 12:05:47AM -0500, Douglas A. Tutty wrote: > On Tue, Nov 11, 2008 at 08:31:42PM -0800, Joseph Alten wrote: > > So there isn't really an option like I was describing? I was going to just > > create my / partition on my boot hard drive like you mentioned

Re: Using a separate boot partition

On Tue, Nov 11, 2008 at 08:31:42PM -0800, Joseph Alten wrote: > So there isn't really an option like I was describing? I was going to just > create my / partition on my boot hard drive like you mentioned, but I > seemed so close when I ran "boot hd0a:/bsd -a" a

Re: Using a separate boot partition

On Tue, Nov 11, 2008 at 07:52:30PM -0800, Joseph Alten wrote: > Due to technical constraints, my setup requires that I have a separate > boot partition (basically the kernel and anything else critical for > booting), and then of course my root partition other data partitions on a &

Re: Lost my Sensors (or should be senses!) with 4.2

fixed, lm87.c#rev1.20. :) The bug was caused by an ininitialised value, such that fan sensors in certain chips (lm81, adm9240 and ds1780) might have pseudo-randomly never appeared. Just to make it clear -- this was not a regression in 4.2, the fact that it was missing from 4.2 is simply a pseudo

Re: 4.4 recently installed

On Sun, Nov 09, 2008 at 04:34:41PM -0800, T D wrote: > I have installed 4.4 on a machine (ibm aptiva) with the below dmesg output. > As I am somewhat new to this os, I would like some sugestions as to what I > could/should do with this box and no I will not rm -rf / > Any ideas/suggest

Re: SATA card = total freeze

thanks for the reply. i guess i'll go for a pci card with a silicon image chip then On Nov 7, 2008, at 22:48, Anathae Townsend wrote: I have had varied success with this card under openbsd. It would nearly always cause a hang with a timeout error to the primary console when installed

Re: Oddly high load average

is inexplicably high; when idle, it > > > sits up > > > : > between 0.6 and 0.7. > > > : > > > : Oh my god, the horror. Nothing is wrong with your machine at all. > > > : However, I have a diff which will probably keep you happy. > > > > > >

Re: Oddly high load average

hine at all. > : However, I have a diff which will probably keep you happy. > > Not sure if you caught my last paragraph, but I did say that nothing was > wrong with the system at all, I'm just curious as to why the average is > high. > > The simple explanation is found

Re: Packet Filter: how to keep device names on hardware failure?

an rewriting your rule set so it avoids 'on' criteria and other > hardware specifics wherever possible. Free advice without a patch is, of course, worth the price, but: If there was a way of recording the MAC address assigned to each interface by the kernel, then on a subsequent reboot c

SATA card = total freeze

sorry to ask again: some weeks ago I installed a Promise 300sata TX4 pci card onto an Asrock motherboard running OpenBSD 4.3 tried to copy a 31Gb file to stress test. The machine hung up after a while and could only be switched off and re-started. can anybody confirm that this pci card

diff ftp.openbsd.org ftp.ca.openbsd.org motd

In the ftp list for openbsd, the master fan-out is ftp.openbsd.org and a request to use a secondary mirror. ftp.ca.openbsd.org is listed as a secondary mirror in Edmonton. However, the motd at ftp.ca.openbsd.org says that OpenBSD ftp services are not really provided at this site

Re: Promise SATA 300 TX4 strangeness

system console had some time out errors however. It is working well with just two 500 GB drives hooked up to it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph A Borg Sent: Tuesday, November 04, 2008 8:16 AM To: Duncan Patton a Campbell Cc

Re: Promise SATA 300 TX4 strangeness

I'm having the same problem. At first i thought it was a failed pci card, then the old bios. Now with a replacement card and updated bios, I tried to copy a hefty multi-Gb gzip file from an other disk to drive on the sata card and the machine is still hanging, hard: I have to switch i

Re: I am not a geek ;)

On Mon, 3 Nov 2008 10:48:46 -0800 (PST) Jeff1981 <[EMAIL PROTECTED]> wrote: > Hello > > I actually am starting the use of OpenBSD thanks to production team. > Please can you help me to pass this error message when I try to connect my > NAS an external drive (a network dri

Re: Recommend hardware for video surveillance system?

On Sun, 2 Nov 2008 14:52:58 + (UTC) Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008-11-02, Brian Keefer <[EMAIL PROTECTED]> wrote: > > On Nov 1, 2008, at 10:21 PM, Duncan Patton a Campbell wrote: > > > >> On Fri, 31 Oct 2008 20:28:34 -0700 > &g

Re: Modern operating systems are flawed by design, including OpenBSD.

And proprietary software, like WinDose, that uses bodged standards is the root cause of this insecurity. Here you can read about another, possibly more serious, danger posed by proprietary systems: http://www.physorg.com/news144343006.html Dhu On Thu, 23 Oct 2008 18:54:27 +0800 mak maxie <

Re: Recommend hardware for video surveillance system?

On Fri, 31 Oct 2008 20:28:34 -0700 Brian Keefer <[EMAIL PROTECTED]> wrote: > I'm finally getting around to starting my project to build a home- > monitoring system. I'm going to need multiple capture devices inside > the home, and at least one outside

Re: Funny slogans to put on tshirts

On Fri, Oct 31, 2008 at 10:29:35AM +0100, Redd Vinylene wrote: > It's my friend's birthday tomorrow. I was thinking I'd make him a > tshirt with some funny slogan on it or something. Preferably something > UNIX related. But I'm all outta ideas. Perhaps y'all

Re: new home box for secure data storage

On Thu, Oct 30, 2008 at 09:34:56AM +0100, Michiel van Baak wrote: > On 16:14, Wed 29 Oct 08, Douglas A. Tutty wrote: > > I think I want root to be able to mount/access the directories so that > > the data can be included in a backup set (which is then piped through > > openssl

Re: new home box for secure data storage

On Thu, Oct 30, 2008 at 08:38:16AM +0100, Guido Tschakert wrote: > Douglas A. Tutty schrieb: > > On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: > >> I'm confused, the encrypted volume cannot be backed up without a key? > > > > Sure, I could ba

Re: new home box for secure data storage

On Thu, Oct 30, 2008 at 11:53:16AM +0100, Felipe Alfaro Solana wrote: > On Wed, Oct 29, 2008 at 9:14 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > I'm thinking I could go two routes: > > > > 1. encrypt all of /home with an encrypted virtualfs file

Re: new home box for secure data storage

On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote: > I'm confused, the encrypted volume cannot be backed up without a key? Sure, I could backup the encrypted volume. However, I'd rather back the data up as an unencrypted directory along with everything else. I don&

Re: new home box for secure data storage

On Wed, Oct 29, 2008 at 02:56:53PM -0700, Ted Unangst wrote: > > >I think I want root to be able to mount/access the directories so that > >the data can be included in a backup set (which is then piped through > >openssl for encryption) on a file-by-file basis rather than ju

Re: new home box for secure data storage

On Wed, Oct 29, 2008 at 09:41:36PM +0100, Almir Karic wrote: > On Wed, Oct 29, 2008 at 04:14:22PM -0400, Douglas A. Tutty wrote: > > I'll be setting up a new box for the house and I want to use OpenBSD for > > it, both for its security and since it will be an older box it will

new home box for secure data storage

I'll be setting up a new box for the house and I want to use OpenBSD for it, both for its security and since it will be an older box it will run better than with Debian. Roles: main firewall for dialup internet access. fetchmail and sendmail to ISP smarthost other simple stuff (have anothe

Re: file encrypyion

On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote: > I'm looking for a way to encrypy backup files for secure storage. > > Gpg is an obvious candidate, but I'm wondering if there's anything in > base, perhaps a creative use of ssh or some other tool, though not

Re: Can't SSH into CARP'd system from the outside

On Mon, 2008-10-20 at 14:19 -0700, Vivek Ayer wrote: > So far, I can't ssh into the carp from the outside, can't ntp from the Try: % sudo tcpdump -ttt -e -vvv -n -i pflog0 -s 1024 -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: Th

Get a secure grip anywhere with GetAGrip

Get-A-Grip The Revolutionary New Way To Have A Secure Grip Whenever You Need It. * Attaches in Seconds * No Drilling * No Tools * Super Strong http://CRYSTALCLEANS.COM/fFAfMHutFYuuAaMHMuMuHayrfFAYtM/ The original Get-A-Grip? is the revolutionary new way to have a secure grip whenever you need

Re: reliable, dd over simple ip network

On Wed, Oct 15, 2008 at 09:28:56PM -0700, Neko wrote: > since my partitions have 16% free on all systems, i cant tarball the > drive sent it to target machine and uncompress, Tarball it up, pipe the output somewhere, eg via ssh (disclaimer: untested; concept only) [tar commands, to stdout] |

Advanced Queuing: Host-Only Stateful Inspection and Queues

[Long Message Disclaimer] All: I was just looking over Peter Hansteen's PF book -- It's a great reference, but the coverage on QUEUING is limited (6 pages of ~150). I was hoping to find an answer to a question there-in, that I had back in 2006 when I filed system/4574 -- but with be

Re: PF Queue on a GROUP of nics?

On Mon, 2008-10-06 at 16:39 +1100, Sunnz wrote: > Is it possible? > > Say I have a few nics of the same group... dc0 dc1 dc2 dc3... which > all belong to a group "dc". Sunnz Do you mean a "shared queue" where "downstream" bandwidth from a single &quo

Re: 4.4 arriving in the U.S.

On Tuesday October 14 2008 12:19, you wrote: >Today's mail delivered the 4.4 CDs near Boston, Mass. Also to Des Moines, Iowa. >Many thanks to the developers, Agreed. Thank you developers! Dan Ramaley

Re: Random crashes with Intel D945GCLF2

On 09/10/2008, SJP Lists <[EMAIL PROTECTED]> wrote: > 2008/10/10 Damian Gerow <[EMAIL PROTECTED]>: > > > Mark Kettenis wrote: > >> Boy, those Intel-branded boards have shitty BIOSes... > > > > And support. They've basically said that OpenBSD

Re: LDAP and OpenBSD

On Fri, 2008-10-10 at 19:52 +0200, raven wrote: > I'm thinking how my users into an ldap db can login into my openbsd One would need NSS_LDAP and PAM_LDAP, which requires PAM and NSS infrastructure in-tree. Likely you'd want to sponsor development for something like that. ~BAS

Re: New tcp stack attack

On Wed, 01 Oct 2008 12:24:16 -0300 Fernando Gont <[EMAIL PROTECTED]> wrote: > At 11:13 a.m. 01/10/2008, Duncan Patton a Campbell wrote: > > >" > >Sockstress computes and stores so-called client-side SYN cookies and > >enables Lee and Louis to specify a desti

Re: New tcp stack attack

On Wed, 1 Oct 2008 15:58:22 +0200 Claudio Jeker <[EMAIL PROTECTED]> wrote: > On Wed, Oct 01, 2008 at 03:31:00PM +0200, Stephan A. Rickauer wrote: > > On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote: > > > Hi there, > > > > > > is there any weight

Re: New tcp stack attack

On Wed, 01 Oct 2008 14:52:29 +0200 Leon Dippenaar <[EMAIL PROTECTED]> wrote: > Hi there, > > is there any weight to this new story on slashdot > http://it.slashdot.org/it/08/10/01/0127245.shtml > > about a new attacker possible to break any tcp stack? Sounds rathe

Re: New tcp stack attack

On Wed, 2008-10-01 at 14:52 +0200, Leon Dippenaar wrote: > Hi there, > > is there any weight to this new story on slashdot > http://it.slashdot.org/it/08/10/01/0127245.shtml > > about a new attacker possible to break any tcp stack? Sounds rather > shady, so here I am,

? Recommended News Server

Howdy List? I'm going to set up a news server on an OpenBSD system and I would like to know if there is a recommended server that I should use. Thanks, Dhu

OSPFd and ipsec routes

Hello! Can ospfd redistribute routes in Encap table `netstat -nr -f encap` ? Are they considering static? There is no such info in ospfd.conf...

Re: 4.4-current on XenServer 5

Stupid me, the disk is there and OpenBSD runs just fine on it. Sorry for the noise. On Mon, 2008-09-22 at 12:24 +0200, Stephan A. Rickauer wrote: > In know virtualization is not one of the primary targets of OpenBSD. > However, in case someone is interested, here's a dmesg of

4.4-current on XenServer 5

In know virtualization is not one of the primary targets of OpenBSD. However, in case someone is interested, here's a dmesg of 4.4-current booting bsd.rd on latest XenServer 5 (Express, with Intel VT). As you can see, there is no harddisk detected. I am ready to help testing if a developer

Re: recommendation for router (COMMELL)

> "What *would* you recommend?" > > In addition to the listed duties, I am looking for stability, For a mail server appliance, Axiomtek units are the only way to fly. Try the NA-820. We've been nothing but pleased, and of all the cheap Award/AMI BIOS's, theirs ha

Re: isakmpd

On Sat, 2008-08-23 at 13:30 +0200, Daniel Rapp wrote: > Hi, i am looking for example configs on isakmpd where there is more then one > tunnel.. > > I have a openbsd (4.2) firewall with a tunnel config in isakmpd.conf and i > want to add a roadwarrior tunnel to.. There should be a

Re: stupid suggestion

sorry ppl i did not mean to come across this way. I appreciate the sterling work done here. I shouldn't send emails to a list when I'm tired as it's easy to get misinterpreted. I did not demand anything but that is how it came across in the email. Now that I can afford it, I

stupid suggestion

can you people start treating mass storage like network security? I think it's becoming the next weak spot with the current changes in hard-disk densities, cheap, easily accessible solutions and hot-swap sata drives

mge ups & nut

i found a reasonably priced MGE Nova 1100 UPS with serial connection, connected to the PC with a usb-serial converter. dmesg: > uplcom0 at uhub2 port 2 "Prolific Technology Inc. USB-Serial > Controller D" rev 1.10/4.00 addr 2 > ucom0 at uplcom0 here's the latest up

Re: forcing system disk to wd0

the kernel is absolutely something i wouldn't touch, unless it's a well documented and easy to follow tweak but thanks for all the detailed info. On Sep 11, 2008, at 19:01, Philip Guenther wrote: On Thu, Sep 11, 2008 at 5:52 AM, Joseph A Borg <[EMAIL PROTECTED]> wrote:

Re: forcing system disk to wd0

Why would you be adding removing drives all the time? I plan to do a simple dump backup on a rotating set of HDs each evening. Am I safe to assume that sata drives can be added after boot with no loss in system integrity? I have storage stuff for a living and this isn't hardly an issue

Re: forcing system disk to wd0

but i'll have to change it every time i add or remove a hard disk which can be pretty frequent. if the total number of drives in the system is not the same from boot to boot, i have to tweak fstab. is it possible for a future update of OpenBSD to tweak fstab to take references to the boot

Re: forcing system disk to wd0

my problem is that i have just purchased two hot-swap cages. One puts 2 laptop drives in a 3.5" bay that will be used to back up daily work on a roster of 5 disks, the other is consists of 3 regular hard drives in the space of 2x5.25" bays and currently houses the system hd, the

forcing system disk to wd0

I just added a 4 port promise sata card and cannot figure a way of forcing the sata ports on the motherboard to take precedence over the sata pci card. Any pointers to useful info would be greatly appreciated. I guess i'll have to mess with the BIOS and IRQs but these are, till now o

Promise SATA 300 TX4 strangeness

Howdy List? I have a Promise SATA 300 TX4 which I've tested with 3 different mobos using 4.3 and 4.4. Two of the mobos, all of which operate with obsd cleanly when using on-board disk io, fail to finish booting, locking tight at the mtrr: Pentium Pro MTRR support line when booting the c

Re: pf visualization

On Thu, 2008-08-28 at 16:03 +, Stuart Henderson wrote: > > > > Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and > > ntop ;) > > the nfdump/nfprofile tools (also in ports) are interesting too, > there's a web interface NfSen which is yet to

Re: pf visualization

On Thu, 2008-08-28 at 11:52 -0400, Jason Dixon wrote: > > > Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and > > ntop ;) > > If I ever get off my lazy ass and finish/package it up, maybe this? > > http://www.netflowdashboard.com/demo/ http://www.netflowdashboard.com/download/

pf visualization

I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall "usage" in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti

spamdb with '0' as pass

I have difficulties in understanding why a minority of IP's of a huge set of WHITE entries of our spamdb do not have a 'pass' date set: # spamdb | grep 128.1x8.50.xxx WHITE|128.1x8.50.xxx|||1218625388|0|1221750240|1|1 spamdb(8) says: "time the entry passed from being GREY to

Re: Purpose of spamd-setup in greylisting mode?

On Tue, 2008-08-12 at 09:46 +0200, Morgan Wesstrvm wrote: > information Google turned up. A general reflection is that it's a little > hard to grasp from the man pages how all the components work together > (spamd, spamlogd, spamd-setup, spamdb, pf) especially when you'

Re: make build fails for OPENBSD_4_4 on i386

On Fri, 2008-08-08 at 13:59 +0200, Miod Vallat wrote: > Until the cd-rom are actually created and the release is announced, > tags are Just trying to be helpful in reporting a build-problem during the releng cycle. If there's a better venue for such reports, lets have it :) ~BAS

Re: Software RAID with OpenBSD

quot; > > > <[EMAIL PROTECTED] > > > wrote: > > > > > > Look this link: > > > > > > http://contenidosonline.blogspot.com/2007/01/raid-1-por-software-con-openbsd.html > > > All the information regarding softraid is in man bioctl bio & softra

Re: RFID Reader

On Thu, 7 Aug 2008 15:14:24 +0100 Conor <[EMAIL PROTECTED]> wrote: > On Thu, Aug 7, 2008 at 1:05 PM, Duncan Patton a Campbell < > [EMAIL PROTECTED]> wrote: > > > On Thu, 7 Aug 2008 10:46:40 +0100 > > Conor <[EMAIL PROTECTED]> wrote: > > > >

Re: RFID Reader

On Thu, 7 Aug 2008 15:14:24 +0100 Conor <[EMAIL PROTECTED]> wrote: > On Thu, Aug 7, 2008 at 1:05 PM, Duncan Patton a Campbell < > [EMAIL PROTECTED]> wrote: > > > On Thu, 7 Aug 2008 10:46:40 +0100 > > Conor <[EMAIL PROTECTED]> wrote: > > > >

Re: RFID Reader

OpenBSD? > > > > Don't most readers communicate with the host PC over some common > > protocol, say RS232 (serial), or maybe USB? OpenBSD will allow you to > > access those, so if you find or write a program that can communicate > > with the reader via RS232/USB

Re: Incorrect kate(4) tempatures

1 (irq 11) for native-PCI interrupt > wd1 at pciide1 channel 0 drive 0: > wd1: 16-sector PIO, LBA48, 238418MB, 488281250 sectors > wd2 at pciide1 channel 0 drive 1: > wd2: 16-sector PIO, LBA48, 476940MB, 976773168 sectors > wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode

Re: tablec - show all addresses in pf table

On Wed, 6 Aug 2008 22:04:52 +0200 Joachim Schipper <[EMAIL PROTECTED]> wrote: > On Wed, Aug 06, 2008 at 11:32:53AM -0500, John Brooks wrote: > > tablec allows me to add or remove pf table entries with > > an unprivileged userland account. is there a method to > &g

Re: RFID Reader

usiness/v/index.jsp?vgnextoid=1722e90e3ae95110VgnVCM108406b00aRCRD should be fairly trivial to make work with OBSD, despite being a Windoze CE box as it has numerous open interfaces and claims to talk to SAP and IBM stuff ... The question of being "supported" is misleading as most of th

Re: contact info for PC Weasel?

Given the $350 price tag of the PCI version, it might even be cheaper to get a different motherboard. The PC Weasel site looks unmaintained; the order page only lets you set a credit card expiration date from 2002 to 2008. On Wednesday August 6 2008 15:58, Chris Cappuccio wrote: >spend y

Re: contact info for PC Weasel?

On Wed, 2008-08-06 at 13:58 -0700, Chris Cappuccio wrote: > spend your money on a motherboard with serial console. like a supermicro > board or something. you'll be happier. No offense but: No. No you wont. Unless you have IPMI or something like Dell's DRAC (4, not 5 -- 5 sux

Re: PF and DHCP hakz

On Tue, 5 Aug 2008 20:34:09 -0600 Duncan Patton a Campbell <[EMAIL PROTECTED]> wrote: > Howdy List? > > As some of you may have gathered from previous posts, I have been > working on a pf configuration that will allow a gateway firewall > machine to talk to two or more I

PF and DHCP hakz

Oddly this does not appear to have made it thru... Howdy List? As some of you may have gathered from previous posts, I have been working on a pf configuration that will allow a gateway firewall machine to talk to two or more ISP services and allow for the differential routing of data

Re: Own keyboard encoding cz (cs)

from http://www.netbsd.org/docs/guide/en/chap-cons.html . > I looked in wsksymdef.h ,there is a support for ISO-8859-2 (not for UTF-8), > but how can I type our national characters if I can use only us or others? > Can I use codes for these characters? > > Thanks a lot for your help &g

PF and DHCP hakz

Howdy List? As some of you may have gathered from previous posts, I have been working on a pf configuration that will allow a gateway firewall machine to talk to two or more ISP services and allow for the differential routing of data connections from client's services both behind the fir

PF loading question

Howdy List? I'm trying to deal with the problem of dhcp assigned default routes in a pf config file, and what I've come up with is a script to drive dhclient on external interfaces and extract the routing info for use in route-to (interface gateway) rules. So then I have two ways of fe

Intel 82575GB NIC doesn't work

Hello! Looks like there is no support for 82575GB NIC in OpenBSD kernel. I got something like "Intel PRO/1000 QP (82575GB)" rev 0x02 at pci10 dev 0 function 0 not configured" But I found this link for FreeBSD driver http://downloadcenter.intel.com/Detail_Desc.aspx?ProductID=2874&DwnldID=158

Re: Is this a bug in PFCTL?

On Wed, 23 Jul 2008 20:41:05 -0300 Vinicius Vianna <[EMAIL PROTECTED]> wrote: > Maybe the only value would be to merge a new rule without returning all > tables to default as in the situation that you have changed a table and > if you run pfctl -f /etc/pf.conf the table w

Re: Is this a bug in PFCTL?

On Thu, 24 Jul 2008 00:00:09 +0200 Henning Brauer <[EMAIL PROTECTED]> wrote: > * Duncan Patton a Campbell <[EMAIL PROTECTED]> [2008-07-23 21:28]: > > Howdy List? > > > > According to the man page on pfctl > > > > " > > -m Merge i

Re: Is this a bug in PFCTL?

On Thu, 24 Jul 2008 00:00:09 +0200 Henning Brauer <[EMAIL PROTECTED]> wrote: > * Duncan Patton a Campbell <[EMAIL PROTECTED]> [2008-07-23 21:28]: > > Howdy List? > > > > According to the man page on pfctl > > > > " > > -m Merge i

Is this a bug in PFCTL?

0" | pfctl -mf - " using the -m parm should allow allow a rule to be merged into the current set, but when I run it, as spec'd in the man page, my ruleset is deletd. Dhu [EMAIL PROTECTED]:/etc] # pfctl -a '*' -sr scrub in all fragment reassemble block

Re: PF route-to syntax

Howdy Bill? Back in Dec.06 you asked some similar questions about "dynamic update of gateway for route-to rules in pf.conf on dhcp interface". Did you find a way to do this? Thanks, Dhu On Mon, 21 Jul 2008 21:16:50 -0700 Bill Meigs <[EMAIL PROTECTED]> wrote: > I discove

Re: CARP node crashing reproducibly (4.3-stable)

> > (remember the machine is the CARP backup). The machine crashes within 15 > > minutes after reboot. > > ok that is weird. icmp_error as called in pf_send_icmp does not m_free > anything but the passed mbuf, and we now just bail if tghe allocation > of it fails. so

pf localhost sevices

Howdy List? Following is a modification of the ruleset at http://www.openbsd.org/faq/pf/pools.html . It works to allow routing of client services service_ports on an internal network onto one external gateway while other services from the internal network default to another path. This works

Re: Can't scp, ssh is slow to authenticate.

to have load averages. It think it is a problem with the shell > non-interactive initialization script. He's probably starting screen with top(1) in one of the windows directly from .bashrc.

Re: OpenBSD 4.3 FAQ in PDF?

tp://openbsd.org/faq/faq`printf %02d $i`.html done The number list could be collapsed into `seq 1 15` on a system with seq installed. Dan RamaleyDial Center 118, Drake University Networ

Re: Can't scp, ssh is slow to authenticate.

On Mon, 21 Jul 2008 16:04:59 -0600 Theo de Raadt <[EMAIL PROTECTED]> wrote: > > These are both local machines, why would DNS be required? > > Because in the modern world DNS -- or any other kind of reliable > name->address + address->name mapping -- is required. > > You might as well get used to

Re: GPL version 4

On Thu, 17 Jul 2008 00:51:53 -0500 Travers Buda <[EMAIL PROTECTED]> wrote: > I'd like to present GPL version 10^100^100! (that's not an > exclaimation, that's a factorial.) > > Over the years, clauses have been _removed_ from BSD-like licenses. >

Re: This is what Linus Torvalds calls openBSD crowd

hould include monkeys. And amoebas too. > > > > I agree, monkeys should definitely be somehow incorporated into the artwork > > for the next release. > > ty draws openbsd developers as fish. and I think that we, the openbsd > developers, did enough to warrant a nice topi

Re: This is what Linus Torvalds calls openBSD crowd

; Here it's rtfm and chest-thumping. > > > > because here, many people have spent many hours making sure tfm gives > > you all the information you need > [...] > > Absolutely! I find the OpenBSD man pages to be dead accurate, and > to-the-point. Typos, and gramma

Re: Routing on source

On Thu, 3 Jul 2008 17:10:54 +0200 Henning Brauer <[EMAIL PROTECTED]> wrote: > * Henning Brauer <[EMAIL PROTECTED]> [2008-07-03 15:18]: > > * Daniel Anderson <[EMAIL PROTECTED]> [2008-06-25 06:39]: > > > The mechanism you seek is the route-to and reply-to. >

Re: CARP node crashing reproducibly (4.3-stable)

On Mon, 2008-07-14 at 14:22 +0200, Henning Brauer wrote: > perfect analysis! > > looks like the only sane thing to do in that case is to bail and not > send the icmp. I've compiled a new kernel with the patch. The machine is no longer crashing on pf_send_icmp(). However, I now s

Re: CARP node crashing reproducibly (4.3-stable)

On Fri, 2008-07-11 at 21:32 +0200, Henning Brauer wrote: > * Stephan A. Rickauer <[EMAIL PROTECTED]> [2008-07-11 16:59]: > > Here's all data I was able to get off our crashing machine, the backup > > node of our CARP cluster, that used to run flawlessly since 3.7. >

Re: CARP node crashing reproducibly (4.3-stable)

On Fri, 2008-07-11 at 17:09 +0200, Reyk Floeter wrote: > hi stephan! o;?That was quick! Hi Reyk. > can you also show your carp configuration? Sure (just x'ed out the external IPs as well as passwords). We have a simple master/backup system: carp0: LAN carp1: DMZ carp2: WLAN carp

CARP node crashing reproducibly (4.3-stable)

ewall crashes. Sounds preposterous, I know... We've not had time to examined what packets are exactly sent out on the network by this machine, yet. The crashed machine is still in ddb, so just asked if I should execute some more commands. Should I rather file a bug report? I never know whe

Re: sshd_config(5) PermitRootLogin yes

arrin's belief that if remote-network-postinstall configuration is the standing reason, then I consider myself in disagreement. Also, I think there is a false premise to the argument by Marco and Jacob that disabling remote root login by default does not provide real security, only a fa

Re: sshd_config(5) PermitRootLogin yes

On Thu, 10 Jul 2008, Marco Peereboom wrote: Of course it is enabled by default. Why do I want a box that is freshly installed and unreachable? No -- I just find that most of afterboot(8) can be done from the console; even serial console, at first boot, configure the network, add a non-root

Re: sshd_config(5) PermitRootLogin yes

afterboot(8) covers this Works for me, I guess. =/ ~BAS http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot&apropos=0&sektion=0&ma npath=OpenBSD+Current&arch=i386&format=html

Re: sshd_config(5) PermitRootLogin yes

On Thu, 10 Jul 2008, Brynet wrote: The keyword here is *default*. Say you installed OpenBSD on a soekris, it's nice having root enabled "temporarily". That way you can login at a later time, create a lesser privledged account, On Soekris, does the first boot console acce

sshd_config(5) PermitRootLogin yes

Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup I dont have a fresh install anywhere -- but I want to say that it doesnt default to PermitRootLogin yes after the install. I remember that I filed PRs

<    5   6   7   8   9   10   11   12   13   14   >