Re: PF rule - am I being stupid ?

> I think it is caused by the packets blocked having the RST flag set -- a > consequence of specifying "flags S/SA" in rule @39. Check out man > pf.conf. Look for section about "flags a/b | any" (line 317 here). The S/SA wasn't set explicitly my me, its the default. Out of interest, would this

Re: Equipment for OBSD based firewall

I am a big fan of Decisio (https://www.deciso.com/product-catalog/) Yes, it comes out of the box with "another BSD" preloaded, but you can easily take care of that in a few minutes courtesy of a USB console and a USB key with Mr de Raadt's opus magnum on it. ;-) ‐‐‐ Original Message

PF rule - am I being stupid ?

Hi, I'm banging my head against a brick wall here trying to figure out why PF (on OpenBSD 6.3) is allowing some packets but blocking others ? Here's the tcpdump: Sep 05 18:07:45.084191 rule 39/(match) pass in on vlan108: 192.0.2.150.49156 > 198.51.100.158.20001: udp 47 Sep 05 18:07:45.084220

Re: OpenBGPD as route server - correct filter syntax ?

Thanks for your reply. > > If you are configuring a route server, you don't want "route-collector yes". > Or if you want a route collector, it won't advertise any route so your > concerns > are null. Interesting point. My understanding was that a route server did not make any best-path

OpenBGPD as route server - correct filter syntax ?

Hi, I'm trying to figure out the most suitable config params transform OpenBGPD into a route server. So far I have : route-collector yes transparent-as yes But my concern is more in the area of suitable filters to prevent loops. I'm thinking I need something along the lines of : allow to any

browser security

vmware recently released a program which kind of chroot jails the browser. http://www.vmware.com/vmtn/vm/browserapp.html im not a programmer myself, but i was wondering if perhaps using a similar technique we could lock down the browsers in openbsd? seems to me that would increase security

Re: browser security

Dec 2005 05:41:30 -0800, Bob Smith [EMAIL PROTECTED] wrote: vmware recently released a program which kind of chroot jails the browser. http://www.vmware.com/vmtn/vm/browserapp.html im not a programmer myself, but i was wondering if perhaps using a similar technique we could lock down

Re: browser security - restricted user

Just a thought: sudo -u $some_restricted_user $your_preffered_browser ? good that you brought this up; i been wondering about this too. does it help? if so how come there isnt a default non-privileged user created for, say, firefox when the pkg is installed? like there is for bitlbee