Oh for the love of god... ok I am good. OpenBSD works pretty much as it
should. Someone loaded damn switch ACL's onto this switch.
Off to choke a junior admin to death.
-Geoff
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Geoff Sweet
0x7
inet 66.150.173.62 netmask 0xffc0 broadcast 66.150.173.63
-Original Message-
From: Ted Unangst [mailto:ted.unan...@gmail.com]
Sent: Wednesday, December 01, 2010 2:52 PM
To: Geoff Sweet
Cc: misc@openbsd.org
Subject: Re: Using OpenBSD as a router
On Wed, Dec 1, 2010 at 5:41
BGPD and routed,
but there doesn't appear to be any man page for routed and because my ISP is
statically routing my subnets to me, apparently (according to them) I have no
need of BGP. Could anyone offer any insight or advice on what I am doing
wrong?
Thanks!
Geoff Sweet
I be running out of resources
somewhere?
Thanks for your insight,
Geoff Sweet
.conf.
So after I update the blocked_ip list with the desired IP I run this:
pfctl -k ip_address
before reloading the rules and tables with the -f switch. Kills the
state entries and leaves the user high and dry on the public side of the
firewall.
-Geoff Sweet
-Original Message-
From:
n on $int_if from 10.1.0.0/16 to 10.3.0.0/16 keep state
pass in quick on $int_if
However when I go to add an additional IP to the table, nothing happens.
I append the address to the blocked_ip file, then I issue "pfctl -f
/etc/pf.conf". I can see via tcpdump quite clearly that a given user, in
this case 114.108.128.220, is allowed in through the firewall. And if I
test for the the IP:
sudo pfctl -t blocked_ip -T test 114.108.128.220
1/1 addresses match.
So what gives? Do I need to do something additional to get it to reload
all the table information?
Thanks everyone.
Geoff Sweet
Operations Engineer
WeMade Entertainment USA.
That's why you set min-ttl to it's highest value. You could also look
at 'reassemble tcp'. It modifies ttl setting in the session as well.
But it's meant more for normalizing traffic.
-Geoff
Alexey S. Malyshev wrote:
> On Sun, 30 Oct 2005 10:00:25 -0500
> Jeff Quast <[EMAIL PROTECTED]> wrote:
>
7 matches
Mail list logo
