On 2015-04-27, Brian S. Vangsgaard b...@avalanic.dk wrote:
When using interface groupnames in my pf.conf, I see the same rule 4
times when doing a pfctl -s rules.
The interface group i'm using, have a vlan and carp member.
Ex.
pass in on groupA from groupA:network to groupB:network tag
Stuart Henderson skrev den 2015-04-28 15:55:
Actually this is a bit odd, can't reproduce it here on 5.5 or
-current.
I'm running 5.5 GENERIC.MP
SHA256 (/sbin/pfctl) =
9b84b5b3d846cf2f4c4a189d9711cc5d00c4ea096431df4eaea57ebfcd29de8c
Using a single interface (ex. vlan) will only produce one line (as I
expect it to do) in the pfctl -s rules output.
This is probably the simplest fix. The actual packets you want to
filter
show up on the vlan interfaces anyway.
You'r right, this would be the best solution at the momemnt.
Hi,
I'm getting a strange output from pfctl that I cannot explain, perhaps
someone lurking the list have the answer?
When using interface groupnames in my pf.conf, I see the same rule 4
times when doing a pfctl -s rules.
The interface group i'm using, have a vlan and carp member.
Ex.
pass
http://www.openbsd.org/faq/pf/macros.html
Lists
A list allows the specification of multiple similar criteria within a rule.
For example, multiple protocols, port numbers, addresses, etc. So, instead of
writing one filter rule for each IP address that needs to be blocked, one rule
can be written
Lists
A list allows the specification of multiple similar criteria within a
rule.
For example, multiple protocols, port numbers, addresses, etc. So,
instead of
writing one filter rule for each IP address that needs to be blocked,
one rule
can be written by specifying the IP addresses in a
Am Mittwoch, den 03.12.2014, 11:08 +0800 schrieb Cosmo Wu:
and it parsed correctly using
command pfctl -nf /etc/pf.conf.test
when I loaded it from the
command pfctl -f /etc/pf.conf.test
it grumbled:
pfctl:
DIOCXCOMMIT: Invalid argument
Happens usually, if the pf.conf is
Could anyone run into these problems? thanks!
On 14.11.2014 14:50,
Cosmo Wu wrote:
Hi Misc ,
There is a no-syntax-error pf config
file ( such a pf.conf.test ) ,
but another queue named differently
is created on the same interface.
and it parsed correctly using
command pfctl -nf
Hi Misc ,
There is a no-syntax-error pf config file ( such a pf.conf.test )
,
but another queue named differently is created on the same interface.
and it parsed correctly using command pfctl -nf /etc/pf.conf.test
when I loaded it from the command pfctl -f /etc/pf.conf.test
it
the lease information
to a file, then watch that file for changes (sysutils/entr in ports is good
to trigger running a script based on this), parse the relevant lines, and
reload your PF rules with the -D flag to set macros (e.g. pfctl -D
ext_gw1=$someaddr -D ext_gw2=$otheraddr -f /etc/pf.conf
for changes (sysutils/entr in ports is good
to trigger running a script based on this), parse the relevant lines, and
reload your PF rules with the -D flag to set macros (e.g. pfctl -D
ext_gw1=$someaddr -D ext_gw2=$otheraddr -f /etc/pf.conf).
Hi misc@,
I was wondering about the behavior of OpenBSD in this case (not a
production case at this time).
2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1
LAN interface (Ethernet / IPv4 static address)
WAN1 (em0 DHCP) -
|--- OpenBSD - LAN
On Mon, Aug 04, 2014 at 08:39:10PM +0200, Christophe wrote:
Hi misc@,
I was wondering about the behavior of OpenBSD in this case (not a
production case at this time).
2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1
LAN interface (Ethernet / IPv4 static address)
On 04-08-2014 15:39, Christophe wrote:
I was wondering about the behavior of OpenBSD in this case (not a
production case at this time).
2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1
LAN interface (Ethernet / IPv4 static address)
WAN1 (em0 DHCP) -
trying to do. It uses ifstated to adjust pf rules
dynamically based on usability of the WAN interfaces, load-balancing outbound
connections between the two gateways as well:
https://www.geeklan.co.uk/?p=1564
Thanks and regards,
Christophe.
On Mon, Aug 04, 2014 at 08:39:10PM +0200, Christophe wrote:
Hi misc@,
I was wondering about the behavior of OpenBSD in this case (not a
production case at this time).
2 WAN interfaces (Ethernet / IPv4 DHCP) , linked to an OpenBSD box and 1
LAN interface (Ethernet / IPv4 static address)
On 04-08-2014 17:01, Fabian Raetz wrote:
Maybe giving one of your interfaces a lower priority could solve this
problem in a simple setup?
If used with mpath routing, then probably this would work. As I
mentioned, there is only need to take proper care of the resolv.conf
file, since both
Hello the list.
First, I wish you all a great weekend.
Second, I am wondering if someone knows or has written some tool to prevent
yourself from being locked out of your online ssh server when writing pf
rules.
Something like : copy the new pf rules in /tmp, load them, and ask the user
On Sat, Jun 14, 2014 at 7:17 AM, Stéphane Guedon steph...@22decembre.eu
wrote:
Hello the list.
First, I wish you all a great weekend.
Second, I am wondering if someone knows or has written some tool to prevent
yourself from being locked out of your online ssh server when writing pf
rules
I just use something like
pfctl -v -f /etc/pf.conf.new ; sleep 30; pfctl -f /etc/pf.conf
in a tmux session. That gives me 30 seconds to test what I was going to
test and then reverts to the original file.
--
Gregor Best
--
After I run your program, let's make love like crazed
Le samedi 14 juin 2014 05:55:19, vous avez écrit :
If the user doesn't answer, that means for some reason pf has blocked ssh
connection.
This shouldn't happen as long as you don't flush your state table.
That happened quite often. Obviously I am to blame. Now I take extra
precaution. And
On Sat, Jun 14, 2014 at 01:17:14PM +0200, St?phane Guedon wrote:
Second, I am wondering if someone knows or has written some tool to prevent
yourself from being locked out of your online ssh server when writing pf
rules.
Something like : copy the new pf rules in /tmp, load them, and ask
Hello!
If you are following my debut here in misc@ (if not, please help me to put
our OpenBSD to rock this network!), you are somehow familiar with my
problems. I was trying to reproduce the panic in another context, but
unsuccessful... it only happens in production. Well, this is the ruleset:
I am trying to set up a simple nat on OpenBSD 5.3, I copied from another
config that is working.
ext_if=em0
int_if=em1
ipv6=2607:f2f8:aa18::2
ipv4=208.79.92.130
local_net=192.168.1.0/24
cyrus=192.168.1.2
cyrus_ports = { 2022 }
tcp_serv = { ftp, ssh, http, https, 1, , 8080, 8022,
I forgot to sysctl net.inet.ip.forwarding=1 lol.
On Sun, Jun 2, 2013 at 8:36 AM, John Tate j...@johntate.org wrote:
I am trying to set up a simple nat on OpenBSD 5.3, I copied from another
config that is working.
ext_if=em0
int_if=em1
ipv6=2607:f2f8:aa18::2
ipv4=208.79.92.130
Hi all,
make a table, and have cron update the contents of this table with the
result of the latest resolved ip.
Thanks all three for your answers.
--
Au revoir, 09 51 84 42 42
Gilles Lamiral. France, Baulon (35580) 06 20 79 76 06
Hello,
I need to use an hostname in a pf rule to allow a connection.
The hostname is needed because the resolution is dynamic,
it can change at any minute (TTL 60).
Is there a flag to tell pf to resolve the name each time it tries to match this
part?
The domain name server is trusted and
make a table, and have cron update the contents of this table with the
result of the latest resolved ip.
2013/3/15 Gilles LAMIRAL gilles.lami...@laposte.net
Hello,
I need to use an hostname in a pf rule to allow a connection.
The hostname is needed because the resolution is dynamic,
it can
On Fri, Mar 15, 2013 at 11:16:53AM +0100, Gilles LAMIRAL wrote:
I need to use an hostname in a pf rule to allow a connection.
The hostname is needed because the resolution is dynamic,
it can change at any minute (TTL 60).
host names in pf.conf and friends are resolved at load time so it's
2013/3/15 Gilles LAMIRAL gilles.lami...@laposte.net
Is there a flag to tell pf to resolve the name each time it tries to match
this part?
This would mean having a DNS resolver in the kernel; not going to happen.
On 2013-03-15, Janne Johansson icepic...@gmail.com wrote:
make a table, and
On Fri, Sep 21, 2012 at 09:33:04AM -0700, Ed Flecko wrote:
Does anyone have any suggestions on how to best test the performance
of my PF ruleset? Maybe iperf?
Well, the traffic to your machine will be highly unique based on what
you use it for, so pre-made testing tools will not be adapted to
Does anyone have any suggestions on how to best test the performance
of my PF ruleset? Maybe iperf?
I'm just diving into learning PF and as I make changes to my ruleset,
it would be great if there's a good way of testing the traffic flow
through my OBSD box.
Suggestions?
Thank you,
Ed
Hello,
I have a service listening both on inet and inet6 sockets, so I have inet6
traffic going in to that service
Because I have trunk0 setup, a rule like:
(3) pass in inet6 proto tcp to port $service_port queue services
does not solves the problem, because only few packets and sometimes
/hostname.em6
up
/etc/hostname.em7
inet 172.25.60.1 255.255.255.240
/etc/hostname.bridge0
add em6 add em7 -blocknonip em6 -blocknonip em7 -stp em6 -stp em7
fwddelay 4 up
and my pf rules are simple:
pass in quick on em6 all
pass out quick on em6 all
block in on em7 all
block out on em7 all
pass
172.25.60.1 255.255.255.240
/etc/hostname.bridge0
add em6 add em7 -blocknonip em6 -blocknonip em7 -stp em6 -stp em7
fwddelay 4 up
and my pf rules are simple:
pass in quick on em6 all
pass out quick on em6 all
block in on em7 all
block out on em7 all
pass in quick on em7 proto tcp from any to any
Hi,
I created a virtual instance of OpenBSD 5.0 x64 RELEASE edition using
VirtualBox and set it up to be used as router/gateway with NAT.
Taking this:
http://www.openbsd.org/faq/pf/example1.html
as an example for practically getting to know packet filter which I've
never used before and get
I had this gateway with NAT working fine until I added another for
load balancing using carp. So now I've been slowly discovering the ins
and outs of carp in PF rules. Namely that packets seem to be going in
and out of the physical interfaces, but in on the carp interfaces at
the same time. Only
Stefan Midjich sweh...@gmail.com:
I had this gateway with NAT working fine until I added another for
load balancing using carp. So now I've been slowly discovering the ins
and outs of carp in PF rules. Namely that packets seem to be going in
and out of the physical interfaces
System: OpenBSD 4-9 i386
I am pasting a link to the entire PF ruleset.
http://pastebin.com/vdbidqAL
I would be grateful if someone more knowledgeable about PF would
explain to me why I can't browse an FTP server (eg., ftp.heanet.ie)
from a client (eg., Firefox) behind the firewall with the
On Wed, 14 Sep 2011 15:21:42 +0100
Gerard Lally ger...@netmail.ie wrote:
I would be grateful if someone more knowledgeable about PF would
explain to me why I can't browse an FTP server (eg., ftp.heanet.ie)
from a client (eg., Firefox) behind the firewall with the rules as
they stand.
Sorry
Gerard Lally ger...@netmail.ie writes:
System: OpenBSD 4-9 i386
I am pasting a link to the entire PF ruleset.
http://pastebin.com/vdbidqAL
I would be grateful if someone more knowledgeable about PF would
explain to me why I can't browse an FTP server (eg., ftp.heanet.ie)
from a client
2011/4/17, gdrm g...@email.it:
table terlarang persist file /etc/terlarang
block in quick on re0 from terlarang
in /etc/terlarang
10.0.0.0/8
192.168.0.0/16
xxx.xxx.xxx.xxx
Muhammad Muntaza bin Hatta
--
Indonesia
http://muntaza.wordpress.com
Hi, i don't know more about pf, i will want block this IP black list and i
want block ssh and telnet out from my lan...this is the right mode?
Can I put this IP black list in a file and use it whit pf tables?
Thanks vvm!
block in on re0 proto {tcp udp } from { x.219.37.16, 209.160.28.116 \
,
But, it always directs to one particular ip address. How to see load
balancing?
today, I myself learnt it from the below url
http://www.openbsd.org/faq/pf/pools.html#incoming
match in on $ext_if proto tcp to port 80 rdr-to $web_servers \
round-robin *sticky-address *
*
* Successive
Hi list,
I have 3 web servers running on port 8080 behind PF firewall. I am trying
to load balance these incoming connections to these web servers.
I wrote rules as below. Pls pay attention to *highligthed BOLD* rules .
they are the once I have written. But, I can NOT login to these web
On Tue, Feb 01, 2011 at 02:22:25PM +0530, Indunil Jayasooriya wrote:
I have 3 web servers running on port 8080 behind PF firewall. I am trying
to load balance these incoming connections to these web servers.
I wrote rules as below. Pls pay attention to *highligthed BOLD* rules .
they are
Indunil Jayasooriya P?P8QP5Q:
Hi list,
I have 3 web servers running on port 8080 behind PF firewall. I am trying
to load balance these incoming connections to these web servers.
I wrote rules as below. Pls pay attention to *highligthed BOLD* rules .
they are the once I have written. But, I
*match in on $ext_if inet proto tcp to $ext_if port 8080 rdr-to
$web_servers
\
round-robin sticky-address *
You need to pass the inbound traffic somehow (match doesn't do this).
Either change the 'match in' above to 'pass in',
YES, changed. It worked.
or add another rule
2011/2/1 Indunil Jayasooriya induni...@gmail.com
# macros
(...)
web_servers = { 192.168.x.64, 192.168.x.66, 192.168.x.67 }
lan_net=192.168.x.0/24
A table isn't better? I mean, we can control it without reloading the pf
rules and the matching algorithm is better.
Hello there,
I posted previously my doubt with the follow subject: 4.7 and ftp-proxy
I don't know what are occurring.
I have the follow rules:
table ftp { address1, address2, address3 }
table ftppriv { internal_addr1, internal_addr2 }
pass in quick on $int_if proto tcp from ftppriv to port
Hello,
I was wondering if someone can help me with PF rules..it doesn't have to be
exact syntax-maybe a high level explanation might be enough.
Internet
|
BSD
|
/ \
192.168.10.0/24
On Fri, Mar 12, 2010 at 1:06 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote:
Local IPv6 redirects do not work at least not to ::1. This is a
bu^Wfeature in netinet6. It seems none of our IPv6 users care to much to
fix it (or they're equaly scared of the code).
Hi,
Thanks for the help.
On Thu, Mar 11, 2010 at 6:45 AM, Mattieu Baptiste mattie...@gmail.com wrote:
correctly routed on my firewall. But as I don't want to route a giant
port range for FTP on this firewall, I intend to use ftp-proxy. But
the rdr-to rule doesn't seem to redirect packets to the ftp-proxy
process.
I
On Mon, Mar 08, 2010 at 10:36:46AM +0100, Mattieu Baptiste wrote:
Hi all,
I have a public FTP server accessible through redirections on my
firewall via ftp-proxy (my server has a private IPv4 address on a
local subnet).
I d'like to make it accessible through my IPv6 connectivity (gif
On Tue, Mar 9, 2010 at 5:02 PM, Mattieu Baptiste mattie...@gmail.com wrote:
I d'like to make it accessible through my IPv6 connectivity (gif
tunnel with hurricane electric). With this IPv6 connectivity, all my
servers have public addresses. But I can't find a way to do it with
ftp-proxy which
On Thu, Mar 11, 2010 at 1:54 AM, FRLinux frli...@gmail.com wrote:
Just a shot in the dark here but why not enabling your local net with
router advertisement? (man rtadvd)
rtadvd has to do with stateless autoconfiguration. I use it on my
private local network. On my dmz, all machines are
On Mon, Mar 8, 2010 at 10:36 AM, Mattieu Baptiste mattie...@gmail.com wrote:
Hi all,
I have a public FTP server accessible through redirections on my
firewall via ftp-proxy (my server has a private IPv4 address on a
local subnet).
I d'like to make it accessible through my IPv6 connectivity
Hi all,
I have a public FTP server accessible through redirections on my
firewall via ftp-proxy (my server has a private IPv4 address on a
local subnet).
I d'like to make it accessible through my IPv6 connectivity (gif
tunnel with hurricane electric). With this IPv6 connectivity, all my
servers
On Wed, Feb 17, 2010 at 07:51:03AM +0100, Per-Olov Sj?holm wrote:
On 17 feb 2010, at 02.07, Randal L. Schwartz wrote:
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at
On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote:
:Answer correctly or don't answer at all.
It seems to me that people *did* answer correctly. But, their answer
was not what you wanted to hear.
The answer: don't use port knocking, use a randomized url.
On 17 feb 2010, at 12.38, Peter Hessler wrote:
On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote:
:Answer correctly or don't answer at all.
It seems to me that people *did* answer correctly. But, their answer
was not what you wanted to hear.
The answer: don't use port
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in use on a port that is fake I want
to dynamically add a PF rule for a
I will access non critical info but want at least a port knocker as security.
s/security/inappropriate self-touching/
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sj?holm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports from
certain IP:s.
I will access non critical info but want at least a port knocker as security.
If I access an IP on my DMZ that is not in
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov Sjvholm wrote:
Hi misc
I am looking for a tool to use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
Why not require a authentication token in the url?
On 16 Feb 2010 10:59, Per-Olov SjC6holm pe...@incedo.org wrote:
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov...
How do you use authpf from a IPhone or similar...
The reason is to use and
Per-Olov SjC6holm wrote:
How do you use authpf from a IPhone or similar...
Probably Fugu or Cyberduck or, if you can get a shell, plain openssh, as
Fugu is a UI for the client.
http://rsug.itd.umich.edu/software/fugu/
http://cyberduck.ch/
/Lars
On 16 feb 2010, at 11.04, Floor Terra wrote:
Why not require a authentication token in the url?
On 16 Feb 2010 10:59, Per-Olov SjC6holm pe...@incedo.org wrote:
On 16 feb 2010, at 10.40, Claudio Jeker wrote:
On Tue, Feb 16, 2010 at 10:22:04AM +0100, Per-Olov...
How do you use authpf from a
Per-Olov Sjvholm pe...@incedo.org writes:
How do you use authpf from a IPhone or similar...
There are ssh clients for iphones, just look in the app store. The
one i ended up installing has gone up in price it seems to (shock,
horror) NOK 35 (about USD 6), but I see one at NOK 6 (about a
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers seamlessly
with ease of use for the users.
The reason for the post was just to see if there is already any tools for this
purpose, which is
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is a
dumb idea better spend your time reading on authpf(8).
--
:wq Claudio
How do you use authpf from a IPhone or similar...
The
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is
a
dumb idea better spend your time reading on authpf(8).
--
:wq Claudio
How do you use
On 16 feb 2010, at 11.17, Peter N. M. Hansteen wrote:
Per-Olov Sjvholm pe...@incedo.org writes:
How do you use authpf from a IPhone or similar...
There are ssh clients for iphones, just look in the app store. The
one i ended up installing has gone up in price it seems to (shock,
horror)
On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help. Maybe
you can figure it out. I will not give more hints since port knocking is a
dumb idea better spend
On 16 feb 2010, at 11.44, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with ease of use for the users.
You appear to have
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with ease of use for the users.
You appear to have asked about clients for the iphone, not all
On 16 feb 2010, at 11.35, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:28:28AM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 11.17, Bret S. Lambert wrote:
There is a way to do port knocking in pf without any external help.
Maybe
you can figure it out. I will not give more hints
On 2010-02-16, Per-Olov Sj?holm pe...@incedo.org wrote:
The reason is to use and RSS reader that cannot autenticate. I want some sort
of security for it even though it's not critical.
https://some.host/super-sekrit-password-here/feed.rss gives more
security than trying to use a web browser
Hi again Lars...
And important addition below
On 16 feb 2010, at 11.44, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
On 16 feb 2010, at 11.11, Lars Nooden wrote:
http://rsug.itd.umich.edu/software/fugu/
Noop. Can't see that these will work and all phones and computers
seamlessly with
Just put your data on some funny port, then? Or give it a long and hard
to guess name, that might actually have sufficient entropy to be any
use.
A less-than-16-bit random port is rather easy to guess.
And, if you really want to do port blocking, read the pf man page. It is
possible with a rule
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to endorse your preferred approach?
and the tradeoffs you _always_ have to make.
Yes, you make tradeoffs, but you're asking for
Per-Olov Sjvholm p...@incedo.org writes:
None said anything about a password.. From where did you get that? I don't
have a plain text password.
A port knocking sequence is for most purposes a password, encoded in a
16 bit alphabet. That's it - port numbers run from 0 through 64k,
although
Per-Olov Sjvholm wrote:
...Or did miss something here?
You missed quite a lot. I would recommend looking up the following
before aggravating a larger public:
client - server architecture
client application
server (daemon)
rss
ssh
http, https
On 16 feb 2010, at 12.06, Lars Nooden wrote:
Per-Olov Sjvholm wrote:
...Or did miss something here?
You missed quite a lot. I would recommend looking up the following
before aggravating a larger public:
client - server architecture
client application
server (daemon)
On 16 feb 2010, at 11.57, Stuart Henderson wrote:
On 2010-02-16, Per-Olov Sj?holm pe...@incedo.org wrote:
The reason is to use and RSS reader that cannot autenticate. I want some
sort
of security for it even though it's not critical.
https://some.host/super-sekrit-password-here/feed.rss
On 16 feb 2010, at 12.07, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to endorse your preferred approach?
and the tradeoffs you _always_ have to make.
On Tue, Feb 16, 2010 at 12:27:44PM +0100, Per-Olov Sj?holm wrote:
On 16 feb 2010, at 12.07, Bret S. Lambert wrote:
On Tue, Feb 16, 2010 at 11:44:12AM +0100, Per-Olov Sj?holm wrote:
See my post to Peter H. You obviously have not worked with security
Why? Because I'm unwilling to
On 16 feb 2010, at 12.06, Peter N. M. Hansteen wrote:
Per-Olov Sjvholm p...@incedo.org writes:
None said anything about a password.. From where did you get that? I don't
have a plain text password.
A port knocking sequence is for most purposes a password, encoded in a
16 bit alphabet.
Per-Olov Sjvholm p...@incedo.org writes:
we have to use something that works from all places. The content is
not a secret, but something you have to pay a little for. So... not
critical.
Being the lazy git that I am, I could imagine that simply generating a
sufficiently obfuscated set of
So if anybody can come up with a better approach I will be very happy.
You've already been told, by multiple people, that a better approach is
to use the things that are available to you via the rich possibilities
of HTTP to solve this problem.
Sometimes, you're the lone genius who is
On Tue, Feb 16, 2010 at 12:27 PM, Per-Olov SjC6holm p...@incedo.org wrote:
There is no authentication available in most RSS clients. If it was, i would
of course prefer or at least consider that. I am not that stupid you know.
https://example.com/feed.php?user=floortpasswd=SUPERSECRET
Every
2010/2/16 Per-Olov SjC6holm p...@incedo.org:
Hi misc
I am looking for a tool use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
security.
If I access an IP on my DMZ that is not in use on a port that is
On 16 feb 2010, at 17.17, Eugene Yunak wrote:
2010/2/16 Per-Olov Sjvholm p...@incedo.org:
Hi misc
I am looking for a tool use as a trigger for dynamically open PF ports
from
certain IP:s.
I will access non critical info but want at least a port knocker as
security.
If I access an IP on
On Wed, Feb 17, 2010 at 12:40:02AM +0100, Per-Olov Sj?holm wrote:
| Amazing that so many people in this forum cannot read and therefor answer to B
| when I ask for A.
It's amazing that you get so much free (and good, imo) advice and then
not only completely ignore it, but even go out of your way
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at all.
As I snipped off a Usenet group once:
Get real! This is a discussion group, not a helpdesk. You post
something
On 17 feb 2010, at 02.07, Randal L. Schwartz wrote:
Paul == Paul de Weerd we...@weirdnet.nl writes:
Paul Jeez... As an asker, you don't really get to decide how or what other
Paul people answer, or if they even answer at all.
As I snipped off a Usenet group once:
Get real! This is a
Well,
My rules of rdr now work, but dont log on. Only the out of rdr port 8080.
Any suggestion?
Thanks,
Bye.
2010/1/14 PsYkHe psyk...@gmail.com
Damn man!!!.Holy crap.I really forgot this detail...
Thanks Man.
Regards.
did you net.inet.ip.forwarding=1 in sysctl?
regards
I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
Slackware 13 to can talk throught of host-only. But the main problem now is
the OpenBSD make a rdr to webserver Slackware. Well, I'll try descrive the
situation:
The OpenBSD 4.6 has two interfaces:
One bridge
One
did you net.inet.ip.forwarding=1 in sysctl?
regards
karl-heinz
On 14.01.2010, at 16:10, PsYkHe wrote:
I'm in troubles to put a router/firewall Openbsd 4.6 at vmware and at
Slackware 13 to can talk throught of host-only. But the main problem now
is
the OpenBSD make a rdr to webserver
101 - 200 of 297 matches
Mail list logo