> On 20 Apr 2014, at 19:24, Henning Brauer wrote:
>
> * Andy Lemin [2014-04-09 00:14]:
>> For PF, I wouldn't recommend using anchors as I *think* their slower
>
> where on earth are people getting this ridiculous ideas from?
Can't remember. Thanks for confirming otherwise.
>
>> You also want
* Andy Lemin [2014-04-09 00:14]:
> For PF, I wouldn't recommend using anchors as I *think* their slower
where on earth are people getting this ridiculous ideas from?
> You also want to be using tables if you want performance.
that sentence makes no sense whatsoever.
> Sent from my iPhone
fid
..and a way to have it revert in 2 minutes unless the operator does
, for the times when you cut off the branch you are sitting on.
2014-04-09 23:55 GMT+02:00 Adam Thompson :
> I should add that once using source control abs a script to manage edits
> to pf.conf, it is easy to use at(1) to simu
I should add that once using source control abs a script to manage edits to
pf.conf, it is easy to use at(1) to simulate Juniper's "commit confirmed"
feature, adding another level of safety.
-Adam
On April 9, 2014 7:50:14 AM CDT, Giancarlo Razzolini
wrote:
>Em 09-04-2014 06:31, Stuart Henderso
Em 09-04-2014 06:31, Stuart Henderson escreveu:
> On 2014-04-08, Giancarlo Razzolini wrote:
> If you're going to script this, you could have it make a copy of the
> file and work on that, so an unexpected reboot won't leave you with a
> pf.conf that may have errors.
>
> For even more safety, you c
2014-04-09 11:31 GMT+02:00 Stuart Henderson :
>
>
> Hmm.. It is often fairly quick to pick up rules which over-block (though
> problems with jobs which only occur weekly or monthly can take a while to
> track down, and also there are situations where you won't notice a
> problem until all firewall
On 2014-04-08, Giancarlo Razzolini wrote:
> I find it very useful using a very simple script I created that:
> 1) Opens up /etc/pf.conf using whatever editor is in $EDITOR
> 2) After you save it, it uses pfctl -nf to check pf.conf syntax
> 3) If you made a mistake, it warns you and
Em 08-04-2014 19:13, Andy Lemin escreveu:
> Hi Wiesław,
>
> Definitely support your desire to try to add more structure to your PF
> writing! :)
>
> We use git to version control PF and many other files (over 60 files across
> an OBSD system now come to think of it).
>
> For PF, I wouldn't recomm
On Tue, Apr 08, 2014 at 03:39:54PM -0600, Daniel Melameth wrote:
> On Tue, Apr 8, 2014 at 12:47 PM, Wies??aw Kielas
> wrote:
> > I'm trying to achieve something similar to Cisco's firewall contexts or
> > Juniper's virtual systems with PF and OpenBSD.
> >
> > Currently I run an OpenBSD box as a fi
Hi Wiesław,
Definitely support your desire to try to add more structure to your PF writing!
:)
We use git to version control PF and many other files (over 60 files across an
OBSD system now come to think of it).
For PF, I wouldn't recommend using anchors as I *think* their slower and
restrict
On Tue, Apr 8, 2014 at 12:47 PM, Wiesław Kielas
wrote:
> I'm trying to achieve something similar to Cisco's firewall contexts or
> Juniper's virtual systems with PF and OpenBSD.
>
> Currently I run an OpenBSD box as a firewalling device for multiple
> environments, most of them independent of each
Hi misc@,
I'm trying to achieve something similar to Cisco's firewall contexts or
Juniper's virtual systems with PF and OpenBSD.
Currently I run an OpenBSD box as a firewalling device for multiple
environments, most of them independent of each other. My main problem
with this arrangement is that
12 matches
Mail list logo
