On Tue, 24 Nov 2009 08:38:07 -0700
Theo de Raadt wrote:
>
> Damn right it will.
>
> Where is it written up? In the manual pages. I can't believe
> we are here in 2009 and people still believe they can get away
> with being an idiot because they believe they are above doing
> research:
>
Not
Red Midnight wrote:
> Whenever I use a default block *log* rule to keep an eye on things, it
> can be noisy. To help a bit (even though they don't actually do
> anything), I use rules like this just to keep it out of the pf logs
That can be way too noisy. You can do 'regular' logging to pflog0
Gerald Chudyk wrote:
For the record:
Thanks to this thread I discovered another idiot in this very cubicle
who failed to perform proper research and was sometimes setting pf
rules to pass dhcp messages. Particularly when troubleshooting a dhcp
problem. I beat him severely, but it probably won't
Theo de Raadt wrote:
Where are the details written up for how pf is bypassed by dhcpd and
dhclient?
Would that mean that the machine with dhcpd could still serve dhcp
requests despite a filter ruleset like this:
block in all
pass out all
Damn right it will.
Where is it wr
On Tue, Nov 24, 2009 at 10:54:54AM -0800, Gerald Chudyk wrote:
> On Tue, Nov 24, 2009 at 7:38 AM, Theo de Raadt
> wrote:
> >
> > Where is it written up? B In the manual pages. B I can't believe
> > we are here in 2009 and people still believe they can get away
> > with being an idiot because they
On Tue, Nov 24, 2009 at 7:38 AM, Theo de Raadt
wrote:
>
> Where is it written up? B In the manual pages. B I can't believe
> we are here in 2009 and people still believe they can get away
> with being an idiot because they believe they are above doing
> research:
>
For the record:
Thanks to this
> Where are the details written up for how pf is bypassed by dhcpd and
> dhclient?
> Would that mean that the machine with dhcpd could still serve dhcp
> requests despite a filter ruleset like this:
>
> block in all
> pass out all
Damn right it will.
Where is it written up? In the m
On Tue, Nov 24, 2009 at 04:45:25PM +0200, Lars Nooden wrote:
> Claudio Jeker wrote:
>
> > Neither dhcpd nor dhclient need any pass rules in pf. Both tools use bpf
> > to steal the packets before they're checked by pf.
>
> I see that has been there for a while.
>
> Now that I look I see that dhcp
Claudio Jeker wrote:
> Neither dhcpd nor dhclient need any pass rules in pf. Both tools use bpf
> to steal the packets before they're checked by pf.
I see that has been there for a while.
Now that I look I see that dhcpd can add addresses to a PF table using
the argument -L. Useful!
Where are
On Tue, Nov 24, 2009 at 04:16:06PM +0400, open...@e-solutions.re wrote:
> Hello,
>
> I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
> rl0 connected directly with internet
> rl1 our network.
>
>
> I configured dhcp and and added it in my rc.conf.local. Restarted the
> openbsd box.
> In my pf.co
On Tue, Nov 24, 2009 at 04:16:06PM +0400, open...@e-solutions.re wrote:
> Hello,
>
> I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
> rl0 connected directly with internet
> rl1 our network.
>
>
> I configured dhcp and and added it in my rc.conf.local. Restarted the
> openbsd box.
> In my pf.co
On Tue, Nov 24, 2009 at 12:16 PM, wrote:
> pass in on $int_if inet proto { tcp, udp } from any to $gw_obsd port 67
> keep state
Hello, you're also missing 68. Just as a point, you shouldn't need tcp
at all, all 67,68 is udp, also keep state is implied now.
Cheers,
Steph
Hello,
I installed openbsd 4.5, with 2 NICs : rl0 ; rl1
rl0 connected directly with internet
rl1 our network.
I configured dhcp and and added it in my rc.conf.local. Restarted the
openbsd box.
In my pf.conf, i added this line :
pass in on $int_if inet proto { tcp, udp } from any to $gw_obsd port
13 matches
Mail list logo
