> How to create Network interface and how to configure ip address in NetBSD
> 5.2 manually command line.
> Please send me the procedure.
Where did you find that old box? Anyway, I assume it should
be like this:
# ifconfig inet 192.168.1.1 netmask
Else, if you boot, just put in your /etc/ifconfig
> Huh? Keeping state is exactly why, I believe, it was not working
> properly. Adding "no state" was the critical change.
>
> > What if you remove "no state"?
>
> Then it will once again treat continuing connections as the same
> connection and fail to block it.
I have to rethink about this. T
> I have set up an intrusion detection system on my ISP. In my pf.conf I
> have the following two lines.
> table persist
> block in quick log on $ext_if from
Openbsd and netbsd versions might differ a lot.
It should read a file from file system and act
accordingly. Good thinking and possible.
I might miss something from this thread.
Would you, please, repeat what you did and
what was the intent?
I use pf on openbsd node and on rpi. As far
as I know, you have to reload configuration
file to have it on. Dynamically loaded rules
could be a problem, due to disconnection of
the session. I re
To report back how it went with raspberry pi, current
and loading modules.
First, I made rc.d file to check out if loading modules
might work. And it did. With loaded pf module, I parsed
pf.conf using safe net (sleep 400; pfctl -d). Since I
was pleased with output, I used pf=YES in rc.conf and
got
> I wouldn't use this, as module loading and firwalls on the same machine
> somehow make me quite nervous, but that is not the point here.
That is the point, nobody can't deny it. Take a look at openbsd also.
> Wether we should create a more general facility like the modules.conf I
> suggested, i
> Of course, this is by design. The point is to finish all work that needs 0
> before it rises.
Yep. /etc/rc.d script might be the solution. Or as you suggested
few days ago, modules.conf or alike.
Zoran
> If you want to keep the securelevel at 0 so you can load modules by hand
> after the boot finishes, add securelevel=0 to /etc/rc.conf
So far, when set to 0, it goes to 1. Kernel option compiled in.
Zoran
> Why are you trying to change the security
> level to -1? If you want to load a kernel module, you need simply to do
> so before the system is running at securelevel 1 during the boot process.
Exactelly!
I was wondering if it was possible to just load the module
and pfctl/npfctl latter. With hel
> I've never understood the reason for "last one wins". That seems like
> unnecessary work, checking all those rules that may or may not be
> winning in the end. And you can get the same effect with a "first one
> wins" system (hence more efficiently) if you simply reverse the order of
> the rules.
> Seriously, why aren't you using NPF? NPF is the packet filter that is actually
> being developed on and for NetBSD.
I'm not familiar with it.
On freebsd I use ipfw, with rules that first one wins.
On pf I know that the last one wins. Cannot be so sure
reading npf howto. My bet is that the last w
Just after I made a decission what to do, I stopped
on the very first step:
# modload pf
modload: Operation not permitted
So, I have not pf module loaded at all.
How could I solve this issue? 7.99.1 on rpi.
Best regards
Zoran
So far I made a lot of mistakes. One of them was not
checking secure level. It is 1. So, I cannot load
modules.
The way out seems to be /boot.cfg, but I do not have
it on rpi. Should I make it by the hand?
Like:
load pf
Any idea would it work? I'd like to avoid bricking
the node.
Best regards
> Is the serial port not working with netbsd?
> With Raspbian I often use a FTDI cable to access the system over the serial
> port.
I put rpi behind the closet. I see this as a proof of the concept.
Aside my previous idea (pfctl; shutdown -r +10), I got answer:
sleep ; pfctl -d
My biggest puzzle
> NetBSD su remembers your login id, unlike su used in some other OS.
> Try id -p as root to see this.
I got answer with "su -" as the solution. Still it says
zoran@localhost, but I care no more about it.
> I redirect my root mail to main user address using /etc/mail/aliases
> (if that helps)
su
I intent to load pf firewall on rpi and not stay
locked out of the node. The only comminication is
via ssh.
My plan is to try out rules and, for every safety,
reboot the node to state without pf. Like this:
# modload pf
# pfctl -f /etc/pf.conf; shutdown -r +10
If I make permanent move to "pf=YES"
On raspberry pi I installed 7.99 and use
su to get root. At first, I spoted that,
during shutdown, message says it came from
zoran@localhost. I expected root@localhost.
Now, I have a lot of problems configuring
mail app. I could send mail outbound via
sender_canonical_maps, send from root to
user c
After installing on raspberry pi, I found few articles,
how to help sd card to live longer. What is neccessary
to put in conf files for that?
I.e. to have in fstab:
/dev/ld0a/ffs rw,noatime,nodevmtime 1 1
Then to put into /etc/rc.conf:
syslogd=NO
manpagedb=NO
savecore=NO
> Are you looking for nyftp.netbsd.org/pub/NetBSD-daily/HEAD/ .
The server was down. Reappeared.
I installed on rpi. Had to solve few problems, but
now I have a little toy to play with.
Best regards
Zoran
I try to install rpi with rpir_inst and
just cannot get nyftp.netbsd.org/pub/HEAD.
Is the server down or something else?
Zoran
> No, it's a hardware issue. I requires an admin to go to the data
> center to fix it; hopefully this should get fixed today.
Thank you for info.
For some reason, I have a problem posting to netbsd list and
finding head sets on servers.
I suppose if rpi_inst asks for 7.99 dir, it should exist
some
I have a problem installing on raspberry pi,
since I cannot get nyftp and using older rpi_inst,
cannot get sets from remote node.
Does it have something with tcp advisory?
Zoran
> I think it is from OpenBSD 4.2 and 4.3-current. See the src/doc/3RDPARTY
> file about it.
Pretty old. :)
> You may want to consider learning NPF which is maintained in NetBSD.
> Probably some here can help you convert rules as needed.
I read tutorial and stayed puzzled.
Let's try:
set ski
What is pf firewall version on current (7.99)?
I plan to istall on rpi. Rules are already made,
but I'm aware that version might be a bit old
and syntax not the same as on openbsd.
Best regards
Zoran
> There is a brief overview of the sets in INSTALL documents, see e.g.:
> http://ftp.netbsd.org/pub/NetBSD/NetBSD-6.1.4/amd64/INSTALL.html#Binary%20distribution%20sets
Thanks! That's it!
I plan to get rpi and install arm port on it. I was sure
I wanted man pages and kernel modules. Miscellaneous w
I'd like to know what exactelly install sets contain.
Kernel and compiler tools are obvious. But, what is
in miscellaneous, text process tools etc.
Just cannot find the proper link for this.
Best regards
Zoran
26 matches
Mail list logo