On Mon, Aug 30, 2004 at 09:06:33PM -0400, Jason Opperisano wrote:
On Mon, 2004-08-30 at 14:18, cmustard wrote:
rule 1/0(match) block in on rl0: 84.2x.xxx.xx 192.168.3.2.6346: tcp 0 (DF)
rule 1/0(match) block in on rl0: 224.2x.xxx.xx 192.168.3.2.6346: tcp 0 (DF)
to me, this rule says it's
Hello,
We're working on an openbsd/pf based GigE firewall.
I would like to know if amd64 is a good architecture choice ?
Will it be better than i386 ?
In the pf developer interview, 64 bit architecture is recommended, but
they don't really explain why.
Thanks,
Alain
Alain wrote:
Hello,
We're working on an openbsd/pf based GigE firewall.
I would like to know if amd64 is a good architecture choice ?
Will it be better than i386 ?
In the pf developer interview, 64 bit architecture is recommended, but
they don't really explain why.
One of the limitation of i386
On Wed, 1 Sep 2004, Alain wrote:
Hello,
We're working on an openbsd/pf based GigE firewall.
I would like to know if amd64 is a good architecture choice ?
Will it be better than i386 ?
In the pf developer interview, 64 bit architecture is recommended, but
they don't really explain why.
* Mipam [EMAIL PROTECTED] [2004-09-01 12:48]:
On Wed, 1 Sep 2004, Alain wrote:
We're working on an openbsd/pf based GigE firewall.
I would like to know if amd64 is a good architecture choice ?
Will it be better than i386 ?
In the pf developer interview, 64 bit architecture is
On Wed, Sep 01, 2004 at 11:13:11AM +0200, Mipam wrote:
present in OpenBSD, HT will prove usefull as well. Of course it will
require a rewrite of the network stack from running under
the single Giant kernel lock to permitting it to run in a fully parallel
manner on multiple CPUs (as is being
nat and redirection work greet.On 127.0.0.1:3128 is
running squid2.5.STABLE5 transparent proxy + zph
patch wich mark squid HIT packet with tos 0x81.This
also work.My problem is with packet flows
i want to count traffic passed to/from squid to my
users
pass in on $int_if route-to (lo0
* Alain [EMAIL PROTECTED] [2004-09-01 16:04]:
Can you give me your opinion about the choice between amd64 and i386 for
an openbsd/pf firewall ?
buy an amd64. you can still run that in i386 mode should something go
wrong in amd64 mode, what I don't expect to happen at all.
For some reason, google's delivery MXen show Windows TCP fingerprints
now. I doubt they're really using that OS, more likely pf.os needs some
change. Anyway, that's the reason posts and subscribe requests from
gmail addresses were tarpitted this week. I whitelisted their netblock,
so maybe resend
Hi,
Recently, I was pondering something that, as far as I know, pf can't do
at the moment, but would be quite useful (for me at least ;) :
I would like to have an extra condition for rules that matches when a
socket is actually open at a given port, so it would be possible, for
example, to
On Wed, Sep 01, 2004 at 06:43:45PM +0200, Matthijs Bomhoff wrote:
(Or is this already possible with pf, but did I just miss it? :)
Try the 'user' (or 'group') options, see pf.conf(5).
If an incoming connection matches a listening socket (on the firewall
itself), 'user != unknown' is true.
On Tue, 2004-08-31 at 19:31, cmustard wrote:
are those the complete log entries? my log entries look more like
- no, i truncated, I was running tcpdump -neq -ttt -r /var/log/pflog
they were the 'standard/normal' entries:
Aug 31 01:20:15.287341 rule 1/0(match): block in on rl0:
Daniel Hartmeier writes:
For some reason, google's delivery MXen show Windows TCP fingerprints
now. I doubt they're really using that OS, more likely pf.os needs some
change.
Speaking of gmail, would anyone happen to have a spare invite
they could throw my way?
sure
On Wed, 1 Sep 2004 [EMAIL PROTECTED] wrote:
Daniel Hartmeier writes:
For some reason, google's delivery MXen show Windows TCP fingerprints
now. I doubt they're really using that OS, more likely pf.os needs some
change.
Speaking of gmail, would anyone happen to have a spare invite
On Sep 1, 2004, at 20:11, Daniel Hartmeier wrote:
On Wed, Sep 01, 2004 at 06:43:45PM +0200, Matthijs Bomhoff wrote:
(Or is this already possible with pf, but did I just miss it? :)
Try the 'user' (or 'group') options, see pf.conf(5).
If an incoming connection matches a listening socket (on the
Hi,
I'm playing with OpenBSD 3.6-beta.
I wanted to test spamd with greylisting, but it seems that the interaction
with PF is broken. In short spamd doesn't add anything to /var/db/spamd so
I'll never get my IP added to spamd-white
--- pf.conf -
table spamd
On Wed, Sep 01, 2004 at 05:15:14PM +0200, Henning Brauer wrote:
* Alain [EMAIL PROTECTED] [2004-09-01 16:04]:
Can you give me your opinion about the choice between amd64 and i386 for
an openbsd/pf firewall ?
buy an amd64. you can still run that in i386 mode should something go
wrong in
On Wed, Sep 01, 2004 at 03:09:49PM +0200, Henning Brauer wrote:
You are speculating, and you don't really knwo what you are talking
about here... sorry, no GigE chipset interrupts per packet.
I beleive re(4) does, at least with the OpenBSD driver.
But if you are using this cheap, low-end
On Sep 1, 2004, at 5:10 PM, Matthijs Bomhoff wrote:
What I would like to do, is something like the following (just an
example) :
rdr proto tcp to (dc0) port 80 ! open - 10.0.2.2 port 80
i.e. redirect connections to the local webserver to some other host
when the local webserver is not
19 matches
Mail list logo