Great idea. I'll try that when I can schedule a box bounce.
I'm wary of editing /etc/rc though... only supposed to "touch"
rc.local. If anything breaks in rc,
I gotta call in some expensive eyes and hands to edit files for me
remotely.
Thanks.
On 31 Dec 2005 16:29:34 -0800, Randal L. Schwartz <[EMAIL PROTECTED]> wrote:
> Nope. No hostnames.
>
> Any other ideas?
Still no pf.conf, eh? Makes it hard to diagnose.
-ME
--
http://erdelynet.com/
Support OpenBSD! http://www.openbsd.org/orders.html
On Sat, Dec 31, 2005 at 07:43:27PM -0500, Elijah Savage wrote:
> If I create a rule like such
>
> table persist file "/etc/bruteforce"
>
> pass proto tcp from any to $www_mail port 22 flags S/SA keep state
> (max-src-conn 5, max-src-conn-rate 4/5, overload uteforce> flush)
>
>
> Will pf wri
Daniel Hartmeier wrote:
The timestamp is reset when you flush and reload the table with
# pfctl -t bruteforce -Ts >/etc/bruteforce
# pfctl -t bruteforce -Tf
# pfctl -t bruteforce -Ta -f /etc/bruteforce
Hmm, that't bad that there is no way to clear address stats without
flushing the table
On 12/31/05, Karl O. Pinc <[EMAIL PROTECTED]> wrote:
>
> On 12/31/2005 06:29:34 PM, Randal L. Schwartz wrote:
> > Nope. No hostnames.
> >
> > Any other ideas?
>
> Some interface is not working on warm start?
OpenVPN - if you have rules for it, that's very likley the problem.
Make sure you don't h
On Sun, 01 Jan 2006 11:32:46 +0100
Cédric Berger <[EMAIL PROTECTED]> wrote:
> /* clear two address */
> # pfctl -t bruteforce -T? 1.2.3.4 5.6.7.8
c
> /* clear all */
> # pfctl -t bruteforce -Ts | pfctl -t bruteforce -T? -f -
>
>
> I guess the hardest part would be
Well as others indicated you didn't post your pf.conf, however you did
mention something OpenVPN. Are you doing a NAT rdr on the tun interface?
Something similiar to this:
nat on fxp0 from tun0/24 to any -> fxp0
if so there is no IP number set for tun yet as OpenVPN hasn't started yet.
per the
On 01/01/2006 04:32:46 AM, Cédric Berger wrote:
Hmm, that't bad that there is no way to clear address stats without
flushing the table. Actually, there is a function in the kernel and
pfctl library (pfr_clr_astats) - We just forgot to implement it in
the pfctl tool. If nobody beats me, I'll look
The only rule I have related to OpenVPN is
nat on $ext_if from 10.77.77/24 to any -> 209.223.236.162
I presume $ext_if is up before I get to the pf.conf load, or else I
wouldn't have been able to ever run any rules!
But I'll add the message capture (as suggested elsewhere in the thread)
and sc
Hi!
I am new to openbsd and pf.
(Coming from the linux world and hm VERY impressed by openbsd/pf
so far...).
Is it possible to use binat together with rdr?
I want a public server on the dmz_if (192.168.78.0/25) to always answer
with the corresponding public ip address (an alias on the ext_if) whe
Hello all,
I've been spending part of my day here toying with pfsense
(http://www.pfsense.org) while I figure out why OpenBSD past 3.5 panics on
boot on my old hardware... It looks very interesting so far. I do wish
that they'd based it on OpenBSD instead of FreeBSD.
It's basically a very
The problem is NOT with your external address, it's related to the tun
interface created by OpenVPN, please re-read my original post.
so just for grins where does the 10.77.77/24 relate to, the tun interface
that OpenVPN builds? Oh yes, and what about 209.223.236.162? Is that an
IP # on an inter
I have written an IP accounting system using pf labels. It runs every 5
minutes and extracts stats for data entering and leaving my lan. It works
nicely but I want to go to the next level and graph this data at each
interval.
It is a shell script that produces files that contain a single integer
On 1/1/06, Diana Eichert <[EMAIL PROTECTED]> wrote:
> damn I feel like I'm playing 20 questions.
>
> diana
And _still_ no pf.conf.
-ME
--
http://erdelynet.com/
Support OpenBSD! http://www.openbsd.org/orders.html
Hi there,
On Sunday 01 January 2006 23:08, Charles Sprickman wrote:
..
> Any comments on this project? I do like the idea of being able to drop a
> fairly sophisticated "appliance" at a client site that uses pf...
http://www.weisserth.net/index.php?option=com_content&task=view&id=74&Itemid=82
15 matches
Mail list logo
