Tr0go wrote:
Hello Everybody,
Faced like a lot of you with ssh bruteforce automated
attempts on my OpenBSD 3.8 box, I searched the web to
see what others did to protect themselves against
this.
I made the same, forbiding ssh connections with
password and opting for public key
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
William Ross wrote:
Anyone know what's going on with freebsd.org?
I am not sure what you are making reference to but the website comes up
fine for me. Looks like nothing is going on with that piece.
- --
http://www.digitalrage.org/
The Information
All,
If I create a rule like such
table bruteforce persist file /etc/bruteforce
pass proto tcp from any to $www_mail port 22 flags S/SA keep state
(max-src-conn 5, max-src-conn-rate 4/5, overload br
uteforce flush)
Will pf write to the file, I know everything works without writing to a
eric wrote:
On Mon, 2005-12-19 at 20:15:12 -0500, Elijah Savage proclaimed...
DNS is mainly udp traffic at least queries are because large DNS queries
can now spill over to TCP also. But mainly TCP is left for name server
to name server DNS transfers of domains.
Stop spreading these myths
I am trying to redirect web and mail service to a internal server on the
local lan this is my entire pf.conf below and I just can't figure out
for the life of me why this does not work. I did a fresh install from
3.6 to 3.8 on a sparc 20 and I am starting to believe something did not
go right
Peter N. M. Hansteen wrote:
Elijah Savage [EMAIL PROTECTED] writes:
#pass traffic from the net to internal host
pass in on $ext_if proto tcp from any to $www_mail port 25 flags S/SA synproxy
state
pass in on $ext_if proto tcp from any to $www_mail port $web_ports flags S/SA
synproxy state
Anthony Oteri wrote:
I was just having this problem last night and just found the solution
in the pf faq
you may want to look here.
http://www.openbsd.org/faq/pf/rdr.html#reflect
The bottom of this page describes 3 seperate approaches for doing what
you want to do.
On 11/30/05, Elijah
It is working but confused as to why it seems that the flags were
causing an issue nothing was wrong with the config or the install as I
thought. After reading the FAQ again and again and picking up Jacek 2nd
edition book and dusting it off I am wondering why I had to this as it
seems all
Has anyone on the list ever used openbsd as a Firewall and also a VPN
gateway. I have been trying to find how to's or some sort of
documentation on this, especially with using one with Cisco Devices.
Basically using it as a VPN hub to a few Cisco Routers. If anyone can
point me to any
book and it does not address IPSEC Betwwen OpenBSD and Cisco.
-Original Message-
From: Jason Dixon [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 30, 2004 10:45 AM
To: Elijah Savage
Cc: PF Mailing List List
Subject: Re: OFF Topic Might not belong on the list PF anf VPN to
Cisco
environment between OpenBSD and Cisco.
-Original Message-
From: Jason Dixon [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 30, 2004 12:16 PM
To: Elijah Savage
Cc: PF Mailing List List
Subject: Re: OFF Topic Might not belong on the list PF anf VPN to
Cisco
On Dec 30, 2004, at 11:44 AM, Elijah
any specific problems as of yet because
I have not started to set it up I am just trying to do my preliminary
reasearch before jumping in.
-Original Message-
From: Russell Fulton [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 30, 2004 2:06 PM
To: Elijah Savage
Cc: Jason Dixon; PF
vague but I thought I
was clear but obviously my communcation skills are off a bit :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Elijah Savage
Sent: Thursday, December 30, 2004 2:57 PM
To: Russell Fulton
Cc: Jason Dixon; PF Mailing List List
Subject
are the same. Once again your reply is greatly appreciated.
-Original Message-
From: Dave Mangot [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 30, 2004 4:48 PM
To: Elijah Savage
Cc: PF Mailing List List
Subject: Re: OFF Topic Might not belong on the list PF anf VPN to
Cisco
Elijah Savage
All,
I am on a DSL line 1.5/768 and have setup prioritizing acks which works
great for me. But now that I have started sharing my connection with my
next door neighbor and charging him for it and he does a lot of ftp
downloads. So off of my firewall I added another interface dropped the
access
All,
Does anyone know of a way that I can manage hits against an
access-list/pf rule. The request was made that if there are rules put in place
on the firewall to block certain nastiness they would like to track hits on
that certain rule. And if there are not hits on that rule within 30
http://www.devguide.net
Seemed to have been off the net for a few days now, and I ordered the
book from there and have not heard anything about my order.
First let me say thank you to everyone on the list who responded to my
emails and help me get this going and it is the greatest.
Robert what is your problem I had to do a ton of testing to get mine
right but it paid off. And do not go by what your provider says do the
testing with one of your
All,
I have setup squid transparent proxy on my internal network, I would
like to redirect all web traffic to this box without configuring each
client. Here are the links I used to get squid setup, and if I point
each browser to the proxy it works fine and I can see the request in the
squid log
I hate to post this again but I was having some problem with bounced
messages from the list so I had to subscribe from another address. Any
help would be appreciated. Or if anyone see's anything wrong with my
pf.conf it would be highly appreciated if it was pointed out to me.
I tried to setup
Nah my adsl link does not require PPOE thank GOODNESS.
-Original Message-
From: Volker Kindermann [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 19, 2003 10:54 AM
To: Elijah Savage
Cc: [EMAIL PROTECTED]
Subject: Re: Queing on ADSL ACK's
I tried to setup queing based on the faq
21 matches
Mail list logo
