://www.via.com.tw/en/products/mainboards/mini_itx/epia_pd/
These have dual on-board LAN and you can easily use the PCI slot for a third
network interface. I hear they're a bit on the pricy side though, so a
complete system may cost a bit over $300.
Wouter Coene
away soonish I'd
like to ask anyone linking to it to link to the OpenBSD PF FAQ instead. I'd
also like to ask any mirrors to stop mirroring it (and thanks for doing so
by the way).
If people are interested in the LaTeX sources, send me a private message.
Regards,
Wouter Coene
phusion wrote:
Hi, I've been having a problem logging port 22
traffic. Here is some of my pf.conf file. Let me know
what you think. Thanks.
So what's the problem exactly? Or do you expect us to somehow
magically guess your problems?
pass in log on $ext_if inet proto tcp from any to $ext_if \
Russell Fulton wrote:
Does anyone know of any software that will forge packets (SYNs and UDP
should be enough) for a list of IPs and ports that I can use for testing
in future.
Back when OpenBSD still used IPFilter there used to be a program called
ipftest, which could be used to test rulesets
Cedric Berger wrote:
Wouter Coene wrote:
This code should allow for quite clean extension of both the mode and
scope options, or other interface suffixes someone might think of.
I'm not sure I understand why there is that __KAME__ ifdef now,
but besides that, I like that patch better
on the
syntax of its first implementation seems a bit premature to me.
Wouter Coene
using something hard-coded that could change in the future (like the switch
from classed to classless network addressing in IPv4 for example).
Wouter Coene
Wouter Coene wrote:
Cedric Berger wrote:
I like theses patch, with one little exception.
You define in the code a new concept scope
in addition to mode. I think this is very good.
But then, I don't like the:
- network-local
- network-routable
combinations. And if we expand either the scope
is
yes) in /etc/pf.conf, after applying this patch and rebuilding your pfctl.
Note: when youre omitting link-local addresses, you should probably add
a default block rule (if you havent got one already) to your ruleset.
Regards,
Wouter Coene
--- parse.y 1 Sep 2003 15:07:40 - 1.415
Henning Brauer wrote:
On Sun, Nov 09, 2003 at 05:34:45PM +0100, Wouter Coene wrote:
For those who don't really use their IPv6 link-local addresses and who
would like to shrink their ruleset a little, here's a patch against
OpenBSD 3.4's pfctl to add an option to omit these completely from your
Wouter Coene wrote:
Perhaps another suffix along the lines of
':network' and ':broadcast' that omits non-routable addresses
(':routable', ':network-routable')?
Attached is a patch that implements this. So now you can write:
pass in on gif0 from any to gif0:routable
11 matches
Mail list logo
