| |
| |
| |
|
Page: 1 2 3 4 5
Comments:
<0> hubertEF- but it would be good practice to, by default, snscanf it in first?
<1> "depends"
<1> don't use it for the format string
<1> and then think about what you do with the resulting string
<1> and what any bad user could do
<0> okay
<0> what does don't use it for the format string mean?
<1> printf(argv[1]);
<0> oh, don't use argv for an outputted string
<0> without sanitizing it first
<0> alright, I'm heading home
<1> sanitizing?
<1> you can use argv for printing a string
<1> just do it like printf("%s", argv]1]);
<1> google "format string attacks" for why
<2> sub here ?
<2> just wanted to say that the problem is solved :)
<1> so, what do you find cool in 4.0_BETA? :)
<3> we're already on 4.0_BETA?
<3> wow, time to do some updating
<4> hubertEF: the same things I find cool in 3.99.21-ish ;)
<3> I'm running 3.99.21 on my one -current machine
<1> tgen: list them
<2> can anyone tell me how to rerun the firewall again
<2> ?
<4> hubertEF: ACPI mainly
<1> brb
<4> Xen3 (though that's in netbsd-3 as well)
<4> manowarr: ipf? /etc/rc.d/ipf restart
<5> Any Soekris 4801 owners out there?
<5> I think it's /etc/rc.d/ipfilter
<4> s/ipf/&ilter/
<4> jlam: ;)
<2> TGEN thx :)
<3> well, now I've done it
<2> yeah its ipfilter :)
<3> in a year or so... there'll be a mrs. dive
<3> scary
<4> dive: you mean, you're getting a genderchange? ;)
<4> dive: congratulations man :)
<3> god damnit, I knew someone was going to say that
<3> :P
<3> thanks :)
<3> <her> please don't
<4> so, after Greywolf and Shaded, another one bites the dust ;)
<4> heh :)
<3> there's only one thing for it
<2> i just ****ed up everything :S
<2> damn
<3> dive@ender:/media/audio/mp3/queen/greatest hits % mplayer 02-another_one_bites_the_dust_192_lame_cbr.mp3
<3> :P
<4> :)
<2> is there a way to filter port 80 like i used to do on linux ? i'm new on netbsd
<5> what do you mean by "filter port 80"?
<4> what do you mean with filter?
<4> heh
<2> i mean stop outside connections on port 80
<5> I think my brain waves are leaking.
<2> but still work if i run it localy
<4> manowarr: block port 80 on your external IPs/interfaces
<4> jlam: may I suggest a tinfoil hat? :)
<2> yeah
<2> TGEN
<4> ./` Hey! I feel good ./`
<3> manowarr: block in quick on <interface> proto tcp from any to any port = 80
<6> anyone have a tcsh bindkey command for backspace to work in wscons?
<2> i've wrote that without putting the interface and messed up everything
<2> dive i've done it and restartd ipf
<2> but i can still connect
<3> hmm
<3> you must have a permit rule higher up
<3> I run with default block all
<2> 22/tcp open ssh
<2> 53/tcp open domain
<2> 80/tcp open http
<2> yeah but i cant do that if i block port 80 internet on other pcs wont run like it is now
<2> i've tried to block it b4 online gaming and other stuff stopped working
<4> manowarr: then put an allow rule lower, and get rid of the 'quick' keyword
<2> rule lower ?
<2> block on rtk1 proto tcp/udp from any to any port = 80
<2> ?
<2> like this u mean ? sorry but i'm still new at it
<4> manowarr: rules are evaluated top-to-bottom
<4> manowarr: the last matching rule is applied to a packet
<4> manowarr: except when a matching rule has the 'quick' keyword, then that rule is applied immediately
<4> and further matching of rules cancelled
<4> manowarr: so, if you have a 'block quick' rule above a 'p***' rule which both match the packet, the block rule is applied anyways
<4> manowarr: so, in order to have the packet be matched by the (more restrictive) p*** rule below, you need to remove the 'quick' keyword from the block rule
<4> manowarr: but, this is all explained in the IPF documentation :)
<2> TGEN ok thx :)
<7> yay my script is working it's little rear off on one of the CPUs
<1> re
<1> tgen: so you run latest netbsd for its xen support?
<8> what happens?
<9> it builds an iso sans X :(
<9> need to get makelivecd working so I can provide those of current as well
<8> works for me
<9> really
<9> ./build.sh -D /stuff/rel/${arch}/dest -j 2 -m ${arch} -N 0 -O /stuff/rel/${arch}/obj -R /stuff/rel/${arch}/release -T /stuff/rel/${arch}/tools release && ./build.sh -O /stuff/rel/${arch}/obj -m ${arch} -x -R /stuff/rel/${arch}/release -T /stuff/rel/${arch}/tools iso-image
<9> ahh, more than one invocation got it
<8> you don't even have -X and -x in your release target
<8> so if you don't tell it to build, it won't
<9> yeah, just noted that
<9> wow intel is opensourcing it's graphics drivers
<1> a nice slap in the face of nvidia, ati and amd
<9> well no doubt due to ati + amd
<1> :)
<9> hiding binary api's would be like hiding the instruction set for a cpu
<1> hush
<9> ?>
<1> ober: they might get funny ideas ;-)
<9> ahh
<1> ;)
<2> can someone help me ?
<7> speak ur need lad
<2> i wanna block all incoming connection to port 80 on my server except this range 192.168.100.0/
<2> i've been trying the past 1 and half hour couldnt find anything
<7> what network interfaces do you have?
<2> i've got two rtk1 and rtk0 rtk1 is for the internet and rtk0 is for my internel lan
<7> what is the ip and netmask on rtk0?
<2> 192.168.100.1
<2> netmask is 255.255.255.0
<7> you could just change the Listen line in httpd.conf to Listen 192.168.100.1:80
<2> lemme try it
<7> if you do that, you may want to comment out any other Listen lines
<7> and if you have an https Listen line, you may want to specify the IP address in ssl.conf
<2> can it be done in ipf.conf ?
<7> yes it can
<2> the other way sounds harder
<2> and i need to fix it urgent cz ppl can connect to port 80 :S
<2> reuben can u plz tell me how can i do it ?
<2> the only thing i could have done is to block it and block my access too :(
<8> manowarr: http://obfuscation.org/ipf/
<7> manowarr: fixing the Listen line is easier
<7> manowarr: that way apache will only listen on your lan interface, and even w/o firewalling folks on the Internet will not be able to access it
<2> i'll try thx reuben and carneous
<3> hmm. using a ka-bar as a machete is not really advisable unless it's properly and evenly sharp...
<3> swung too far, hit my leg, screwed up a brand new pair of pants :p
<3> and the fiancee was like OMG ZOMG YER GONNA DIE
<3> I'll have to make sure to have someone more qualified than myself teach our children knife safety
<7> <3> or get used to explaining amputee children to others
<7> "his real name is Jim but we call him Stubs"
<10> ha
<3> <3> tell them you fell down the stairs... into the gl*** living room table... which had a sword collection on it
<0> phew
<0> finally finished nullservd
<0> that only took about a week :)
<11> Congratulations!!
<11> Good morning boys and girls
<0> good evening :)
Return to
#netbsd
or
Go to some related
logs:
#cph
#politics
#openbsd
\uninstall symantec completely\
#nhl
#politics
#windows
#delphi
#firebird
#beginner
|
|