| |
| |
| |
|
Page: 1 2 3 4
Comments:
<0> hi
<1> SeaBSD ?
<0> that's me
<1> Is that a new BSD distro?
<0> heh, yes i have several distros
<0> fbsd livecd hax0r distro
<0> where you boot up and it mounts whatever filesystem and samba shares it on the network
<0> opens up all the serial ports and has a dir full of trojans for each os
<0> this cd will like just open the box as much as possible
<1> Heheh nice.
<0> i used to burn a bunch of them and go into some random office and reboot all the computers with my cd in there
<0> put my laptop on the lan and just gobble gobble
<1> hahahah.
<0> i could do the same with linux i guess but i would have to worry about my nuts shrinking
<0> knoppix has its uses though
<0> sometimes i will just let the nuts shrink a little and then drop linux for a few months and only use bsd/solaris
<0> try to get some of the original size back
<2> not sure if someone had an answer on my previous question...
<2> I am trying to get flash working with firefox-1.5.0.9 on OpenBSD 4.0, info I found on google either doesn't work or results in segfaults
<3> okay this is driving me mad ...
<3> I have the following rule in PF:
<4> baggy doesnt flash only work with opera?
<3> p*** in log quick on $INT_IF_WIRED proto tcp from $INT_IF_WIRED:network to any port 123 flags S/SA keep state
<3> and I still get this:
<3> 03:08:45.050419 rule 4/(match) block in on sis0: 192.168.1.3.123 > 202.125.40.143.123: v4 client strat 11 poll 6 prec -20 (DF)
<5> looks like udp, not tcp
<3> I can't see anything wrong with my rule to allow port 123 in on INT_IF. .. Ideas anyone ?
<6> DeLF: It looks like UDP, which is a stateless protocol iirc. You could try getting rid of "flags S/SA".
<7> ntp is udp
<7> and "tcp" -> "udp"
<3> /etc/services say TCP also:
<3> ntp 123/tcp
<3> ntp 123/udp # Network Time Protocol
<7> feel free to not believe us
<7> change tcp to udp and it should work
<2> falso: flash only works with opera on OpenBSD? if that is correct, that is disappointing
<7> baggy, there is an faq entry on flash iirc
<4> baggy there isnt a flash for openbsd
<7> i've never seen ntp over tcp but i suppose you could allow both if you want to be sure
<4> baggy you should know what youre doing
<3> NicM: I belive you, just pointing out what services(5) states.
<2> thanks Nicm
<7> DeLF, it says both ;-) anyway, ntp is almost always udp
<3> NicM: cool, cheers !
<7> baggy, not that you'll be terribly happy with the answer
<2> nicm: save me the search what is the punch line, no go?
<7> use opera
<2> oh joy
<7> opera is better anyway
<7> you may be able to get it working using a linux firefox binary, but if anybody has done so, they haven't told me
<3> my pf.conf is starting to build up lots of rules to allow ports to be open e.g. 80,443,113,123,6667 etc ... surely this is dodgey ? Do other open up port 113 to make IRC work ? etc etc ?
<7> ports in or ports out?
<2> tell that to mgmt here, heh heh heh... it was hard enough to get firefox on the desktops, big MS/IE shop here... naturally
<3> NicM: ports in and out
<7> you don't need ports in unless you are running a server
<7> keep state will take care of it otherwise
<7> that's what its for
<3> NicM: can I paste you my pf.conf @ pastebin and can you tell me whether I am doing things logically wrong ?
<7> if you really must restrict ports out, you will need at least one port for everything you use, probably
<7> sure
<2> NicM: thatnks, I tried the linux binary route already, it ended in segfaults, but thanx for the help anyhooo
<7> i'm going for lunch now though, i'll be back in 15 minutes
<2> ta ta
<3> NicM: ok, I have tryed to follow daniel hartimier pf.conf and docs etc etc and have been hacking on this over time for a while now. I just think I've got it wrong and very open. Will paste you a URL.
<3> NicM: http://pastebin.com/866197
<7> what version of openbsd are you using?
<7> i think you are being a bit overcomplicated
<7> and using quick all the time ****s ;-)
<3> NicM: FlashDist (http://www.nmedia.net/~chris/soekris/) on a soekris.
<3> NicM: I can't even remember what quick means anymore ... :(
<7> that still works from a particular openbsd version
<3> NicM: Logically have I got it all wrong ?
<7> well, its not the way i would write it
<3> NicM: yup, based on 3.x something ... cant remember the version is was built from.
<7> you should upgrade if it was older than 3.8
<3> NicM: will upgrade to 4.x very soon.
<3> NicM: how could I improve it ?
<7> well
<7> i'd get rid of the unnecessary stuff
<7> you only really need one block rule
<7> i wouldn't use quick everywhere
<3> NicM: why not quick everywhere ?
<7> because it is easier to read the normal way
<7> you'd need to reorder the ruleset for that
<3> NicM: mmm ... but you then wont get the benefit of quick ...
<7> also, i'd try to combine stuff using macros
<7> what benefit?
<7> you don't really need so many p*** rules for tcp
<3> NicM: from memory act on the rule straight away rather than read each rule.
<7> let pf worry about that
<3> NicM: right now could I get broken into easily ?
<7> you just write the ruleset the way you want
<7> broken into? how should i know?
<7> its a bit useless worrying about that if you don't know what openbsd version you're running
<3> mmm .... so I really need to re-write the ****er :(
<7> well, i would rewrite it to make it simpler
<7> stuff like S/FSRA is useless too
<7> just stick with S/SA
<7> you have a weird mix of $EXT_IF and ($EXT_IF)
<7> either the IP is going to change or it isn't
<7> you should definitely use macros for these long port lists
<3> NicM: yes, I have added and added to it over time ... it is now out of hand.
<3> NicM: needs I clean up.
<7> look at, eg, /usr/share/pf/*
<7> although some of them are special-purpose
<3> NicM: just ordered a PF book ... when I get that I will improve it.
<8> block in on $ext_if from ! ($ext_if:network) to any
<8> blah blah blah.
<8> but, delf's issue was that he's expecting TCP traffic for a UDP service
<7> you can't use () for the former
<7> it wouldn't make any sense
<8> yes
<8> i don't believe that pfctl will process it anyway
<7> yes, that's what i mean by "can't"
<7> you can only use them where an IP would appear
<8> heh, delf asked the same question on another channel i'm in
<9> anyone else have problems with snort (i386 2.4.5 build 29) seg faulting on obsd 4.0?
<10> i have some problems installing qemu, but, snort, works fine
<9> hmm, it seems to be running for a good couple of hours
<9> guess i might try reinstalling from pkg
<11> Anyone heard anything about OpenBSD on Xen since it was announced to be quasi-functional half a year ago?
<12> it came up on misc@ ~24 hours ago
<11> interesting, to the archives!
<12> anil mentioned that there had been some work
<12> asked for help with a particular bug
<12> seems he and christoph are pretty busy
<12> dunno if they need machines, too
<13> so when a package of mine appears on pkg-stable.html, how should i procede in upgrading to the fixed package?
<14> is a OpenBSD a registered trademark? any information about that?
<12> mond0: pkg_add(1)
<12> bvs_: why do you care if it's registered?
<12> does that make a difference? IANAL, but it doesn't in .us
<11> it need not be registered to be a trademark, but no, it's not registered
<13> lt_kije, of course.. but i've never gotten it update the package.. it always says the package is already installed..
<13> seems like i've come here the last 3 releases trying to figure this out
<13> and i'm just not understanding.. i've read the FAQ and searched the mailing lists.. supposedly fixed packages are named differently?
<12> a) do you have PKG_PATH set correctly? b) have you read the man page? c) have you read the FAQ?
<12> ah
<12> you've done the appropriate reading, i guess
<12> what arch are you running?
<7> is it actually not already installed, and on $PKG_PATH?
<13> here's an example of my confusion. i installed 4.0 at release time. i installed the screen package right away. then i saw it on pkg-stable.html .. but it's named the same ..
<13> if my pkg names match those on pkg-stable.html, there's nothing to be concerned about?
<7> right
<12> the package version is bumped when updates are made
<13> okay
<12> what arch are you running?
<13> i386
<12> well, you must be i386
Return to
#openbsd
or
Go to some related
logs:
#worldcup
shickira
#stocks
#gamedev
#online
#delphi
#firebird
#mirc
#linuxhelp
#computers
|
|