From owner-freebsd-isp Sun Dec 30 5:30:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from gamma.root-servers.ch (gamma.root-servers.ch [195.49.62.126]) by hub.freebsd.org (Postfix) with SMTP id 8CC6137B42C for ; Sun, 30 Dec 2001 05:30:07 -0800 (PST) Received: (qmail 7451 invoked from network); 30 Dec 2001 13:30:05 -0000 Received: from dclient217-162-128-224.hispeed.ch (HELO athlon550) (217.162.128.224) by 0 with SMTP; 30 Dec 2001 13:30:05 -0000 Date: Sun, 30 Dec 2001 14:31:24 +0100 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.54 Beta/19) Educational Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <94174320199.20011230143124@buz.ch> To: isp@freebsd.org, questions@freebsd.org Subject: "Cluster" administration software... MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hello, I'm looking for tools to facilitate the administration of a FreeBSD server farm, mainly tools to push package updates over the whole farm but other things like globals configuration file updates would be nice too. Does anybody know any good tools to do this (cross platform ones are preferred but FreeBSD GUI would be acceptable, too)? Best regards, Gabriel 8MD8MD -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPC8JH8Za2WpymlDxAQGPrAf7BpJcYcCOMgpQwnHGaKq3BLNm7jvxmisZ Bymjm1xp4mgNg2oK6Az3x0cIvvazb6FeRPCA2JBTt7ib7gDTLnf01lozTgEiMhky yefqDGfkJMF8nYALS+dyMkGxZFjal2VTsA8NWG8g8Zqt04VX7Pb9oYZ1nire9T6P XYWPd4hC+5adaBG35DSsBKSl94AuPqp4IRNq/tuo6tpXalFs5Bsjv4zSw39f6+nD ujVGFwgp1XpiF8ES3r5BvdMk/XUcV9U1PkJ4GSWTgJbZpHN9k2l615W4KYialy3U ECePrIK7dacJhP+MBpWzyGNZwXfVWjX9I4VfCrTjvS8qQwrhisIbzQ== =nk9X -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Dec 30 13: 9:53 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (Postfix) with SMTP id E4AD637B417 for ; Sun, 30 Dec 2001 13:09:44 -0800 (PST) Received: (qmail 26375 invoked by uid 3001); 30 Dec 2001 21:09:42 -0000 Received: from natto.numachi.com (198.175.254.216) by numachi.numachi.com with SMTP; 30 Dec 2001 21:09:42 -0000 Received: (qmail 90563 invoked by uid 1001); 30 Dec 2001 21:09:42 -0000 Date: Sun, 30 Dec 2001 16:09:42 -0500 From: Brian Reichert To: tom.oneil@tacni.net Cc: Free Subject: Re: OT: Block TLD in Qmail? Message-ID: <20011230160942.A90483@numachi.com> References: <3C2EA410.7C833E6E@tacni.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3C2EA410.7C833E6E@tacni.com>; from tom.oneil@tacni.com on Sat, Dec 29, 2001 at 11:20:16PM -0600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Dec 29, 2001 at 11:20:16PM -0600, Tom ONeil wrote: > > I have absolutely had it witha certain TLD and wish to block all > traffic from it. > Anyone know how? badmailfrom requires a domain at least, tried regex and > wildcards. 'badmailfrom' requires a 'host', according to the manpage. Unless qmail-smtpd draws a distiction, that should map to 'domain' readily enough. 'kr' (for example) is a domain, and a Top Level Domain at that. So, I think (again, as an example) that: @kr Would block mail whose envelope is from that TLD. Untested, but I don't see why it wouldn't work. Of course, the envelope is easily forgable. You'd probably be better off choosing the set of netblocks associated with that TLD, and making use of tcpserver to block connections... > Tom > -- > Thomas J. ONeil tom.oneil@tacni.com > http://www.tacni.net > "National Power, Local Presence" > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 31 0:25:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ltcbv.nl (d105170.upc-d.chello.nl [213.46.105.170]) by hub.freebsd.org (Postfix) with ESMTP id 7F15F37B421 for ; Mon, 31 Dec 2001 00:25:07 -0800 (PST) Received: from mx2.mail.yahoo.com ([4.4.48.120]) by ltcbv.nl with Microsoft SMTPSVC(5.0.2195.3779); Mon, 31 Dec 2001 09:08:02 +0100 Message-ID: <0000167671a5$0000784d$00006268@mx2.mail.yahoo.com> To: From: customersupportrep24212@yahoo.com Subject: fw: - YQGEECJN Date: Mon, 31 Dec 2001 02:58:16 -1700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Reply-To: customersupportrep24212@yahoo.com X-OriginalArrivalTime: 31 Dec 2001 08:08:03.0663 (UTC) FILETIME=[45671DF0:01C191D2] Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As seen on NBC, CBS, CNN, and even Oprah! The health discovery that actually reverses aging while burning fat, without dieting or exercise! This proven discovery has even been reported on by the New England Journal of Medicine. Forget aging and dieting forever! And it's Guaranteed! Click here: http://www.1-freesite.com/~free200112 Would you like to lose weight while you sleep! No dieting! No hunger pains! No Cravings! No strenuous exercise! Change your life forever! 100% GUARANTEED! 1.Body Fat Loss 82% improvement. 2.Wrinkle Reduction 61% improvement. 3.Energy Level 84% improvement. 4.Muscle Strength 88% improvement. 5.Sexual Potency 75% improvement. 6.Emotional Stability 67% improvement. 7.Memory 62% improvement. *********************************************************** You are receiving this email as a subscriber to the Opt-In America Mailing List. To remove yourself from all related maillists, just click here: mailto:pacserver@btamail.net.cn?Subject=REMOVE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 31 6: 1:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from newmail.skyrunner.net (newmail.skyrunner.net [208.133.44.6]) by hub.freebsd.org (Postfix) with ESMTP id 0A9E037B419 for ; Mon, 31 Dec 2001 06:01:29 -0800 (PST) Received: from micron (booray.new-era.com [208.150.25.130]) by newmail.skyrunner.net (8.11.2/8.11.0/SuSE Linux 8.11.0-0.4) with SMTP id fBVE1R031212 for ; Mon, 31 Dec 2001 09:01:27 -0500 From: "Peter Brezny" To: Subject: access restriction by MAC Date: Mon, 31 Dec 2001 09:02:46 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking for a way to restrict connectivity by mac address. Any suggestions on this? Ideally, a package that integrated usage based billing would be superb, but I'd settle just for something that would only allow access to specific mac addresses. Is there a way to implement this with ipfw? TIA Peter Brezny Skyrunner.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 31 13:10:58 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail2.mediadesign.nl (md2.mediadesign.nl [212.19.205.67]) by hub.freebsd.org (Postfix) with SMTP id D0E2D37B429 for ; Mon, 31 Dec 2001 13:10:55 -0800 (PST) Received: (qmail 7276 invoked by uid 1002); 31 Dec 2001 21:10:48 -0000 From: "Alson van der Meulen" Date: Mon, 31 Dec 2001 22:10:48 +0100 To: freebsd-isp@freebsd.org Subject: Re: access restriction by MAC Message-ID: <20011231221048.C3448@alm.xs4all.nl> Mail-Followup-To: freebsd-isp@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peter Brezny(peter@skyrunner.net)@2001.12.31 09:02:46 +0000: > I'm looking for a way to restrict connectivity by mac address. > > Any suggestions on this? > > Ideally, a package that integrated usage based billing would be > superb, but I'd settle just for something that would only allow access > to specific mac addresses. I recommend against using MAC addresses for authentication, since it's quite easy to change them, just like IP addresses (look at the lladdr option in ifconfig(8)). The only way it might be useful is to force certain MAC on certain switch ports, but it would still only mean it comes from that particular switch port. If you can't control the switches it's connect to, using MAC addresses for firewalling/billing is near to useles, since it's just as spoofable as an IP address. If you control all the client hosts, just filter/bill by IP address, and hope the users don't change the IP address. (even arpwatch is rather useles against 'intruders', since they could just use a valid MAC/IP pair). > Is there a way to implement this with ipfw? ipfw is, as the name implies, IP firewall. MAC addresses are on the link-level (ethernet), so filtering by MAC does not belong in the IP firewalling code IMHO, though Linux' netfilter code does deal with MAC addresses. It might be possible to do it with some sysctl knob, and using static ARP entries. IIRC, there was a thread on a freebsd list on this topic some time ago, don't remember what list and when though. Searching the archives might help. just my 0.02 euro, Alson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 31 14:20:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from imo-d10.mx.aol.com (imo-d10.mx.aol.com [205.188.157.42]) by hub.freebsd.org (Postfix) with ESMTP id 528FC37B422 for ; Mon, 31 Dec 2001 14:20:53 -0800 (PST) Received: from TD790@aol.com by imo-d10.mx.aol.com (mail_out_gc_dev1.2.) id q.a8.44220b3 (3314); Mon, 31 Dec 2001 17:20:49 -0500 (EST) From: TD790@aol.com Message-ID: Date: Mon, 31 Dec 2001 17:20:48 EST Subject: Re: access restriction by MAC To: peter@skyrunner.net Cc: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 5.0 for Windows sub 139 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In a message dated 12/31/2001 9:01:51 AM Eastern Standard Time, peter@skyrunner.net writes: > 'm looking for a way to restrict connectivity by mac address. > > Any suggestions on this? > > Ideally, a package that integrated usage based billing would be superb, but > I'd settle just for something that would only allow access to specific mac > addresses. > Our commercial add-on bandwidth manager software package can do both for you (include enforce MAC/IP pairs if necessary). You can also match src/dst MACs (if you wanted to allow access to local hosts but not the gateway, for example). www.etinc.com for more info. Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Dec 31 15:25:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from newmail.skyrunner.net (newmail.skyrunner.net [208.133.44.6]) by hub.freebsd.org (Postfix) with ESMTP id B545237B405 for ; Mon, 31 Dec 2001 15:25:45 -0800 (PST) Received: from micron (booray.new-era.com [208.150.25.130]) by newmail.skyrunner.net (8.11.2/8.11.0/SuSE Linux 8.11.0-0.4) with SMTP id fBVNPi022207; Mon, 31 Dec 2001 18:25:44 -0500 From: "Peter Brezny" To: Cc: Subject: RE: access restriction by MAC Date: Mon, 31 Dec 2001 18:27:00 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This looks like a great package. however I was hoping someone might have some pointers to put something like this together by hand using ipfw. Anyone? Peter Brezny Skyrunner.net -----Original Message----- From: TD790@aol.com [mailto:TD790@aol.com] Sent: Monday, December 31, 2001 5:21 PM To: peter@skyrunner.net Cc: isp@freebsd.org Subject: Re: access restriction by MAC In a message dated 12/31/2001 9:01:51 AM Eastern Standard Time, peter@skyrunner.net writes: > 'm looking for a way to restrict connectivity by mac address. > > Any suggestions on this? > > Ideally, a package that integrated usage based billing would be superb, but > I'd settle just for something that would only allow access to specific mac > addresses. > Our commercial add-on bandwidth manager software package can do both for you (include enforce MAC/IP pairs if necessary). You can also match src/dst MACs (if you wanted to allow access to local hosts but not the gateway, for example). www.etinc.com for more info. Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message