From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 04:52:27 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC474CBD for ; Sun, 2 Nov 2014 04:52:27 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 65AF260C for ; Sun, 2 Nov 2014 04:52:25 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Xkn9K-0000eu-HS for freebsd-questions@freebsd.org; Sun, 02 Nov 2014 05:52:22 +0100 Received: from dynamic34-29.dynamic.dal.ca ([129.173.34.203]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 02 Nov 2014 05:52:22 +0100 Received: from jrm by dynamic34-29.dynamic.dal.ca with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 02 Nov 2014 05:52:22 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Joseph Mingrone Subject: local_unbound and dnscrypt-proxy Date: Sun, 02 Nov 2014 01:52:08 -0300 Lines: 45 Message-ID: <86lhnup5l3.fsf@gly.ftfl.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: dynamic34-29.dynamic.dal.ca User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) Cancel-Lock: sha1:W7aU5+kOvTx9OelTPAVeLH92VsI= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 04:52:27 -0000 Hi, I just upgraded to from 9-STABLE to 10-STABLE. On 9-STABLE I used dnscrypt-proxy along with unbound from ports. I'm trying to reproduce the old setup with the local_unbound included in FreeBSD 10. My current configuration is below. If I comment out «include: /var/unbound/forward.conf» from unbound.conf, resolving works, so it seems local_unbound is working OK. If I change /etc/resolv.conf to use «nameserver 127.0.0.2» (dnscrypt-proxy) instead of 127.0.0.1 (unbound) resolving works. So it seems the forwarding is not working. Am I missing something? Also, I have to comment out «unbound_conf="/var/unbound/forward.conf"» from /etc/resolvconf.conf, otherwise forward.conf gets blanked. Thanks, Joseph % cat /var/unbound/unbound.conf server: auto-trust-anchor-file: /var/unbound/root.key directory: /var/unbound do-not-query-localhost: no chroot: /var/unbound pidfile: /var/run/local_unbound.pid username: unbound use-syslog: yes verbosity: 1 #include: /var/unbound/forward.conf include: /var/unbound/lan-zones.conf include: /var/unbound/conf.d/*.conf % cat /var/unbound/forward.conf forward-zone: name: "." forward-addr: 127.0.0.2@53 % cat /etc/resolvconf.conf resolv_conf="/dev/null" # prevent updating /etc/resolv.conf #unbound_conf="/var/unbound/forward.conf" unbound_pid="/var/run/local_unbound.pid" unbound_service="local_unbound" unbound_restart="service local_unbound reload" From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 05:34:30 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3A4E3F9B for ; Sun, 2 Nov 2014 05:34:30 +0000 (UTC) Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net [150.101.137.143]) by mx1.freebsd.org (Postfix) with ESMTP id 8514C98A for ; Sun, 2 Nov 2014 05:34:27 +0000 (UTC) Received: from ppp118-210-8-90.lns20.adl2.internode.on.net (HELO leader.local) ([118.210.8.90]) by ipmail05.adl6.internode.on.net with ESMTP; 02 Nov 2014 15:59:16 +1030 Message-ID: <5455C12B.10000@ShaneWare.Biz> Date: Sun, 02 Nov 2014 15:59:15 +1030 From: Shane Ambler User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Mason Loring Bliss , freebsd-questions@freebsd.org Subject: Re: Whence RC4? References: <20141031150107.GY17150@blisses.org> In-Reply-To: <20141031150107.GY17150@blisses.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 05:34:30 -0000 On 01/11/2014 01:31, Mason Loring Bliss wrote: > I've been watching the update servers eagerly since the day RC4 was to begin > building, based on the schedule here: > > https://www.freebsd.org/releases/10.1R/schedule.html > > And yet, http://update.freebsd.org/10.1-RC4/ continues not to exist. 10.1-RC4 exists in svn - https://svnweb.freebsd.org/base?view=revision&revision=273874 It can take a few days before all the binaries are compiled to be ready for release - all arches and ports that are included in iso's need to finish compiling, at which stage iso images will exist on ftp sites and an email will announce the release. A weekend can extend that wait. > I haven't found a public releng coordination mailing list or any real > explanation of the process. Can someone enlighten me? The article > > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/releng/article.html > > talks about binary patchkits existing to match releng/x.y branches, but it > doesn't describe their creation or how such a process might differ for > release candidates. I think this would be explained in - https://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/index.html > While I'm interested in this, I've also got the secondary goal of exploring > how to move back to using binary patches and freebsd-update after having > built from source for a while. My home desktop is my test case, and it's > currently identifying itself as being 10.1-RC3, built from this at the right > time: > > https://svn0.us-east.freebsd.org/base/releng/10.1 see 'man freebsd-update' - the upgrade command is used to change release versions - RC to release needs an upgrade not just an update > Something I'm not clear on is the possibility of finding a particular point > in time along a branch with Subversion, be it a tag or a date. I still think > in terms of CVS and that seems not to be valid when applied to SVN. It seems > like Subversion has 'svn up -r' to update to a particular revision number, or > a rough date specifier to update to "revision at start of the date". > > How does FreeBSD deal with the lack of CVS-style tags? If one wanted to > recreate a 10.1-RC2 build, for instance, is there a sane way to do it, or > would it involve grovelling through commit logs for clues? Not sure what is officially used - sys/conf/newvers.sh is most likely the file to look at, it's commit log is mostly RC/Beta tags. -- FreeBSD - the place to B...Scaring Daemons Shane Ambler From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 05:47:31 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3621F29A for ; Sun, 2 Nov 2014 05:47:31 +0000 (UTC) Received: from ipmail05.adl6.internode.on.net (ipmail05.adl6.internode.on.net [150.101.137.143]) by mx1.freebsd.org (Postfix) with ESMTP id B717FA69 for ; Sun, 2 Nov 2014 05:47:30 +0000 (UTC) Received: from ppp118-210-8-90.lns20.adl2.internode.on.net (HELO leader.local) ([118.210.8.90]) by ipmail05.adl6.internode.on.net with ESMTP; 02 Nov 2014 16:17:29 +1030 Message-ID: <5455C56F.30706@ShaneWare.Biz> Date: Sun, 02 Nov 2014 16:17:27 +1030 From: Shane Ambler User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: BBlister , freebsd-questions@freebsd.org Subject: Re: Every day my FreeBSD 9.3 machines reboot by watchdog timeout References: <1414742770032-5960935.post@n5.nabble.com> In-Reply-To: <1414742770032-5960935.post@n5.nabble.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 05:47:31 -0000 On 31/10/2014 18:36, BBlister wrote: > > Greetings, > > I have a very strange problem. I am administering a number of FreeBSD > machines (64bit) with: > > 9.3-STABLE > > and after the upgrade to 9.3 for the past months until now I have noticed > that every day at approximately > the same time the machines reboot by watchdog timeout. I believe the problem > lies on an entry on the crontab which is difficult to debug because the > crontab has too many entries [280 lines]. > > All the previous versions of freebsd worked fine (even 9.2) and had uptime > for many months. > After going to 9.3 the problem arose. > Any chance you can get the memory usage at that time? I have updated to 10.1-RC from 9.2 and found trouble with wired memory increasing, when 7G is wired out of 8G, starting new processes fails at which time I need to reset. I have been unable to get uptimes of much more than a day on my desktop machine. zfs compression seems to play a part, which might mean the same zfs changes to 9.3 and 10.1 I found that constant simultaneous disk writes can re-produce this within minutes. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194654 -- FreeBSD - the place to B...Scaring Daemons Shane Ambler From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 08:16:15 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9ABF7EAA for ; Sun, 2 Nov 2014 08:16:15 +0000 (UTC) Received: from io.ze.tum.de (io.ze.tum.de [129.187.39.54]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 22C238B3 for ; Sun, 2 Nov 2014 08:16:14 +0000 (UTC) Received: from etustar.ze.tum.de (etustar.ze.tum.de [129.187.39.200]) (authenticated bits=0) by io.ze.tum.de (8.14.5/8.14.5) with ESMTP id sA28G3qp024795; Sun, 2 Nov 2014 09:16:05 +0100 (CET) (envelope-from schmidt@ze.tum.de) Message-ID: <5455E83E.2050608@ze.tum.de> Date: Sun, 02 Nov 2014 09:15:58 +0100 From: Gerhard Schmidt User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Ian Smith Subject: Re: ipfw and carp problems References: <20141029202942.I74058@sola.nimnet.asn.au> <20141101164746.V52402@sola.nimnet.asn.au> In-Reply-To: <20141101164746.V52402@sola.nimnet.asn.au> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8INgTqfOMqt5RG3q07LWkwudOcFG2A1ej" X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 08:16:15 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --8INgTqfOMqt5RG3q07LWkwudOcFG2A1ej Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Am 01.11.2014 06:56, schrieb Ian Smith: > On Wed, 29 Oct 2014 20:55:16 +1100, Ian Smith wrote: > > In freebsd-questions Digest, Vol 543, Issue 2, Message: 1 > > On Mon, 27 Oct 2014 15:16:33 +0100 Gerhard Schmidt wrote: > > > Hi, > > >=20 > > > I have a small problem with ipfw an carp. > > >=20 > > > i have two server with two carp ips and a firewall via ipfw. > > >=20 > > > the problem is tha ipfw via modul is default to deny. So when the= carp > > > interfaces are initialized ipfw has no custom rules. Everything i= s > > > denied, even the carp packets. So every time I reboot one of the = hosts > > > it comes up as master and after the firewall rules are initialize= d one > > > of the servers is demoted to backup, which one seams to be random= =2E > > >=20 > > > My problem is that my setup need a new server do come up as backu= p > > > because is has to replicate the data from the running server befo= re > > > being able to act as master. There could be data loss if a newly = booted > > > server named master without prior replicating the data. > > >=20 > > > Is there a way to ensure that the firewall rules are up before th= e carp > > > interfaces are initialized or to load the ipfw module with defaul= t to > > > accept. > >=20 > > The canonical way was to build a custom kernel with ipfw included as= per=20 > > http://www.freebsd.org/doc/handbook/firewalls-ipfw.html including=20 > > 'options IPFIREWALL_DEFAULT_TO_ACCEPT' .. however you can accomplish= =20 > > this with a GENERIC (or other) kernel by adding to /boot/loader.conf= : > >=20 > > ipfw_load=3D"YES" # to load the ipfw module early > >=20 > > and adding to /etc/sysctl.conf > >=20 > > net.inet.ip.fw.enable=3D0 > > net.inet6.ip6.fw.enable=3D0 # if using ipv6 > >=20 > > /etc/rc.d/sysctl is run early (on 9.3, first) before other rc.d=20 > > scripts including netif and later ipfw, which will then only enable = the=20 > > firewall after having loaded your ruleset. > >=20 > > I just tested this over ssh to a 9.3 GENERIC box not running ipfw: > >=20 > > root@x200:~/bin # kldload ipfw && sysctl net.inet.ip.fw.enable=3D0 \= > > && sysctl net.inet6.ip6.fw.enable=3D0 > > net.inet.ip.fw.enable: 1 -> 0 > > net.inet6.ip6.fw.enable: 1 -> 0 > > root@x200:~/bin # ipfw show > > 65535 0 0 deny ip from any to any > >=20 > > which would have locked me out had it not worked :) > >=20 > > Of course you must accept that there is a vulnerable window between = > > starting net interfaces (netif) and starting ipfw, however miniscule= =2E >=20 > Excuse replying to my own message, but I've since discovered that you=20 > could also add 'net.inet.ip.fw.default_to_accept=3D1' to loader.conf as= an=20 > alternative. I hadn't twigged that this one is a loader tunable, unlik= e=20 > the sysctls mentioned above, and so can be set before ipfw.ko is loaded= ,=20 > ie before the net.inet.ip[6].fw OIDs even exist. >=20 > Please let the list know if either of these methods solve your issue? Sorry was out of town for a view days. I did solve my problem with activating the default_to_accept tunable. Since this server should be running 24/7 the slight exposure on start up shouldn't be a problem especially because the services protected are started way after firewall is initialized. Regards Estartu --=20 ---------------------------------------------------------- Gerhard Schmidt | E-Mail: schmidt@ze.tum.de Technische Universit=E4t M=FCnchen | Jabber: estartu@ze.tum.de WWW & Online Services | Tel: +49 89 289-25270 | PGP-PublicKey Fax: +49 89 289-25257 | on request --8INgTqfOMqt5RG3q07LWkwudOcFG2A1ej Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEUAwUBVFXoQ9l1K6RAAKkVAQLwJQf41YsWAYw5kYkuqM4NYrE6UwcWNuRy1twB EL7WLgsIcAYC+gcWPOPIrzeiKpHFzyqXJVkxjsaHiEfq2PNRt8Yqf9AXqfOEC4O/ 2vl/is+lojGItlVZe/AVaHL24VI96nkA570nSXGCSVgP5TyacbLQhz0hbcUQFI37 TG7NfbO9xohbR4ofaNhpP5dz8fPyyfVMCpeH2GslwYQf73lSegwdDEbgNDztU3VY 7lTtZtIM9Bl+C7aPUQM0Imsu7mbpRRyjcadUnBiUNxCo9baundHb7UnpwklpJpGg ZE+vN5QfUn7GeW7nY/fJHF6wdHR0sQm7DqWhb1mMHRnqnAoTJ0PR =haPx -----END PGP SIGNATURE----- --8INgTqfOMqt5RG3q07LWkwudOcFG2A1ej-- From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 11:35:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B95A74BB; Sun, 2 Nov 2014 11:35:29 +0000 (UTC) Received: from mail.firstyear.id.au (2001-44b8-016a-0004-0000-0000-0000-0001.static.ipv6.internode.on.net [IPv6:2001:44b8:16a:4::1]) by mx1.freebsd.org (Postfix) with ESMTP id 6BEB6AAE; Sun, 2 Nov 2014 11:35:29 +0000 (UTC) Received: from [IPv6:2001:44b8:16a:3::1ab] (unknown [IPv6:2001:44b8:16a:3::1ab]) by mail.firstyear.id.au (Postfix) with ESMTPSA id 34E94453C457; Sun, 2 Nov 2014 22:05:26 +1030 (ACDT) Message-ID: <1414928126.23886.5.camel@ammy.its.adelaide.edu.au> Subject: Re: Loader vs loader efi ficl incompatibility From: William To: Adrian Chadd Date: Sun, 02 Nov 2014 22:05:26 +1030 In-Reply-To: References: <1414622725.16625.22.camel@ammy.its.adelaide.edu.au> <1414714882.16625.43.camel@ammy.its.adelaide.edu.au> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.10.4 (3.10.4-4.fc20) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.3 required=5.0 tests=RDNS_NONE,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lyra.ipa.blackhats.net.au Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 11:35:29 -0000 Hi, On Fri, 2014-10-31 at 18:45 -0700, Adrian Chadd wrote: > Hi! > > Is the code anywhere public? If not, would you actually publish it somewhere? It's not public yet, but I plan to release the code plus documentation on how to make freebsd work on one of the Macbook pro's on my blog once I'm done. Any changes I make to core freebsd components I will of course submit as a patch. > > I'm glad you're digging into this! It sounds like it's a real > pre-requisite to make these laptops useful in FreeBSD. Yes, it really is! They are sadly quite unusable without these steps in freebsd, or linux. I'll report back to this thread when I have done some more. At this point I have patched the amd64 version of loader to support outb / inb, and I have ran a test of this functionality which worked. Sadly, I choose to test against the "power the discrete card off" switch without anything else, so now my freebsd boots to a black screen (Oops). I'll fix it up tomorrow morning once I get to work and create a live cd to fix up boot.4th. Any pointers on how to write a forth script that would run "after the user presses enter at loader, but before the kernel is loaded" would be much appreciated. >From there I hope to get Xorg working. At that point, I'll send a patch of what I did to loader to the correct mailing list (Is freebsd-devel correct?), and I'll take some notes. After than once I get wireless and some other bits working, I'll publish the kernel module, and the documentation. -- William From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 14:45:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BD218713 for ; Sun, 2 Nov 2014 14:45:42 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3C661CB2 for ; Sun, 2 Nov 2014 14:45:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id sA2EjUm6049230; Mon, 3 Nov 2014 01:45:31 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 3 Nov 2014 01:45:30 +1100 (EST) From: Ian Smith To: "William A. Mahaffey III" Subject: Re: Minor rpc question .... In-Reply-To: Message-ID: <20141103012236.X52402@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 14:45:42 -0000 In freebsd-questions Digest, Vol 543, Issue 7, Message: 3 On Sat, 01 Nov 2014 19:04:29 -0500 "William A. Mahaffey III" wrote: > .... I have ruptime installed & running on my LAN boxen. When I query > from various boxen, such as an Intel Q6600 based server, I see: > > [wam@Q6600, ~, 6:59:57pm] 1173 % ruptime > INDIGO down ??:?? > Opty165A down 976+08:10 > Q6600 up 298+09:30, 6 users, load 0.13, 0.07, 0.06 > V8 down ??:?? > athloncube up 44+22:38, 4 users, load 0.08, 0.03, 0.05 > centos-5 up 41+09:48, 3 users, load 0.03, 0.04, 0.01 > kabini1 up 0:25, 1 user, load 0.02, 0.21, 0.26 > opty165a up 298+09:30, 0 users, load 0.00, 0.00, 0.00 > [wam@Q6600, ~, DING!] 1174 % > > However, when I query from this box, I see: > > [wam@kabini1, ~, 6:44:52pm] 297 % ruptime > kabini1 up 0:25, 1 user, load 0.02, 0.21, 0.26 > [wam@kabini1, ~, DING!] 298 % > > i.e. only this box shows up. I expect to see at least other > still-running boxen listed, maybe not defunct (such as V8 & INDIGO) .... > Config issue ? Bug ? Pilot error ? Please advise .... > > BTW: > > [root@kabini1, /etc, 6:51:24pm] 323 % uname -a > FreeBSD kabini1.local 9.3-RELEASE-p3 FreeBSD 9.3-RELEASE-p3 #0: Mon Oct > 20 15:08:33 UTC 2014 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > [root@kabini1, /etc, 7:04:07pm] 324 % Just checking: you have 'rwhod_enable="YES"' in /etc/rc.conf, rwhod(8) is running, and port 513/udp traffic is open both ways in any firewall? If so, you possibly want to use the -a switch on both ruptime and rwho. cheers, Ian From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 15:10:48 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C6EFCB1C for ; Sun, 2 Nov 2014 15:10:48 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8D8FFEED for ; Sun, 2 Nov 2014 15:10:48 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-76-94.adsl.hiwaay.net [216.180.76.94]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA2FAiis013319 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 2 Nov 2014 09:10:46 -0600 Message-ID: <54564AEB.2000701@hiwaay.net> Date: Sun, 02 Nov 2014 09:16:59 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Minor rpc question .... References: <20141103012236.X52402@sola.nimnet.asn.au> In-Reply-To: <20141103012236.X52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 15:10:48 -0000 On 11/02/14 08:45, Ian Smith wrote: > In freebsd-questions Digest, Vol 543, Issue 7, Message: 3 > On Sat, 01 Nov 2014 19:04:29 -0500 "William A. Mahaffey III" wrote: > > .... I have ruptime installed & running on my LAN boxen. When I query > > from various boxen, such as an Intel Q6600 based server, I see: > > > > [wam@Q6600, ~, 6:59:57pm] 1173 % ruptime > > INDIGO down ??:?? > > Opty165A down 976+08:10 > > Q6600 up 298+09:30, 6 users, load 0.13, 0.07, 0.06 > > V8 down ??:?? > > athloncube up 44+22:38, 4 users, load 0.08, 0.03, 0.05 > > centos-5 up 41+09:48, 3 users, load 0.03, 0.04, 0.01 > > kabini1 up 0:25, 1 user, load 0.02, 0.21, 0.26 > > opty165a up 298+09:30, 0 users, load 0.00, 0.00, 0.00 > > [wam@Q6600, ~, DING!] 1174 % > > > > However, when I query from this box, I see: > > > > [wam@kabini1, ~, 6:44:52pm] 297 % ruptime > > kabini1 up 0:25, 1 user, load 0.02, 0.21, 0.26 > > [wam@kabini1, ~, DING!] 298 % > > > > i.e. only this box shows up. I expect to see at least other > > still-running boxen listed, maybe not defunct (such as V8 & INDIGO) .... > > Config issue ? Bug ? Pilot error ? Please advise .... > > > > BTW: > > > > [root@kabini1, /etc, 6:51:24pm] 323 % uname -a > > FreeBSD kabini1.local 9.3-RELEASE-p3 FreeBSD 9.3-RELEASE-p3 #0: Mon Oct > > 20 15:08:33 UTC 2014 > > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 > > [root@kabini1, /etc, 7:04:07pm] 324 % > > Just checking: you have 'rwhod_enable="YES"' in /etc/rc.conf, rwhod(8) > is running, and port 513/udp traffic is open both ways in any firewall? Yes, yes, & .... not sure. I disabled logging of firewall traffic on ports 111,137,138 & 513 in my rc.conf (they were swamping my log file). I just changed that logging to allow port 513. I see no mention of that port or service-by-name in my ipfw file, which is the box-stock file w/ mods to allow NFS, otherwise supposedly stock workstation. see: [root@kabini1, /etc, 9:07:35am] 340 % ipfw show 00100 704 110724 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 deny ip from any to ::1 00500 0 0 deny ip from ::1 to any 00600 0 0 allow ipv6-icmp from :: to ff02::/16 00700 0 0 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 2 152 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 0 0 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 0 0 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 01100 0 0 check-state 01200 11697 679930 allow tcp from me to any established 01300 112670 62773943 allow tcp from me to any setup keep-state 01400 21809 1723308 allow udp from me to any keep-state 01500 127 12036 allow icmp from me to any keep-state 01600 0 0 allow ipv6-icmp from me to any keep-state 01700 0 0 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out 01800 0 0 allow udp from any 67 to me dst-port 68 in 01900 0 0 allow udp from any 67 to 255.255.255.255 dst-port 68 in 02000 0 0 allow udp from fe80::/10 to me dst-port 546 in 02100 1 148 allow icmp from any to any icmptypes 8 02200 0 0 allow ipv6-icmp from any to any ip6 icmp6types 128,129 02300 1858 104048 allow icmp from any to any icmptypes 3,4,11 02400 0 0 allow ipv6-icmp from any to any ip6 icmp6types 3 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me 65000 1795 424041 count ip from any to any 65100 1371 269257 deny { tcp or udp } from any to any dst-port 111,137,138,513 in 65200 424 154784 deny { tcp or udp } from 192.168.0.0/16 to me 65300 0 0 deny ip from any to 255.255.255.255 65400 0 0 deny ip from any to 224.0.0.0/24 in 65500 0 0 deny udp from any to any dst-port 520 in 65500 0 0 deny tcp from any 80,443 to any dst-port 1024-65535 in 65500 0 0 deny log logamount 5000 ip from any to any 65535 0 0 deny ip from any to any [root@kabini1, /etc, 9:10:10am] 341 % w/ port 513 obviously being denied. However, I don't know where that is happening :-/ & I thought rule 02500 would let all local traffic through .... > > If so, you possibly want to use the -a switch on both ruptime and rwho. > > cheers, Ian > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 16:12:47 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 87520B65 for ; Sun, 2 Nov 2014 16:12:47 +0000 (UTC) Received: from smtprelay-b22.telenor.se (smtprelay-b22.telenor.se [195.54.99.213]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 00D08684 for ; Sun, 2 Nov 2014 16:12:46 +0000 (UTC) Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-b22.telenor.se (Postfix) with ESMTP id C764BEC5B for ; Sun, 2 Nov 2014 16:44:50 +0100 (CET) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AioHACZQVlRT4+F5PGdsb2JhbABcgw4BU1i9To86C4hkFwEBAQEBAQUBAQEBODuEX180BRkMCg4fiEUBpUCkAZREgR4Fj3uGbocXAYExPYZCj3OCJjwvAYJKAQEB X-IPAS-Result: AioHACZQVlRT4+F5PGdsb2JhbABcgw4BU1i9To86C4hkFwEBAQEBAQUBAQEBODuEX180BRkMCg4fiEUBpUCkAZREgR4Fj3uGbocXAYExPYZCj3OCJjwvAYJKAQEB X-IronPort-AV: E=Sophos;i="5.07,295,1413237600"; d="scan'208";a="675439425" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO ymer.thorshammare.org) ([83.227.225.121]) by ipb4.telenor.se with ESMTP; 02 Nov 2014 16:44:50 +0100 Received: from ymer.thorshammare.org (localhost [127.0.0.1]) by ymer.thorshammare.org (8.14.9/8.14.9) with ESMTP id sA2Fiie1043052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Sun, 2 Nov 2014 16:44:47 +0100 (CET) (envelope-from hasse@ymer.thorshammare.org) Received: (from hasse@localhost) by ymer.thorshammare.org (8.14.9/8.14.9/Submit) id sA2FiifN043051 for freebsd-questions@freebsd.org; Sun, 2 Nov 2014 16:44:44 +0100 (CET) (envelope-from hasse) Date: Sun, 2 Nov 2014 16:44:44 +0100 From: Hasse Hansson To: freebsd-questions@freebsd.org Subject: sshguard pf Message-ID: <20141102154444.GA42429@ymer.thorshammare.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 16:12:47 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello uname -a FreeBSD ymer.thorshammare.org 10.1-RC3 FreeBSD 10.1-RC3 #0 r273437: Wed Oct= 22 01:27:10 UTC 2014=20 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 I have a bit problems to get some bots blocked. I'm running pf and sshguard= =2E Even tried fail2ban Below is a snippet from my auth.log showing sshguard blocking som IPs, but = nor the bot scans. Both tables abusers and sshguard are empty and allways was. This junk is filling up my logfiles.=20 Any clues what I'm doing wrong or missing ?=20 I'm running two crontabs : # Sshguard 0/1 * * * * root pfctl -t sshguard -T show >/et= c/sshguard 2>/dev/null # # Bruteforce ssh 0/2 * * * * root pfctl -t abusers -T show >/etc= /abusers 2>/dev/null In /etc/ssh/sshd_config I've uncommented : Port 22 AddressFamily any Protocol 2 SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 1m PermitRootLogin no StrictModes yes MaxAuthTries 5 MaxSessions 10 PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no MaxStartups 10:30:100 In my /etc/rc.conf I have : pf_enable=3D"YES" pflog_enable=3D"YES" pflog_logfile=3D"/var/log/pflog" sshguard_enable=3D"YES" sshguard_safety_thresh=3D"30" sshguard_pardon_min_interval=3D"600" sshguard_prescribe_interval=3D"7200" In /etc/pf.conf : ext_if=3D"fxp0" int_if=3D"xl0" webports=3D"{ http, https }" table counters persist table persist set skip on lo scrub in block in pass out block quick from to any block drop in log quick on $ext_if inet from to any pass in on $ext_if proto tcp to any port ssh flags S/SA keep state (max-src= -conn 10, max-src-conn-rate 2/120, overload flush) antispoof quick for { lo $ext_if $int_if } pass in on $ext_if proto tcp to ($ext_if) port ssh pass in log on $ext_if proto tcp to ($ext_if) port smtp pass out log on $ext_if proto tcp from ($ext_if) to port smtp pass in log on $ext_if proto tcp to ($ext_if) port $webports pass out log on $ext_if proto tcp from ($ext_if) to port $webports pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreac= h, redir, timex } Nov 2 07:51:13 ymer sshguard[19225]: Blocking 103.27.24.106:4 for >900secs= : 30 danger in 3 attacks over 18 seconds (all: 30d in 1 abuses over 18s). Nov 2 10:35:35 ymer sshguard[19225]: Blocking 60.190.71.52:4 for >900secs:= 30 danger in 3 attacks over 8 seconds (all: 30d in 1 abuses over 8s). Nov 2 11:09:50 ymer sshguard[19225]: Blocking 122.225.97.105:4 for >900sec= s: 30 danger in 3 attacks over 65 seconds (all: 30d in 1 abuses over 65s). Nov 2 13:10:52 ymer sshguard[19225]: Blocking 50.30.32.19:4 for >900secs: = 30 danger in 3 attacks over 4 seconds (all: 30d in 1 abuses over 4s). Nov 2 14:34:55 ymer sshguard[19225]: Blocking 61.174.51.212:4 for >900secs= : 30 danger in 3 attacks over 69 seconds (all: 30d in 1 abuses over 69s). Nov 2 16:32:09 ymer sshd[42957]: Connection from 202.109.143.110 port 3453= on 192.168.1.2 port 22 Nov 2 16:32:13 ymer sshd[42957]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:32:14 ymer sshd[42959]: Connection from 202.109.143.110 port 2838= on 192.168.1.2 port 22 Nov 2 16:32:17 ymer sshd[42959]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:32:21 ymer sshd[42961]: Connection from 202.109.143.110 port 3611= on 192.168.1.2 port 22 Nov 2 16:32:34 ymer sshd[42961]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:32:41 ymer sshd[42963]: Connection from 202.109.143.110 port 2507= on 192.168.1.2 port 22 Nov 2 16:32:48 ymer sshd[42963]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:32:49 ymer sshd[42965]: Connection from 202.109.143.110 port 4650= on 192.168.1.2 port 22 Nov 2 16:32:52 ymer sshd[42965]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:32:52 ymer sshd[42967]: Connection from 202.109.143.110 port 4650= on 192.168.1.2 port 22 Nov 2 16:33:01 ymer sshd[42967]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:33:02 ymer sshd[42983]: Connection from 202.109.143.110 port 4316= on 192.168.1.2 port 22 Nov 2 16:33:12 ymer sshd[42983]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:33:18 ymer sshd[42985]: Connection from 202.109.143.110 port 2539= on 192.168.1.2 port 22 Nov 2 16:33:27 ymer sshd[42985]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:33:28 ymer sshd[42987]: Connection from 202.109.143.110 port 4555= on 192.168.1.2 port 22 Nov 2 16:33:35 ymer sshd[42987]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:33:38 ymer sshd[42989]: Connection from 202.109.143.110 port 3164= on 192.168.1.2 port 22 Nov 2 16:33:43 ymer sshd[42989]: Disconnecting: Too many authentication fa= ilures for root [preauth] Nov 2 16:33:43 ymer sshd[42991]: Connection from 202.109.143.110 port 4749= on 192.168.1.2 port 22 Nov 2 16:33:52 ymer sshd[42991]: fatal: Read from socket failed: Connectio= n reset by peer [preauth] Best Regards Hasse. --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUVlFsAAoJELatlRZF6goTuIIIAIL18DVJtxewxKZ7Zo3geIR2 Pr+h5UbYDrJreokQT/0mW0SB/ZtDclrA3mfDjErPfGS2SUh924/uu3CjKiRcaqWq XnMYufgwAWJGQIm3xOQop+07lhLbKpE8xlT/FCcvCmPRPtm4v+jv9Be7/MnKhLe/ 0Au2dZBlJk8z75kktMzY7cQ4UOlbULutj+yAhWphOfttt3FsKQE+coi2v4MiaDZm yhGXZ3bCJoqrT/YEdFKUzL1ITvxntKcjLbHuDMsdxIAZQC8DC1kB9ykpsJqC/xuM SECxiUBKi4jB7+dE2p60fNr58xp5f+EBC/VFfluoG6e4o7mqWk2KYDdDBfbTqSo= =PNNJ -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4-- From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 17:12:39 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3399DB0D for ; Sun, 2 Nov 2014 17:12:39 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A643FBAB for ; Sun, 2 Nov 2014 17:12:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id sA2HCZ6R054508; Mon, 3 Nov 2014 04:12:35 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 3 Nov 2014 04:12:34 +1100 (EST) From: Ian Smith To: "William A. Mahaffey III" Subject: Re: Minor rpc question .... In-Reply-To: <20141103012236.X52402@sola.nimnet.asn.au> Message-ID: <20141103032648.W52402@sola.nimnet.asn.au> References: <20141103012236.X52402@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 17:12:39 -0000 William, I've just seen your response at http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html but as I take questions@ as a digest, I won't get it here till tomorrow .. I should have asked you to cc me. So this is a brief hatchet job: > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me > 65000 1795 424041 count ip from any to any > 65100 1371 269257 deny { tcp or udp } from any to any dst-port 111,137,138,513 in > w/ port 513 obviously being denied. However, I don't know where that > is happening :-/ & I thought rule 02500 would let all local traffic > through .... /etc/rc.firewall 'workstation' ruleset allows you to enable inbound access to services, like rwhod. see /etc/defaults/rc.conf for details of rc.conf variables, and rc.firewall for how they're invoked. Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping anyway, perhaps best to enable specific services, even internally? Ah, yes - I see firewall_myservices and firewall_allowservices are only for TCP services. That's a strange omission, if I'm reading it right, especially re rpc. Rather than fixing this properly now for UDP services, I'd just add into /etc/rc.firewall after what's now your 2500 or at any rate before 65000: ${fwcmd} allow udp from ${mynetwork} 513 to me 513 You're already enabling udp services outbound, statefully, which is why you can query other hosts. Now they'll be able to reach you too :) 'service ipfw restart' and you should be good to go. You could remove 513 from firewall_nologports - but now it'll already be passed by then. g'night, Ian From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 22:24:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 996D7E9F for ; Sun, 2 Nov 2014 22:24:08 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 61630D2D for ; Sun, 2 Nov 2014 22:24:07 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-97.adsl.hiwaay.net [216.180.19.97]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA2MO5l6007984 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 2 Nov 2014 16:24:05 -0600 Message-ID: <5456B07C.7030504@hiwaay.net> Date: Sun, 02 Nov 2014 16:30:20 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Minor rpc question .... References: <20141103012236.X52402@sola.nimnet.asn.au> <20141103032648.W52402@sola.nimnet.asn.au> In-Reply-To: <20141103032648.W52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 22:24:08 -0000 On 11/02/14 11:12, Ian Smith wrote: > William, I've just seen your response at > http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html > but as I take questions@ as a digest, I won't get it here till tomorrow > .. I should have asked you to cc me. > > So this is a brief hatchet job: > > > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me > > 65000 1795 424041 count ip from any to any > > 65100 1371 269257 deny { tcp or udp } from any to any dst-port 111,137,138,513 in > > > w/ port 513 obviously being denied. However, I don't know where that > > is happening :-/ & I thought rule 02500 would let all local traffic > > through .... > > /etc/rc.firewall 'workstation' ruleset allows you to enable inbound > access to services, like rwhod. see /etc/defaults/rc.conf for details > of rc.conf variables, and rc.firewall for how they're invoked. > > Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping > anyway, perhaps best to enable specific services, even internally? I did that to start w/ & had trouble getting stuff (NFS) to run, so I just opened up all internal traffic, a bit shaky, on my TODO list to fix, might be a good time now :-) .... > > Ah, yes - I see firewall_myservices and firewall_allowservices are only > for TCP services. That's a strange omission, if I'm reading it right, > especially re rpc. > > Rather than fixing this properly now for UDP services, I'd just add into > /etc/rc.firewall after what's now your 2500 or at any rate before 65000: > > ${fwcmd} allow udp from ${mynetwork} 513 to me 513 > > You're already enabling udp services outbound, statefully, which is why > you can query other hosts. Now they'll be able to reach you too :) > > 'service ipfw restart' and you should be good to go. You could remove > 513 from firewall_nologports - but now it'll already be passed by then. > > g'night, Ian > -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 22:37:41 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BAA81F67 for ; Sun, 2 Nov 2014 22:37:41 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 82646DF1 for ; Sun, 2 Nov 2014 22:37:41 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-97.adsl.hiwaay.net [216.180.19.97]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA2Mbdn5017291 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 2 Nov 2014 16:37:40 -0600 Message-ID: <5456B3AA.1050106@hiwaay.net> Date: Sun, 02 Nov 2014 16:43:54 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Minor rpc question .... References: <20141103012236.X52402@sola.nimnet.asn.au> <20141103032648.W52402@sola.nimnet.asn.au> In-Reply-To: <20141103032648.W52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 22:37:41 -0000 On 11/02/14 11:12, Ian Smith wrote: > William, I've just seen your response at > http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html > but as I take questions@ as a digest, I won't get it here till tomorrow > .. I should have asked you to cc me. > > So this is a brief hatchet job: > > > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me > > 65000 1795 424041 count ip from any to any > > 65100 1371 269257 deny { tcp or udp } from any to any dst-port 111,137,138,513 in > > > w/ port 513 obviously being denied. However, I don't know where that > > is happening :-/ & I thought rule 02500 would let all local traffic > > through .... > > /etc/rc.firewall 'workstation' ruleset allows you to enable inbound > access to services, like rwhod. see /etc/defaults/rc.conf for details > of rc.conf variables, and rc.firewall for how they're invoked. > > Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping > anyway, perhaps best to enable specific services, even internally? > > Ah, yes - I see firewall_myservices and firewall_allowservices are only > for TCP services. That's a strange omission, if I'm reading it right, > especially re rpc. > > Rather than fixing this properly now for UDP services, I'd just add into > /etc/rc.firewall after what's now your 2500 or at any rate before 65000: > > ${fwcmd} allow udp from ${mynetwork} 513 to me 513 > > You're already enabling udp services outbound, statefully, which is why > you can query other hosts. Now they'll be able to reach you too :) > > 'service ipfw restart' and you should be good to go. You could remove > 513 from firewall_nologports - but now it'll already be passed by then. > > g'night, Ian > Well, I put that rule in & opened logging for that port & now I get ruptime info from other boxen, however, I also get log traffic about denied port 513 traffic: [root@kabini1, /etc, 4:34:01pm] 368 % service ipfw restart net.inet.ip.fw.enable: 1 -> 0 net.inet6.ip6.fw.enable: 1 -> 0 Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 01100 check-state 01200 allow tcp from me to any established 01300 allow tcp from me to any setup keep-state 01400 allow udp from me to any keep-state 01500 allow icmp from me to any keep-state 01600 allow ipv6-icmp from me to any keep-state 01700 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out 01800 allow udp from any 67 to me dst-port 68 in 01900 allow udp from any 67 to 255.255.255.255 dst-port 68 in 02000 allow udp from fe80::/10 to me dst-port 546 in 02100 allow icmp from any to any icmptypes 8 02200 allow ipv6-icmp from any to any ip6 icmp6types 128,129 02300 allow icmp from any to any icmptypes 3,4,11 02400 allow ipv6-icmp from any to any ip6 icmp6types 3 02500 allow tcp from 192.168.0.0/16 to me 02600 allow udp from 192.168.0.0/24 513 to me dst-port 513 65000 count ip from any to any 65100 deny { tcp or udp } from any to any dst-port 111,137,138 in 65200 deny { tcp or udp } from 192.168.0.0/16 to me 65300 deny ip from any to 255.255.255.255 65400 deny ip from any to 224.0.0.0/24 in 65500 deny udp from any to any dst-port 520 in 65500 deny tcp from any 80,443 to any dst-port 1024-65535 in 65500 deny log logamount 5000 ip from any to any Firewall rules loaded. [root@kabini1, /etc, 4:34:03pm] 369 % [root@kabini1, /etc, 4:37:13pm] 337 % ( tail -20 /var/log/security ; date ) Oct 30 11:00:00 kabini1 newsyslog[9861]: logfile turned over due to size>100K Oct 30 11:00:30 kabini1 kernel: ipfw: 65500 Deny UDP 92.108.103.99:58507 192.168.0.27:63167 in via re0 Oct 30 11:00:49 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 224.0.0.22 out via re0 Oct 30 11:00:52 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 224.0.0.22 out via re0 Oct 30 11:01:16 kabini1 kernel: ipfw: 65500 Deny UDP 126.43.5.41:6881 192.168.0.27:63167 in via re0 Oct 30 11:02:24 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 224.0.0.22 out via re0 Oct 30 11:02:24 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 224.0.0.22 out via re0 Oct 31 10:16:03 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 192.168.0.27:28277 in via re0 Nov 2 16:31:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 192.168.0.255:513 in via re0 Nov 2 16:32:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 192.168.0.255:513 in via re0 Nov 2 16:32:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 192.168.0.255:513 in via re0 Nov 2 16:34:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 192.168.0.255:513 in via re0 Nov 2 16:35:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 192.168.0.255:513 in via re0 Nov 2 16:35:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 192.168.0.255:513 in via re0 Nov 2 16:37:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 192.168.0.255:513 in via re0 Nov 2 16:38:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 192.168.0.255:513 in via re0 Sun Nov 2 16:38:26 CST 2014 [root@kabini1, /etc, 4:38:26pm] 337 % [wam@kabini1, ~, 9:03:43am] 330 % ruptime -a Q6600 up 299+08:00, 6 users, load 0.03, 0.04, 0.05 athloncube up 45+21:08, 4 users, load 0.00, 0.01, 0.05 kabini1 up 23:01, 1 user, load 0.35, 0.19, 0.10 opty165a up 299+08:00, 4 users, load 0.00, 0.00, 0.00 [wam@kabini1, ~, 4:34:49pm] 330 % ruptime Q6600 down 0:13 athloncube down 0:14 kabini1 up 23:07, 0 users, load 0.21, 0.26, 0.16 opty165a down 0:13 [wam@kabini1, ~, 4:41:57pm] 331 % ruptime -a Q6600 down 0:13 athloncube down 0:14 kabini1 up 23:07, 1 user, load 0.21, 0.26, 0.16 opty165a down 0:13 [wam@kabini1, ~, 4:42:03pm] 332 % err, well, I had it for a second :-/ .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 23:00:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F25E1A13 for ; Sun, 2 Nov 2014 23:00:08 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B8964FB6 for ; Sun, 2 Nov 2014 23:00:08 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-97.adsl.hiwaay.net [216.180.19.97]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA2N07P1029077 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Sun, 2 Nov 2014 17:00:07 -0600 Message-ID: <5456B8EE.6030009@hiwaay.net> Date: Sun, 02 Nov 2014 17:06:22 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Minor rpc question .... References: <20141103012236.X52402@sola.nimnet.asn.au> <20141103032648.W52402@sola.nimnet.asn.au> <5456B3AA.1050106@hiwaay.net> In-Reply-To: <5456B3AA.1050106@hiwaay.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 23:00:09 -0000 On 11/02/14 16:43, William A. Mahaffey III wrote: > On 11/02/14 11:12, Ian Smith wrote: >> William, I've just seen your response at >> http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html >> >> but as I take questions@ as a digest, I won't get it here till tomorrow >> .. I should have asked you to cc me. >> >> So this is a brief hatchet job: >> >> > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me >> > 65000 1795 424041 count ip from any to any >> > 65100 1371 269257 deny { tcp or udp } from any to any >> dst-port 111,137,138,513 in >> >> > w/ port 513 obviously being denied. However, I don't know where that >> > is happening :-/ & I thought rule 02500 would let all local traffic >> > through .... >> >> /etc/rc.firewall 'workstation' ruleset allows you to enable inbound >> access to services, like rwhod. see /etc/defaults/rc.conf for details >> of rc.conf variables, and rc.firewall for how they're invoked. >> >> Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping >> anyway, perhaps best to enable specific services, even internally? >> >> Ah, yes - I see firewall_myservices and firewall_allowservices are only >> for TCP services. That's a strange omission, if I'm reading it right, >> especially re rpc. >> >> Rather than fixing this properly now for UDP services, I'd just add into >> /etc/rc.firewall after what's now your 2500 or at any rate before 65000: >> >> ${fwcmd} allow udp from ${mynetwork} 513 to me 513 >> >> You're already enabling udp services outbound, statefully, which is why >> you can query other hosts. Now they'll be able to reach you too :) >> >> 'service ipfw restart' and you should be good to go. You could remove >> 513 from firewall_nologports - but now it'll already be passed by then. >> >> g'night, Ian >> > > Well, I put that rule in & opened logging for that port & now I get > ruptime info from other boxen, however, I also get log traffic about > denied port 513 traffic: > > [root@kabini1, /etc, 4:34:01pm] 368 % service ipfw restart > net.inet.ip.fw.enable: 1 -> 0 > net.inet6.ip6.fw.enable: 1 -> 0 > Flushed all rules. > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 deny ip from any to ::1 > 00500 deny ip from ::1 to any > 00600 allow ipv6-icmp from :: to ff02::/16 > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > 01100 check-state > 01200 allow tcp from me to any established > 01300 allow tcp from me to any setup keep-state > 01400 allow udp from me to any keep-state > 01500 allow icmp from me to any keep-state > 01600 allow ipv6-icmp from me to any keep-state > 01700 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out > 01800 allow udp from any 67 to me dst-port 68 in > 01900 allow udp from any 67 to 255.255.255.255 dst-port 68 in > 02000 allow udp from fe80::/10 to me dst-port 546 in > 02100 allow icmp from any to any icmptypes 8 > 02200 allow ipv6-icmp from any to any ip6 icmp6types 128,129 > 02300 allow icmp from any to any icmptypes 3,4,11 > 02400 allow ipv6-icmp from any to any ip6 icmp6types 3 > 02500 allow tcp from 192.168.0.0/16 to me > 02600 allow udp from 192.168.0.0/24 513 to me dst-port 513 > 65000 count ip from any to any > 65100 deny { tcp or udp } from any to any dst-port 111,137,138 in > 65200 deny { tcp or udp } from 192.168.0.0/16 to me > 65300 deny ip from any to 255.255.255.255 > 65400 deny ip from any to 224.0.0.0/24 in > 65500 deny udp from any to any dst-port 520 in > 65500 deny tcp from any 80,443 to any dst-port 1024-65535 in > 65500 deny log logamount 5000 ip from any to any > Firewall rules loaded. > [root@kabini1, /etc, 4:34:03pm] 369 % > > > [root@kabini1, /etc, 4:37:13pm] 337 % ( tail -20 /var/log/security ; > date ) > Oct 30 11:00:00 kabini1 newsyslog[9861]: logfile turned over due to > size>100K > Oct 30 11:00:30 kabini1 kernel: ipfw: 65500 Deny UDP > 92.108.103.99:58507 192.168.0.27:63167 in via re0 > Oct 30 11:00:49 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Oct 30 11:00:52 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Oct 30 11:01:16 kabini1 kernel: ipfw: 65500 Deny UDP 126.43.5.41:6881 > 192.168.0.27:63167 in via re0 > Oct 30 11:02:24 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Oct 30 11:02:24 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > 224.0.0.22 out via re0 > Oct 31 10:16:03 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > 192.168.0.27:28277 in via re0 > Nov 2 16:31:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > 192.168.0.255:513 in via re0 > Nov 2 16:32:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > 192.168.0.255:513 in via re0 > Nov 2 16:32:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > 192.168.0.255:513 in via re0 > Nov 2 16:34:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > 192.168.0.255:513 in via re0 > Nov 2 16:35:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > 192.168.0.255:513 in via re0 > Nov 2 16:35:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > 192.168.0.255:513 in via re0 > Nov 2 16:37:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > 192.168.0.255:513 in via re0 > Nov 2 16:38:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > 192.168.0.255:513 in via re0 > Sun Nov 2 16:38:26 CST 2014 > [root@kabini1, /etc, 4:38:26pm] 337 % > > [wam@kabini1, ~, 9:03:43am] 330 % ruptime -a > Q6600 up 299+08:00, 6 users, load 0.03, > 0.04, 0.05 > athloncube up 45+21:08, 4 users, load 0.00, > 0.01, 0.05 > kabini1 up 23:01, 1 user, load 0.35, > 0.19, 0.10 > opty165a up 299+08:00, 4 users, load 0.00, > 0.00, 0.00 > [wam@kabini1, ~, 4:34:49pm] 330 % ruptime > Q6600 down 0:13 > athloncube down 0:14 > kabini1 up 23:07, 0 users, load 0.21, > 0.26, 0.16 > opty165a down 0:13 > [wam@kabini1, ~, 4:41:57pm] 331 % ruptime -a > Q6600 down 0:13 > athloncube down 0:14 > kabini1 up 23:07, 1 user, load 0.21, > 0.26, 0.16 > opty165a down 0:13 > [wam@kabini1, ~, 4:42:03pm] 332 % > > > err, well, I had it for a second :-/ .... > Sooooo tacky to self reply, but it seems warranted here. Using the ipfw command: ${fwcmd} add pass udp from 192.168.0.0/24 513 to 192.168.0.0/24 513 gets ruptime traffic in/out *and* cuts out extraneous logging .... Just for posterity :-) .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Sun Nov 2 23:30:44 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0454C430 for ; Sun, 2 Nov 2014 23:30:44 +0000 (UTC) Received: from phlegethon.blisses.org (phlegethon.blisses.org [50.56.97.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D8BE1319 for ; Sun, 2 Nov 2014 23:30:43 +0000 (UTC) Received: from blisses.org (cocytus.blisses.org [23.25.209.73]) by phlegethon.blisses.org (Postfix) with ESMTPSA id 39F481F14BB; Sun, 2 Nov 2014 18:30:36 -0500 (EST) Date: Sun, 2 Nov 2014 18:30:34 -0500 From: Mason Loring Bliss To: Shane Ambler Subject: Re: Whence RC4? Message-ID: <20141102233034.GG17150@blisses.org> References: <20141031150107.GY17150@blisses.org> <5455C12B.10000@ShaneWare.Biz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5455C12B.10000@ShaneWare.Biz> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 23:30:44 -0000 On Sun, Nov 02, 2014 at 03:59:15PM +1030, Shane Ambler wrote: > >While I'm interested in this, I've also got the secondary goal of exploring > >how to move back to using binary patches and freebsd-update > > see 'man freebsd-update' - the upgrade command is used to change > release versions - RC to release needs an upgrade not just an update As it turns out, I was able to take my RC3 system (compiled just after RC3 hit 10.1-releng) and use freebsd-update to move to RC4. This seems pretty convenient. I'm going to unroll tarballs so all my checksums match for the IDS function, but it seems that it was willing to apply updates based on what changed between RC3 and RC4 despite my having built the RC3 locally. > >How does FreeBSD deal with the lack of CVS-style tags? If one wanted to > >recreate a 10.1-RC2 build, for instance, is there a sane way to do it, or > >would it involve grovelling through commit logs for clues? > > Not sure what is officially used - sys/conf/newvers.sh is most likely > the file to look at, it's commit log is mostly RC/Beta tags. So I'd update to the revision noted for that file then? My personal use of SVN has largely been archival for a while now, so I've not had to deal with jumping between tags or its SVN equivalent. I think I'll do some reading to fill the gaps, but finding the commit where that file changed version seems reasonable. Thanks! -- The creatures outside looked from pig to man, and from man to pig, and from pig to man again; but already it was impossible to say which was which. - G. Orwell From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 00:40:18 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C585C3D2 for ; Mon, 3 Nov 2014 00:40:18 +0000 (UTC) Received: from mx2.blackfoot.net (mx2.blackfoot.net [216.14.232.11]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "spam.blackfoot.net", Issuer "GeoTrust DV SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9C081AF2 for ; Mon, 3 Nov 2014 00:40:18 +0000 (UTC) Received: from blackfoot.vision.net ([216.220.3.42]) by mx2.blackfoot.net ({f463150a-8fc3-47f8-9d9f-72f34f8bb0de}) via TCP (outbound) with ESMTP id 20141103003637512 for ; Mon, 03 Nov 2014 00:36:37 +0000 X-RC-FROM: X-RC-RCPT: Received: from webmail.blackfoot.net (unknown [10.40.25.30]) (Authenticated sender: vagabond) by blackfoot.vision.net (Postfix) with ESMTPA id E23037561 for ; Sun, 2 Nov 2014 17:36:36 -0700 (MST) Received: from 66.109.141.62 (SquirrelMail authenticated user vagabond) by webmail.blackfoot.net with HTTP; Sun, 2 Nov 2014 17:36:36 -0700 Message-ID: <599e4f103ff31da5eaa712463a573600.squirrel@webmail.blackfoot.net> Date: Sun, 2 Nov 2014 17:36:36 -0700 Subject: natd not translating? From: "Gary Aitken" To: "Freebsd Questions" User-Agent: SquirrelMail/1.4.22 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-MAG-OUTBOUND: blackfoot.redcondor.net@216.220.3.42/32 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 00:40:18 -0000 Hi all, I'm trying to set up natd and can't for the life of me figure out what's wrong with my config. natd.conf: use_sockets same_ports unregistered_only verbose alias_address 66.109.141.60 What I see: In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60? From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 01:56:40 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 14737E00 for ; Mon, 3 Nov 2014 01:56:40 +0000 (UTC) Received: from h3lix.wtfayla.net (helix.wtfayla.net [24.105.170.68]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DCF1B1E8 for ; Mon, 3 Nov 2014 01:56:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by h3lix.wtfayla.net (Postfix) with ESMTP id 0C9E584C08 for ; Sun, 2 Nov 2014 20:49:51 -0500 (EST) Received: from h3lix.wtfayla.net ([127.0.0.1]) by localhost (h3lix.wtfayla.net [127.0.0.1]) (maiad, port 10024) with ESMTP id 89713-05 for ; Sun, 2 Nov 2014 20:49:50 -0500 (EST) Received: from helix.wtfayla.net (helix.wtfayla.net [24.105.170.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by h3lix.wtfayla.net (Postfix) with ESMTPS id B540184C04 for ; Sun, 2 Nov 2014 20:49:50 -0500 (EST) Date: Sun, 2 Nov 2014 20:49:50 -0500 (EST) From: freebsd@fongaboo.com X-X-Sender: fongaboo@helix.wtfayla.net To: freebsd-questions@freebsd.org Subject: Can't get Unbound caching/recursive server to answer on outside IP In-Reply-To: <86lhnup5l3.fsf@gly.ftfl.ca> Message-ID: References: <86lhnup5l3.fsf@gly.ftfl.ca> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 01:56:40 -0000 Have a FreeBSD 10 machine. Have two outside IPs bound to it. First IP has NSD running as an authoritative server. THis is specified specifically in the interface entry of nsd.conf. Trying to run caching/recursive nameserver with unbound on the second IP. I specified the following entries in unbound.conf: interface: 127.0.0.1 interface: I followed the tutorial at https://calomel.org/unbound_dns.html. I added lines for unbound-control. But other than that, and the extra interface lines, its as specified in the tutorial... Oh, also the locations are modified from /var/unbound/etc/ to /var/unbound/. I can get it to resolve when I run nslookup and set the server to 127.0.0.1, but not when I set it to the second IP. I'm wondering if something else is floating around on 127.0.0.1 port 53? Because when I run unbound-control dump_requestlist, I get an empty list. I would think I would see the requests I made successfully on 127.0.0.1. BTW, I have this in IPFW: allow udp from any to any dst-port 53 in Any ideas why I can't get answers on the second IP? ------------------------------------------------------------------------- shot through the heart ooh baby do you know what that's worth and you're to blame ooh heaven is a place on earth darling you give love they say in heaven love comes first a bad name we'll make heaven a place on earth ORBITAL "Halcyon Live" From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 06:30:57 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0A2EABF1 for ; Mon, 3 Nov 2014 06:30:57 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E2593DDE for ; Mon, 3 Nov 2014 06:30:56 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1XlBA8-0002or-Pd for freebsd-questions@freebsd.org; Sun, 02 Nov 2014 22:30:48 -0800 Date: Sun, 2 Nov 2014 22:30:48 -0800 (PST) From: gaganneel To: freebsd-questions@freebsd.org Message-ID: <1414996248787-5962041.post@n5.nabble.com> In-Reply-To: <1407999929172-5938151.post@n5.nabble.com> References: <1407999929172-5938151.post@n5.nabble.com> Subject: Re: Ost to Pst Converter MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 06:30:57 -0000 Try also Kernel for OST to PST software and convert OST files in PST files. Free download click here : http://www.osttopstconvert.recoveryfiles.org Try also ost2pst download software. -- View this message in context: http://freebsd.1045724.n5.nabble.com/Ost-to-Pst-Converter-tp5938151p5962041.html Sent from the freebsd-questions mailing list archive at Nabble.com. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 09:28:24 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 30C1BD9C for ; Mon, 3 Nov 2014 09:28:24 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 12BDA280 for ; Mon, 3 Nov 2014 09:28:23 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1XlDvy-0002MF-Nl for freebsd-questions@freebsd.org; Mon, 03 Nov 2014 01:28:22 -0800 Date: Mon, 3 Nov 2014 01:28:22 -0800 (PST) From: Simon_cortez To: freebsd-questions@freebsd.org Message-ID: <1415006902723-5962098.post@n5.nabble.com> In-Reply-To: <1407999929172-5938151.post@n5.nabble.com> References: <1407999929172-5938151.post@n5.nabble.com> Subject: Kernel for OST to PST conversion tool MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 09:28:24 -0000 Repair and recover Outlook offline storage table (.ost) file with the help = of Kernel for =E2=80=8B OST to PST conversion = Software. This tool is capable to recover all corrupt and deleted items such as email messages, complete attachments, appointments, contacts, journals, notes, et= c from MS Outlook mailbox and convert them Personal Storage Table (.pst) file format. =E2=80=8B ost2pst download tool is an advanced solution for Outlook users with the help of this tool you can easily fix all MS Outlook corruption issue . -- View this message in context: http://freebsd.1045724.n5.nabble.com/Ost-to-P= st-Converter-tp5938151p5962098.html Sent from the freebsd-questions mailing list archive at Nabble.com. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 15:41:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 97251AF3 for ; Mon, 3 Nov 2014 15:41:55 +0000 (UTC) Received: from stucaprelay.upprovider.it (stucaprelay.upprovider.it [185.6.73.117]) by mx1.freebsd.org (Postfix) with ESMTP id 52682B7 for ; Mon, 3 Nov 2014 15:41:54 +0000 (UTC) Received: from scprod53.upprovider.it (scprod53.upprovider.it [185.6.72.219]) by stucaprelay.upprovider.it (Postfix) with ESMTPS id 0701E262BB for ; Mon, 3 Nov 2014 15:06:39 +0100 (CET) Received: by scprod53.upprovider.it (Postfix, from userid 10036) id 60B9617470E; Mon, 3 Nov 2014 15:06:38 +0100 (CET) To: freebsd-questions@freebsd.org Subject: Postal Notification X-PHP-Originating-Script: 10036:.system.php(233) : eval()'d code From: "FedEx International First" X-Mailer: IceWarpWebMail4.1.4 Reply-To: "FedEx International First" Mime-Version: 1.0 Message-Id: <20141103140638.60B9617470E@scprod53.upprovider.it> Date: Mon, 3 Nov 2014 15:06:38 +0100 (CET) X-wmr-relayer-MailScanner-ID: 0701E262BB.AFAFF X-wmr-relayer-MailScanner: Found to be clean X-wmr-relayer-MailScanner-From: kappazeta.it@scprod53.upprovider.it X-Spam-Status: No Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 15:41:55 -0000   FedEx Dear Customer, Your parcel has arrived at October 30. Courier was unable to deliver the parcel to you. To receive your parcel, print this label and go to the nearest office. Get Shipment Label FedEx 1995-2014 From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 16:01:28 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7DDFAE45 for ; Mon, 3 Nov 2014 16:01:28 +0000 (UTC) Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 419C627F for ; Mon, 3 Nov 2014 16:01:28 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id rd18so5622889iec.13 for ; Mon, 03 Nov 2014 08:01:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=8B0ZQRavdIW5IeXZLvcMPOB4XoaCGUasoDzyS4MmxP8=; b=dI28WzmozuL31UXMkKkwRPBiKeK0f2F9jp6zWqBTvd1xIthLJ3F4nsAh7EfLiTXJbK fecbla6pl5O84PX5sEjEEEI09z/W5z4RWJY0PXQr4u7iy+5t9l0enVnwWOGEh1AwioFK +Y2vjdaif5HmfQmd5X3Ts9a9QIIA/jSHPtAnp2CpQEWPY1Hnq2e3EvYJOlk2qE6asThe 9nqvwH+9Mc3nPe6jfit0/+i57nf/fONJ08t/pV88ULVIj2wAurCQ2xa5K+0NA8p7EjFy iSpwA9ukTfIsrwCGJnPrFimtakasySM0R1bq+K717HSNi0/joMH62Gb3xXHhRwsuzjeO DoWg== X-Received: by 10.107.34.65 with SMTP id i62mr9803928ioi.4.1415030487626; Mon, 03 Nov 2014 08:01:27 -0800 (PST) Received: from localhost.localdomain (63-225-227-131.slkc.qwest.net. [63.225.227.131]) by mx.google.com with ESMTPSA id kd2sm3817406igb.14.2014.11.03.08.01.26 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Nov 2014 08:01:26 -0800 (PST) Message-ID: <5457A6D1.5050209@gmail.com> Date: Mon, 03 Nov 2014 09:01:21 -0700 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Postal Notification References: <20141103140638.60B9617470E@scprod53.upprovider.it> In-Reply-To: <20141103140638.60B9617470E@scprod53.upprovider.it> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 16:01:28 -0000 Is there a way to PREVENT such spam??? On 11/03/2014 07:06 AM, FedEx International First wrote: > > > > > >   > > > FedEx > > > > > > > > > > > Dear Customer, > > Your parcel has arrived at October 30. Courier was unable to deliver > the parcel to you. > To receive your parcel, print this label and go to the nearest office. > > > > > > > > > Get Shipment Label > > > > > > > > > > > > > FedEx 1995-2014 > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 16:09:17 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98369224 for ; Mon, 3 Nov 2014 16:09:17 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 64E8931B for ; Mon, 3 Nov 2014 16:09:17 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-104.adsl.hiwaay.net [216.180.19.104]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA3G99aH020141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Mon, 3 Nov 2014 10:09:10 -0600 Message-ID: <5457AA1D.5070602@hiwaay.net> Date: Mon, 03 Nov 2014 10:15:25 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Postal Notification References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> In-Reply-To: <5457A6D1.5050209@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 16:09:17 -0000 On 11/03/14 10:01, jd1008 wrote: I 2nd this motion. The #1 source of SPAM which makes it to my home PC (this FBSD 9.3p3 box) is crap going to this list, which I have whitelisted :-/ .... > Is there a way to PREVENT such spam??? > > On 11/03/2014 07:06 AM, FedEx International First wrote: >> >> >> >> >> >>   >> >> >> FedEx >> >> >> >> >> >> >> >> >> >> >> Dear Customer, >> >> Your parcel has arrived at October 30. Courier was unable to deliver >> the parcel to you. >> To receive your parcel, print this label and go to the nearest office. >> >> >> >> >> >> >> >> >> Get Shipment Label >> >> >> >> >> >> >> >> >> >> >> >> >> FedEx 1995-2014 >> >> >> >> >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 16:49:02 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5ADCBFC for ; Mon, 3 Nov 2014 16:49:02 +0000 (UTC) Received: from mario.brtsvcs.net (mario.brtsvcs.net [199.48.128.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7E4A9A41 for ; Mon, 3 Nov 2014 16:49:02 +0000 (UTC) Received: from chombo.houseloki.net (c-73-37-112-64.hsd1.or.comcast.net [73.37.112.64]) by mario.brtsvcs.net (Postfix) with ESMTPSA id A82F22C160F; Mon, 3 Nov 2014 08:48:54 -0800 (PST) Received: from [IPv6:2601:7:2580:674:baca:3aff:fe83:bd29] (unknown [IPv6:2601:7:2580:674:baca:3aff:fe83:bd29]) by chombo.houseloki.net (Postfix) with ESMTPSA id 349E1B34; Mon, 3 Nov 2014 08:48:52 -0800 (PST) Message-ID: <5457B1F1.5000502@bluerosetech.com> Date: Mon, 03 Nov 2014 08:48:49 -0800 From: Darren Pilgrim Reply-To: freebsd-questions@freebsd.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: jd1008 , freebsd-questions@freebsd.org Subject: Re: Postal Notification References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> In-Reply-To: <5457A6D1.5050209@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 16:49:02 -0000 On 11/3/2014 8:01 AM, jd1008 wrote: > Is there a way to PREVENT such spam??? The spam was sent through the mailing list. There is no way to stop spammers from abusing mailing lists unless you make the list closed access (which would utterly defeat the point of the FreeBSD MLs). The FreeBSD mail admin(s) actually do a pretty good job. These are very old, very well known open lists and the spam rate is very low. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 17:14:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9758462A for ; Mon, 3 Nov 2014 17:14:29 +0000 (UTC) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D6FDD41 for ; Mon, 3 Nov 2014 17:14:28 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id s18so4498150lam.27 for ; Mon, 03 Nov 2014 09:14:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=vFM0tfTFnb2CVfVJceA4J2Hqry4SCv/9hmCZVmySE5k=; b=JDK+ijiOSh5alzJ+9BKVH3cZUG2y1706OKxrYCect3Q+yHU3z3R3wkyPs/Ci23YyE3 FD3LKaxBHqnzuW2M6RC9HE/z/0mcwieS1ZIXDh8bC+OiSAGxriCMg3I7zUrPff82naIO /eIPsMkHoBw7mBF3Qx7YnHnmGtjx0KXfyobdaNOJ3eIyoWWWP2W99nORmUVsth4+/RHT 8sozv9BoY6fC7ktsy0Wux1MlYRncZ1qaGuiytl4xbFzjeeCswiO4kbxGvQaQx1VKQsHU aw6LEBk0dkFYqHQQoKMRVgkV9wcX4Wmk2W3tbY77ONzHHmWodudy0o7GR6kzo9BY8y1Q X/Fw== X-Gm-Message-State: ALoCoQnAAgqFPdfQyWlcPq0bengluZmWcsYZOlYH/POcRG3e/fyBpKJOc+3CGKf6yXDiVzd3sFAk MIME-Version: 1.0 X-Received: by 10.152.120.73 with SMTP id la9mr52436904lab.23.1415034531798; Mon, 03 Nov 2014 09:08:51 -0800 (PST) Received: by 10.152.103.102 with HTTP; Mon, 3 Nov 2014 09:08:51 -0800 (PST) X-Originating-IP: [76.252.236.89] Received: by 10.152.103.102 with HTTP; Mon, 3 Nov 2014 09:08:51 -0800 (PST) In-Reply-To: <5457B1F1.5000502@bluerosetech.com> References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> <5457B1F1.5000502@bluerosetech.com> Date: Mon, 3 Nov 2014 09:08:51 -0800 Message-ID: Subject: Re: Postal Notification From: "Brian W." To: FreeBSD Mailing List Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: jd1008 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 17:14:29 -0000 I use Gmail for these lisys and they pick off all the international stuff I don't want or can't read pretty well. Brian On Nov 3, 2014 8:49 AM, "Darren Pilgrim" wrote: > On 11/3/2014 8:01 AM, jd1008 wrote: > >> Is there a way to PREVENT such spam??? >> > > The spam was sent through the mailing list. There is no way to stop > spammers from abusing mailing lists unless you make the list closed access > (which would utterly defeat the point of the FreeBSD MLs). The FreeBSD > mail admin(s) actually do a pretty good job. These are very old, very well > known open lists and the spam rate is very low. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 17:20:31 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3A5579B3 for ; Mon, 3 Nov 2014 17:20:31 +0000 (UTC) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F1DA3E1B for ; Mon, 3 Nov 2014 17:20:30 +0000 (UTC) Received: from r56.edvax.de (port-92-195-37-193.dynamic.qsc.de [92.195.37.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 9BC013CCB0; Mon, 3 Nov 2014 18:20:21 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id sA3HKLrG003585; Mon, 3 Nov 2014 18:20:21 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 3 Nov 2014 18:20:21 +0100 From: Polytropon To: "William A. Mahaffey III" Subject: Re: Postal Notification Message-Id: <20141103182021.5748167b.freebsd@edvax.de> In-Reply-To: <5457AA1D.5070602@hiwaay.net> References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> <5457AA1D.5070602@hiwaay.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 17:20:31 -0000 On Mon, 03 Nov 2014 10:15:25 -0600, William A. Mahaffey III wrote: > On 11/03/14 10:01, jd1008 wrote: > > > I 2nd this motion. The #1 source of SPAM which makes it to my home PC > (this FBSD 9.3p3 box) is crap going to this list, which I have > whitelisted :-/ .... This mailing list is public. It also is not being moderated. However, you can easily filter spam on client side, for example, if the messages contain HTML garbage, or certain keywords are met. Filtering for certain X-Mailer strings is also possible. If you don't want to do this in your MUA, you can use your MTA to do this at an earlier stage (either by deleting the offending messages, or simply denying to receive them). In my opinion, this is not even worth the time, as there is only _few_ spam on this list (compared to others!) which only requires a single DEL keypress to be deleted. In most cases, the subject is fully sufficient to determine if this action is required. This opinion illustrates that I'm a lazy person who doesn't receive thousands of messages per day to be bothered automating anything. ;-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 17:25:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 58D79B00 for ; Mon, 3 Nov 2014 17:25:42 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9126FE5B for ; Mon, 3 Nov 2014 17:25:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id sA3HPVuO003319; Tue, 4 Nov 2014 04:25:31 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 4 Nov 2014 04:25:30 +1100 (EST) From: Ian Smith To: "William A. Mahaffey III" Subject: Re: Minor rpc question .... In-Reply-To: Message-ID: <20141104020556.J52402@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 17:25:42 -0000 In freebsd-questions Digest, Vol 544, Issue 1, Message: 7 On Sun, 02 Nov 2014 17:06:22 -0600 "William A. Mahaffey III" wrote: > On 11/02/14 16:43, William A. Mahaffey III wrote: > > On 11/02/14 11:12, Ian Smith wrote: > >> William, I've just seen your response at > >> http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html > >> > >> but as I take questions@ as a digest, I won't get it here till tomorrow > >> .. I should have asked you to cc me. Just got here. If you (or anyone) do respond to this, please cc me! Some spring pruning: > >> > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me > >> > 65000 1795 424041 count ip from any to any > >> > 65100 1371 269257 deny { tcp or udp } from any to any > >> dst-port 111,137,138,513 in > >> > >> > w/ port 513 obviously being denied. However, I don't know where that > >> > is happening :-/ & I thought rule 02500 would let all local traffic > >> > through .... > >> Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping > >> anyway, perhaps best to enable specific services, even internally? > >> > >> Ah, yes - I see firewall_myservices and firewall_allowservices are only > >> for TCP services. That's a strange omission, if I'm reading it right, > >> especially re rpc. Well, well .. while browsing freebsd-current@ archives earlier, looking for something else entirely, I came across this PR with commit to HEAD: Bug 194292 - Patch for adding firewall_myservices_tcp and firewall_myservices_udp support to rc.conf: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194292 > >> Rather than fixing this properly now for UDP services, I'd just add into > >> /etc/rc.firewall after what's now your 2500 or at any rate before 65000: > >> > >> ${fwcmd} allow udp from ${mynetwork} 513 to me 513 Turns out 'me' was an unfortunate choice for this service, see below .. > >> You're already enabling udp services outbound, statefully, which is why > >> you can query other hosts. Now they'll be able to reach you too :) > >> > >> 'service ipfw restart' and you should be good to go. You could remove > >> 513 from firewall_nologports - but now it'll already be passed by then. > > Well, I put that rule in & opened logging for that port & now I get > > ruptime info from other boxen, however, I also get log traffic about > > denied port 513 traffic: > > > > [root@kabini1, /etc, 4:34:01pm] 368 % service ipfw restart > > net.inet.ip.fw.enable: 1 -> 0 > > net.inet6.ip6.fw.enable: 1 -> 0 > > Flushed all rules. > > 00100 allow ip from any to any via lo0 [.. as before ..] > > 01100 check-state > > 01200 allow tcp from me to any established > > 01300 allow tcp from me to any setup keep-state > > 01400 allow udp from me to any keep-state > > 01500 allow icmp from me to any keep-state [..] > > 02500 allow tcp from 192.168.0.0/16 to me > > 02600 allow udp from 192.168.0.0/24 513 to me dst-port 513 [..] > > 65500 deny log logamount 5000 ip from any to any > > Firewall rules loaded. > > [root@kabini1, /etc, 4:34:03pm] 369 % > > [root@kabini1, /etc, 4:37:13pm] 337 % ( tail -20 /var/log/security ; > > date ) > > Oct 30 11:00:00 kabini1 newsyslog[9861]: logfile turned over due to > > size>100K > > Oct 30 11:00:30 kabini1 kernel: ipfw: 65500 Deny UDP > > 92.108.103.99:58507 192.168.0.27:63167 in via re0 > > Oct 30 11:00:49 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > > 224.0.0.22 out via re0 > > Oct 30 11:00:52 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > > 224.0.0.22 out via re0 Your box tries talking IGMP (see /etc/protocols) to a multicast port: igmp 2 IGMP # internet group management protocol I know nothing about IGMP, but see there's nothing here to permit it. > > Oct 30 11:01:16 kabini1 kernel: ipfw: 65500 Deny UDP 126.43.5.41:6881 > > 192.168.0.27:63167 in via re0 Torrents, eh? You'll need rule/s allowing that, assuming you offer inbound connections and that your upstream NAT router is forwarding a chosen port to you. I had to do this for my daughter not long ago :) and in 'workstation' it's another service - UDP and perhaps TCP too? - that you'll need to allow inbound .. unicast, so 'me' would be ok. [.. more IGMP ..] > > Oct 31 10:16:03 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > > 192.168.0.27:28277 in via re0 Likely a late response to a DNS query, not uncommon. You can adjust the dynamic timeouts by sysctls if need be, see ipfw(8); the default for net.inet.ip.fw.dyn_udp_lifetime=5 seconds, often insufficient for DNS. > > Nov 2 16:31:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:32:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:32:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:34:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:35:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:35:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:37:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > 192.168.0.255:513 in via re0 > > Nov 2 16:38:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > 192.168.0.255:513 in via re0 Right .. all of these are to 192.168.0.255, the broadcast address for that /24. 'me' is defined as any address configured on an interface on the system .. so apparently 'me' doesn't include the broadcast address, assuming ifconfig shows you have re0 configured as 192.168.0.27/24 with that broadcast address? > > Sun Nov 2 16:38:26 CST 2014 > > [root@kabini1, /etc, 4:38:26pm] 337 % > > > > [wam@kabini1, ~, 9:03:43am] 330 % ruptime -a > > Q6600 up 299+08:00, 6 users, load 0.03, > > 0.04, 0.05 > > athloncube up 45+21:08, 4 users, load 0.00, > > 0.01, 0.05 > > kabini1 up 23:01, 1 user, load 0.35, > > 0.19, 0.10 > > opty165a up 299+08:00, 4 users, load 0.00, > > 0.00, 0.00 > > [wam@kabini1, ~, 4:34:49pm] 330 % ruptime > > Q6600 down 0:13 > > athloncube down 0:14 > > kabini1 up 23:07, 0 users, load 0.21, > > 0.26, 0.16 > > opty165a down 0:13 > > [wam@kabini1, ~, 4:41:57pm] 331 % ruptime -a > > Q6600 down 0:13 > > athloncube down 0:14 > > kabini1 up 23:07, 1 user, load 0.21, > > 0.26, 0.16 > > opty165a down 0:13 > > [wam@kabini1, ~, 4:42:03pm] 332 % > > > > > > err, well, I had it for a second :-/ .... I think your outbound queries (yes, to 192.168.0.255) got responses due to the stateful UDP rule at 1400, but later, when you weren't querying directly, other systems' broadcast queries were not being allowed in. > Sooooo tacky to self reply, but it seems warranted here. Using the ipfw > command: > > ${fwcmd} add pass udp from 192.168.0.0/24 513 to 192.168.0.0/24 513 > > gets ruptime traffic in/out *and* cuts out extraneous logging .... Just > for posterity :-) .... Yes that does it, because it allows packets in to the broadcast address. Sorry I misled you with that 'me' rule; I didn't consider broadcasts, even while knowing that's how rwhod has always worked :) I've rarely used 'me', preferring to use specific addresses (including broadcast) cheers, Ian From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 18:13:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2F32FE62 for ; Mon, 3 Nov 2014 18:13:09 +0000 (UTC) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 86BCB657 for ; Mon, 3 Nov 2014 18:13:07 +0000 (UTC) Received: from kw.news4all.se (localhost [127.0.0.1]) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id sA3I6ATV003260; Mon, 3 Nov 2014 19:06:11 +0100 (CET) (envelope-from bah@bananmonarki.se) Message-ID: <5457C412.9060909@bananmonarki.se> Date: Mon, 03 Nov 2014 19:06:10 +0100 From: Bernt Hansson User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: jd1008 , freebsd-questions@freebsd.org Subject: Re: Postal Notification References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> In-Reply-To: <5457A6D1.5050209@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 18:13:09 -0000 On 2014-11-03 17:01, jd1008 wrote: > Is there a way to PREVENT such spam??? > Yes. Filter on the messageheader. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 19:05:50 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2A6AAD4D for ; Mon, 3 Nov 2014 19:05:50 +0000 (UTC) Received: from mail-qc0-x229.google.com (mail-qc0-x229.google.com [IPv6:2607:f8b0:400d:c01::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB107BB5 for ; Mon, 3 Nov 2014 19:05:49 +0000 (UTC) Received: by mail-qc0-f169.google.com with SMTP id i17so9751298qcy.28 for ; Mon, 03 Nov 2014 11:05:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:content-type:subject:date:to:cc :message-id; bh=Wxfa9bMTSCdgHuEbmISc5zLCEi796QFK/dqxNEcY3Xs=; b=CaRY3gAiI7qJatjjecDcOpwgQXAgpiUOJgGO+/BNGVKpbZI8d7AzgWr5HQAj/gsGP2 RPAVqn/Iz7ym5ggAv4PDtEy1MAjQCZRKHHqKV72DfNOaVSlK5bJLK+o2zERwIAo40OUz y9JDlJz9cM2XWEBlEbaMGIt2mXMZHkfDJVB/K9nT2NEBGtO9FgMZ0JGO8HK34ybczEj7 FEEiJO/rCrD+B0vopPnD2juIRczHc3u9Dkk05e5fczJhwt7FkWOeYCOqbGIR16lmcRii /mSMxz2kzaC2LiKJ/gotIVKjscWUVCvJRBV1Z6plx7RTeFXL+rDvdspFzoWq5Fcf2XKZ 8zeA== X-Received: by 10.140.101.68 with SMTP id t62mr36313478qge.92.1415041548948; Mon, 03 Nov 2014 11:05:48 -0800 (PST) Received: from cyanogenmod.home (pool-71-185-80-109.phlapa.fios.verizon.net. [71.185.80.109]) by mx.google.com with ESMTPSA id r12sm17553997qax.35.2014.11.03.11.05.48 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Nov 2014 11:05:48 -0800 (PST) From: Stephen R Guglielmo X-Google-Original-From: Stephen R Guglielmo User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: ZFS Root Mount Failure Date: Mon, 03 Nov 2014 14:05:44 -0500 To: Erik Gustafson Message-ID: <889081AC-3AD0-403A-82E8-98CCF79F9CC8@gmail.com> Cc: FreeBSD Mailing list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 19:05:50 -0000 On October 29, 2014 4:49:55 AM EDT, Erik Gustafson wrote: >On Tue, Oct 28, 2014 at 10:40 PM, Stephen R Guglielmo >> wrote: > >> Hey list, >> >> I have a machine running ZFS on root. It stopped responding this >morning, >> and upon a reboot, it was unable to mount root from zfs:zroot. It >gave the >> explanation of "error 5." >> >> I played with the mount prompt briefly, but didn't get anywhere. Any >tips >> for diagnosing and fixing the problem? >> > >I had a similar issue recently. Error 5 on mount root. This was in >virtaulbox after some sort of unexpected shutdown. >To resolve i first made a snapshot in virtualbox >booted from freebsd-disc1.iso (install dvd) >zpool import >reboot (and boot from zroot) >zpool scrub > >zpool scrub said that i was going to loose some recently written data >(generated by nightly poudrire build) >I don't remember all, probably I needed some parameter to zpool import >but >all error messages were helpful it was quite easy to get it working >again. > >Good luck and don't forget the backup/snapshot Erik, Thanks for the help! I was able to boot from a FreeBSD 10 CD. I got into the LiveCD shell and imported the zpool with no problems. It said my 4 disks were online. I then rebooted, however I got the same error at the mountroot prompt: "Mounting from zfs:zroot failed with error 5." I'll try to play a bit more, maybe scrubbing it or something from the livecd. Thanks, Steve From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 19:39:31 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04859B18 for ; Mon, 3 Nov 2014 19:39:31 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C3CCDEEF for ; Mon, 3 Nov 2014 19:39:30 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-112.adsl.hiwaay.net [216.180.19.112]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA3JdSE7025870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Mon, 3 Nov 2014 13:39:29 -0600 Message-ID: <5457DB67.4010002@hiwaay.net> Date: Mon, 03 Nov 2014 13:45:43 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Postal Notification References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> <5457AA1D.5070602@hiwaay.net> <20141103182021.5748167b.freebsd@edvax.de> In-Reply-To: <20141103182021.5748167b.freebsd@edvax.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 19:39:31 -0000 On 11/03/14 11:20, Polytropon wrote: > On Mon, 03 Nov 2014 10:15:25 -0600, William A. Mahaffey III wrote: >> On 11/03/14 10:01, jd1008 wrote: >> >> >> I 2nd this motion. The #1 source of SPAM which makes it to my home PC >> (this FBSD 9.3p3 box) is crap going to this list, which I have >> whitelisted :-/ .... > This mailing list is public. It also is not being moderated. > However, you can easily filter spam on client side, for example, > if the messages contain HTML garbage, or certain keywords are > met. Filtering for certain X-Mailer strings is also possible. > If you don't want to do this in your MUA, you can use your > MTA to do this at an earlier stage (either by deleting the > offending messages, or simply denying to receive them). > > In my opinion, this is not even worth the time, as there > is only _few_ spam on this list (compared to others!) which > only requires a single DEL keypress to be deleted. In most > cases, the subject is fully sufficient to determine if this > action is required. This opinion illustrates that I'm a lazy > person who doesn't receive thousands of messages per day to > be bothered automating anything. ;-) > > > My ISP allows (Linux RHEL 5.n) shell access to their servers, & I have a 2100+ line procmail file doing *mucho* detailed keyword/header filtering. Filtering HTML would lose anyone I buy something from on Ebay or stuff from my brokers. My ISP has some pretty aggressive/effective filtering as well. I only get 2-3 SPAMs/month, but unfortunately almost *all* are from crap that leaks through on this list. Could the list white-list anyone who subscribes, then eliminate any SPAMmers once they rear their ugly heads ? I don't know what the solution is, & I think the list is fabulously managed overall, but these SPAMs are irritating .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 19:42:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DDF2CBEA for ; Mon, 3 Nov 2014 19:42:02 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A8A5BFA0 for ; Mon, 3 Nov 2014 19:42:02 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-112.adsl.hiwaay.net [216.180.19.112]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA3Jg06f027656 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Mon, 3 Nov 2014 13:42:01 -0600 Message-ID: <5457DC00.50108@hiwaay.net> Date: Mon, 03 Nov 2014 13:48:16 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: freebsd-questions@freebsd.org Subject: Re: Minor rpc question .... References: <20141104020556.J52402@sola.nimnet.asn.au> In-Reply-To: <20141104020556.J52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 19:42:03 -0000 On 11/03/14 11:25, Ian Smith wrote: > In freebsd-questions Digest, Vol 544, Issue 1, Message: 7 > On Sun, 02 Nov 2014 17:06:22 -0600 "William A. Mahaffey III" wrote: > > On 11/02/14 16:43, William A. Mahaffey III wrote: > > > On 11/02/14 11:12, Ian Smith wrote: > > >> William, I've just seen your response at > > >> http://lists.freebsd.org/pipermail/freebsd-questions/2014-November/262026.html > > >> > > >> but as I take questions@ as a digest, I won't get it here till tomorrow > > >> .. I should have asked you to cc me. > > Just got here. If you (or anyone) do respond to this, please cc me! > > Some spring pruning: > > > >> > 02500 18777 23476935 allow tcp from 192.168.0.0/16 to me > > >> > 65000 1795 424041 count ip from any to any > > >> > 65100 1371 269257 deny { tcp or udp } from any to any > > >> dst-port 111,137,138,513 in > > >> > > >> > w/ port 513 obviously being denied. However, I don't know where that > > >> > is happening :-/ & I thought rule 02500 would let all local traffic > > >> > through .... > > > >> Rule 2500 only allows tcp, rwho is udp - but 2500 is a bit sweeping > > >> anyway, perhaps best to enable specific services, even internally? > > >> > > >> Ah, yes - I see firewall_myservices and firewall_allowservices are only > > >> for TCP services. That's a strange omission, if I'm reading it right, > > >> especially re rpc. > > Well, well .. while browsing freebsd-current@ archives earlier, looking > for something else entirely, I came across this PR with commit to HEAD: > > Bug 194292 - Patch for adding firewall_myservices_tcp and > firewall_myservices_udp support to rc.conf: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194292 > > > >> Rather than fixing this properly now for UDP services, I'd just add into > > >> /etc/rc.firewall after what's now your 2500 or at any rate before 65000: > > >> > > >> ${fwcmd} allow udp from ${mynetwork} 513 to me 513 > > Turns out 'me' was an unfortunate choice for this service, see below .. > > > >> You're already enabling udp services outbound, statefully, which is why > > >> you can query other hosts. Now they'll be able to reach you too :) > > >> > > >> 'service ipfw restart' and you should be good to go. You could remove > > >> 513 from firewall_nologports - but now it'll already be passed by then. > > > > Well, I put that rule in & opened logging for that port & now I get > > > ruptime info from other boxen, however, I also get log traffic about > > > denied port 513 traffic: > > > > > > [root@kabini1, /etc, 4:34:01pm] 368 % service ipfw restart > > > net.inet.ip.fw.enable: 1 -> 0 > > > net.inet6.ip6.fw.enable: 1 -> 0 > > > Flushed all rules. > > > 00100 allow ip from any to any via lo0 > [.. as before ..] > > > 01100 check-state > > > 01200 allow tcp from me to any established > > > 01300 allow tcp from me to any setup keep-state > > > 01400 allow udp from me to any keep-state > > > 01500 allow icmp from me to any keep-state > [..] > > > 02500 allow tcp from 192.168.0.0/16 to me > > > 02600 allow udp from 192.168.0.0/24 513 to me dst-port 513 > [..] > > > 65500 deny log logamount 5000 ip from any to any > > > Firewall rules loaded. > > > [root@kabini1, /etc, 4:34:03pm] 369 % > > > > [root@kabini1, /etc, 4:37:13pm] 337 % ( tail -20 /var/log/security ; > > > date ) > > > Oct 30 11:00:00 kabini1 newsyslog[9861]: logfile turned over due to > > > size>100K > > > Oct 30 11:00:30 kabini1 kernel: ipfw: 65500 Deny UDP > > > 92.108.103.99:58507 192.168.0.27:63167 in via re0 > > > Oct 30 11:00:49 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > > > 224.0.0.22 out via re0 > > > Oct 30 11:00:52 kabini1 kernel: ipfw: 65500 Deny P:2 192.168.0.27 > > > 224.0.0.22 out via re0 > > Your box tries talking IGMP (see /etc/protocols) to a multicast port: > igmp 2 IGMP # internet group management protocol > I know nothing about IGMP, but see there's nothing here to permit it. > > > > Oct 30 11:01:16 kabini1 kernel: ipfw: 65500 Deny UDP 126.43.5.41:6881 > > > 192.168.0.27:63167 in via re0 > > Torrents, eh? You'll need rule/s allowing that, assuming you offer > inbound connections and that your upstream NAT router is forwarding a > chosen port to you. I had to do this for my daughter not long ago :) > and in 'workstation' it's another service - UDP and perhaps TCP too? - > that you'll need to allow inbound .. unicast, so 'me' would be ok. > > [.. more IGMP ..] > > > > Oct 31 10:16:03 kabini1 kernel: ipfw: 65500 Deny UDP 216.180.99.2:53 > > > 192.168.0.27:28277 in via re0 > > Likely a late response to a DNS query, not uncommon. You can adjust the > dynamic timeouts by sysctls if need be, see ipfw(8); the default for > net.inet.ip.fw.dyn_udp_lifetime=5 seconds, often insufficient for DNS. > > > > Nov 2 16:31:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:32:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:32:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:34:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:35:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:35:28 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.7:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:37:12 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.4:513 > > > 192.168.0.255:513 in via re0 > > > Nov 2 16:38:25 kabini1 kernel: ipfw: 65500 Deny UDP 192.168.0.9:513 > > > 192.168.0.255:513 in via re0 > > Right .. all of these are to 192.168.0.255, the broadcast address for > that /24. 'me' is defined as any address configured on an interface on > the system .. so apparently 'me' doesn't include the broadcast address, > assuming ifconfig shows you have re0 configured as 192.168.0.27/24 with > that broadcast address? > > > > Sun Nov 2 16:38:26 CST 2014 > > > [root@kabini1, /etc, 4:38:26pm] 337 % > > > > > > [wam@kabini1, ~, 9:03:43am] 330 % ruptime -a > > > Q6600 up 299+08:00, 6 users, load 0.03, > > > 0.04, 0.05 > > > athloncube up 45+21:08, 4 users, load 0.00, > > > 0.01, 0.05 > > > kabini1 up 23:01, 1 user, load 0.35, > > > 0.19, 0.10 > > > opty165a up 299+08:00, 4 users, load 0.00, > > > 0.00, 0.00 > > > [wam@kabini1, ~, 4:34:49pm] 330 % ruptime > > > Q6600 down 0:13 > > > athloncube down 0:14 > > > kabini1 up 23:07, 0 users, load 0.21, > > > 0.26, 0.16 > > > opty165a down 0:13 > > > [wam@kabini1, ~, 4:41:57pm] 331 % ruptime -a > > > Q6600 down 0:13 > > > athloncube down 0:14 > > > kabini1 up 23:07, 1 user, load 0.21, > > > 0.26, 0.16 > > > opty165a down 0:13 > > > [wam@kabini1, ~, 4:42:03pm] 332 % > > > > > > > > > err, well, I had it for a second :-/ .... > > I think your outbound queries (yes, to 192.168.0.255) got responses due > to the stateful UDP rule at 1400, but later, when you weren't querying > directly, other systems' broadcast queries were not being allowed in. > > > Sooooo tacky to self reply, but it seems warranted here. Using the ipfw > > command: > > > > ${fwcmd} add pass udp from 192.168.0.0/24 513 to 192.168.0.0/24 513 > > > > gets ruptime traffic in/out *and* cuts out extraneous logging .... Just > > for posterity :-) .... > > Yes that does it, because it allows packets in to the broadcast address. > Sorry I misled you with that 'me' rule; I didn't consider broadcasts, > even while knowing that's how rwhod has always worked :) I've rarely > used 'me', preferring to use specific addresses (including broadcast) > > cheers, Ian > No worries, you put me on the right track, so Thanks !!!! :-) .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 21:08:21 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 74ACBE41 for ; Mon, 3 Nov 2014 21:08:21 +0000 (UTC) Received: from land.berklix.org (land.berklix.org [144.76.10.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 03658AA8 for ; Mon, 3 Nov 2014 21:08:20 +0000 (UTC) Received: from mart.js.berklix.net (pD9FBF790.dip0.t-ipconnect.de [217.251.247.144]) (authenticated bits=128) by land.berklix.org (8.14.5/8.14.5) with ESMTP id sA3L4Tst026252 for ; Mon, 3 Nov 2014 21:04:33 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id sA3L7x4q039722 for ; Mon, 3 Nov 2014 22:07:59 +0100 (CET) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id sA3L7lWd036684 for ; Mon, 3 Nov 2014 22:07:59 +0100 (CET) (envelope-from jhs@berklix.com) Message-Id: <201411032107.sA3L7lWd036684@fire.js.berklix.net> To: freebsd-questions@freebsd.org Subject: Re: Postal Notification From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 03 Nov 2014 08:48:49 -0800." <5457B1F1.5000502@bluerosetech.com> Date: Mon, 03 Nov 2014 22:07:47 +0100 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 21:08:21 -0000 Darren Pilgrim wrote: > On 11/3/2014 8:01 AM, jd1008 wrote: > > Is there a way to PREVENT such spam??? > > The spam was sent through the mailing list. There is no way to stop > spammers from abusing mailing lists unless you make the list closed > access (which would utterly defeat the point of the FreeBSD MLs). That's painting it simple. There's various mail list types on @freebsd, inc. eg: Announce; Subscribers Only; Moderated=Censored jobs@; [etc?]. questions@ has discussed before if we should require subscription, (& if so, to reword /etc/motd to tell posters to subscribe first); A majority who expressed a preference did not want subscription required. (I was with a minority who did want it). > FreeBSD mail admin(s) actually do a pretty good job. These are very > old, very well known open lists and the spam rate is very low. Yes. Thanks to postmaster@freebsd team :-) Cheers, Julian -- Julian Stacey, BSD Linux Unix C Sys Eng Consultant Munich http://berklix.com Indent previous with "> ". Interleave reply paragraphs like a play script. Send plain text, not quoted-printable, HTML, base64, or multipart/alternative. From owner-freebsd-questions@FreeBSD.ORG Mon Nov 3 22:23:27 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A669587D for ; Mon, 3 Nov 2014 22:23:27 +0000 (UTC) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5DC5E36C for ; Mon, 3 Nov 2014 22:23:27 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.9/8.14.9) with ESMTP id sA3MNIbI092769 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 3 Nov 2014 15:23:18 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.9/8.14.9/Submit) with ESMTP id sA3MNIH2092766; Mon, 3 Nov 2014 15:23:18 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Mon, 3 Nov 2014 15:23:18 -0700 (MST) From: Warren Block To: "Julian H. Stacey" Subject: Re: Postal Notification In-Reply-To: <201411032107.sA3L7lWd036684@fire.js.berklix.net> Message-ID: References: <201411032107.sA3L7lWd036684@fire.js.berklix.net> User-Agent: Alpine 2.11 (BSF 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Mon, 03 Nov 2014 15:23:18 -0700 (MST) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Nov 2014 22:23:27 -0000 On Mon, 3 Nov 2014, Julian H. Stacey wrote: > Darren Pilgrim wrote: >> On 11/3/2014 8:01 AM, jd1008 wrote: >>> Is there a way to PREVENT such spam??? >> >> The spam was sent through the mailing list. There is no way to stop >> spammers from abusing mailing lists unless you make the list closed >> access (which would utterly defeat the point of the FreeBSD MLs). > > That's painting it simple. There's various mail list types on @freebsd, > inc. eg: Announce; Subscribers Only; Moderated=Censored jobs@; [etc?]. Agreed. Another way of looking at it is that by not requiring subscription and hence allowing some spammers, we are making the list less helpful to the very people who need it. There must be other open mailing lists out there, but they are extremely rare. > questions@ has discussed before if we should require subscription, > (& if so, to reword /etc/motd to tell posters to subscribe first); > > A majority who expressed a preference did not want subscription required. > (I was with a minority who did want it). I agree, it should be subscriber-only. While that will not eliminate abuse, it will help. And I would bet money that it will happen eventually, it's just a question of when. >> FreeBSD mail admin(s) actually do a pretty good job. These are very >> old, very well known open lists and the spam rate is very low. > > Yes. Thanks to postmaster@freebsd team :-) That is true. With almost no recognition, they do a difficult and tedious job. If it wouldn't add to the workload, I'd suggest sending them a thank you note. :) From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 00:00:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8C34BBE3; Tue, 4 Nov 2014 00:00:42 +0000 (UTC) Received: from mail.firstyear.id.au (ppp194-109.static.internode.on.net [203.122.194.109]) by mx1.freebsd.org (Postfix) with ESMTP id EE2F9E43; Tue, 4 Nov 2014 00:00:41 +0000 (UTC) Received: from [129.127.46.250] (ammy.its.adelaide.edu.au [129.127.46.250]) by mail.firstyear.id.au (Postfix) with ESMTPSA id 41C4C453C441; Tue, 4 Nov 2014 10:30:39 +1030 (ACDT) Message-ID: <1415059238.8321.12.camel@ammy.its.adelaide.edu.au> Subject: Re: Loader vs loader efi ficl incompatibility From: William To: Ed Maste Date: Tue, 04 Nov 2014 10:30:38 +1030 In-Reply-To: References: <1414622725.16625.22.camel@ammy.its.adelaide.edu.au> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.10.4 (3.10.4-4.fc20) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=1.3 required=5.0 tests=RDNS_NONE autolearn=no autolearn_force=no version=3.4.0 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lyra.ipa.blackhats.net.au Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 00:00:42 -0000 > > Are there differences in the ficl interpreter between loader and > > loader.efi? Is this perhaps a bug? > > The loader only includes inb and outb for i386 (the non-UEFI loader is > 32-bit for both i386 and amd64): > > #ifdef __i386__ > dictAppendWord(dp, "outb", ficlOutb, FW_DEFAULT); > dictAppendWord(dp, "inb", ficlInb, FW_DEFAULT); > #endif > > We'd need to make these available in the 64-bit loader.efi, although > I'd really like to have MBP support be handled automatically in the > loader itself. Hi I've done some testing and the following patch works to make outb and inb available on amd64. The main question and concern is that I'm A) Duplicating the code from i386 B) That I am enabling this by commenting out the ifdef. Is there an __amd64__ ifdef I can use? Or can we make outb / inb platform independent. I would assume they are coming from machine/cpufunc.h This of course lets me initially get the mac to boot, and I'm having some display issues now. These have been posted to the x11 mailing list. Going forwards you mention making the MBP support part of loader itself. Where in loader is hardware specific initialisation done? Any pointers on how to develop this support? svn diff Index: amd64/sysdep.c =================================================================== --- amd64/sysdep.c (revision 274065) +++ amd64/sysdep.c (working copy) @@ -15,6 +15,7 @@ #else #include #endif +#include #include "ficl.h" /* @@ -77,8 +78,37 @@ free(p); } +/* + * outb ( port# c -- ) + * Store a byte to I/O port number port# + */ +void +ficlOutb(FICL_VM *pVM) +{ + u_char c; + u_int32_t port; + port=stackPopUNS(pVM->pStack); + c=(u_char)stackPopINT(pVM->pStack); + outb(port,c); +} + /* + * inb ( port# -- c ) + * Fetch a byte from I/O port number port# + */ +void +ficlInb(FICL_VM *pVM) +{ + u_char c; + u_int32_t port; + + port=stackPopUNS(pVM->pStack); + c=inb(port); + stackPushINT(pVM->pStack,c); +} + +/* ** Stub function for dictionary access control - does nothing ** by default, user can redefine to guarantee exclusive dict ** access to a single thread for updates. All dict update code Index: ficl.h =================================================================== --- ficl.h (revision 274065) +++ ficl.h (working copy) @@ -1113,10 +1113,10 @@ ** Various FreeBSD goodies */ -#if defined(__i386__) && !defined(TESTMAIN) +/* #if defined(__i386__) && !defined(TESTMAIN) -- Is there an __amd64__ I can use here? */ extern void ficlOutb(FICL_VM *pVM); extern void ficlInb(FICL_VM *pVM); -#endif +/* #endif */ extern void ficlSetenv(FICL_VM *pVM); extern void ficlSetenvq(FICL_VM *pVM); Index: loader.c =================================================================== --- loader.c (revision 274065) +++ loader.c (working copy) @@ -786,10 +786,10 @@ dictAppendWord(dp, "findfile", ficlFindfile, FW_DEFAULT); dictAppendWord(dp, "ccall", ficlCcall, FW_DEFAULT); #ifndef TESTMAIN -#ifdef __i386__ +/* #ifdef __i386__ -- Is there an __amd64__ I can use here? */ dictAppendWord(dp, "outb", ficlOutb, FW_DEFAULT); dictAppendWord(dp, "inb", ficlInb, FW_DEFAULT); -#endif +/* #endif */ #ifdef HAVE_PNP dictAppendWord(dp, "pnpdevices",ficlPnpdevices, FW_DEFAULT); dictAppendWord(dp, "pnphandlers",ficlPnphandlers, FW_DEFAULT); From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 02:50:17 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6FD7FC1F; Tue, 4 Nov 2014 02:50:17 +0000 (UTC) Received: from mail-pa0-x22a.google.com (mail-pa0-x22a.google.com [IPv6:2607:f8b0:400e:c03::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 420CDFC2; Tue, 4 Nov 2014 02:50:17 +0000 (UTC) Received: by mail-pa0-f42.google.com with SMTP id bj1so13462232pad.15 for ; Mon, 03 Nov 2014 18:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lPzs1yQG6gd/utrhHtGtOoSEpGhCuszA48CIH+i+pns=; b=nQiALw/8+Hs+bG+GLkwi5VBUWYA/6c07NvBUJ8QMYpLNEJlaFLd3t5xgAdbA7DZvzB IDqjGu3jSNtt8bEch12rPQ6kysQAfkbLaHCyutLMQczn4EevTsTnOAMgeLCbPNdbLI3K lngXXOLO7A77M9uhYouexFIQIOmqCrvs6ByFK3ExnuKMOojW9zs9HS30KkJP1nSOlCo2 LvBSeDOWPUw/uWnubjyhm9XkP/azMIbxLnGy/5EBeuG7/69Nw+wPsK4Ku4h+K03QNCIz PqGgQaCU3+W92i/FxCjTOMgaSuU5jQJevLKWv7gJE7rBQRUT+cDev/mWUIBLowy2F80T 06mg== MIME-Version: 1.0 X-Received: by 10.70.88.165 with SMTP id bh5mr9291068pdb.51.1415069416780; Mon, 03 Nov 2014 18:50:16 -0800 (PST) Received: by 10.70.22.98 with HTTP; Mon, 3 Nov 2014 18:50:16 -0800 (PST) In-Reply-To: References: Date: Mon, 3 Nov 2014 20:50:16 -0600 Message-ID: Subject: Re: Trouble installing on uefi machine From: Brian Wood To: Ed Maste Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 02:50:17 -0000 On Thu, Oct 23, 2014 at 2:47 PM, Ed Maste wrote: > > > >> On Sat, Oct 4, 2014 at 2:27 PM, Brian Wood > wrote: > >> > >> The second to the last line is: > >> > >> module_register_init: MOD_LOAD (vesa, 0xffffffff80d92410, 0) error 19 > >> > >> Is there any advice other than waiting for RC3? > >> > >> > >> > > I tried it with FreeBSD-10.1-RC3-amd64-uefi-memstick.img > > and it still hangs. > > I missed the beginning of this thread, but you won't want vesa w/ > UEFI. Did you do anything specific that's trying to load vesa? > Not that I know of. I used dd to put the img file onto a thumb drive. Then I booted the machine from the thumb drive. I've tried FreeBSD-10.1-RC4-amd64-uefi-memstick.img now and it hangs the same way as the previous versions. -- Brian Ebenezer Enterprises - So far G-d has helped us. http://webEbenezer.net From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 02:58:45 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 26097D61 for ; Tue, 4 Nov 2014 02:58:45 +0000 (UTC) Received: from relay.mailchannels.net (nov-007-i632.relay.mailchannels.net [46.232.183.186]) by mx1.freebsd.org (Postfix) with ESMTP id 11696119 for ; Tue, 4 Nov 2014 02:58:41 +0000 (UTC) X-Sender-Id: _forwarded-from|120.29.118.156 Received: from mail-24.name-services.com (ip-10-213-14-133.us-west-2.compute.internal [10.213.14.133]) by relay.mailchannels.net (Postfix) with ESMTPA id 69AC010005F; Tue, 4 Nov 2014 00:34:34 +0000 (UTC) X-Sender-Id: _forwarded-from|120.29.118.156 Received: from mail-24.name-services.com (mail-24.name-services.com [10.232.17.254]) (using TLSv1 with cipher AES128-SHA) by 0.0.0.0:2500 (trex/5.3.2); Tue, 04 Nov 2014 00:34:40 GMT X-MC-Relay: Forwarding X-MailChannels-SenderId: _forwarded-from|120.29.118.156 X-MailChannels-Auth-Id: demandmedia X-MC-Loop-Signature: 1415061277048:2118984574 X-MC-Ingress-Time: 1415061277047 Received: from [192.168.111.107] (UnknownHost [120.29.118.156]) by mail-24.name-services.com with SMTP; Mon, 3 Nov 2014 16:34:27 -0800 Message-ID: <54581F0E.4080404@a1poweruser.com> Date: Tue, 04 Nov 2014 08:34:22 +0800 From: Fbsd8 User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Hasse Hansson Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> In-Reply-To: <20141102154444.GA42429@ymer.thorshammare.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 02:58:45 -0000 Hasse Hansson wrote: > Hello > > uname -a > FreeBSD ymer.thorshammare.org 10.1-RC3 FreeBSD 10.1-RC3 #0 r273437: Wed Oct 22 01:27:10 UTC 2014 > root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 > > I have a bit problems to get some bots blocked. I'm running pf and sshguard. Even tried fail2ban > Below is a snippet from my auth.log showing sshguard blocking som IPs, but nor the bot scans. > Both tables abusers and sshguard are empty and allways was. > This junk is filling up my logfiles. > Any clues what I'm doing wrong or missing ? > > I'm running two crontabs : > # Sshguard > 0/1 * * * * root pfctl -t sshguard -T show >/etc/sshguard 2>/dev/null > # > # Bruteforce ssh > 0/2 * * * * root pfctl -t abusers -T show >/etc/abusers 2>/dev/null > > > In /etc/ssh/sshd_config I've uncommented : > Port 22 > AddressFamily any > Protocol 2 > SyslogFacility AUTH > LogLevel INFO > > # Authentication: > > LoginGraceTime 1m > PermitRootLogin no > StrictModes yes > MaxAuthTries 5 > MaxSessions 10 > > PasswordAuthentication no > PermitEmptyPasswords no > ChallengeResponseAuthentication no > > MaxStartups 10:30:100 > > In my /etc/rc.conf I have : > pf_enable="YES" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > sshguard_enable="YES" > sshguard_safety_thresh="30" > sshguard_pardon_min_interval="600" > sshguard_prescribe_interval="7200" > > In /etc/pf.conf : > ext_if="fxp0" > int_if="xl0" > webports="{ http, https }" > > table counters persist > table persist > > set skip on lo > scrub in > > block in > pass out > > block quick from to any > block drop in log quick on $ext_if inet from to any > > pass in on $ext_if proto tcp to any port ssh flags S/SA keep state (max-src-conn 10, max-src-conn-rate 2/120, overload flush) > > antispoof quick for { lo $ext_if $int_if } > > pass in on $ext_if proto tcp to ($ext_if) port ssh > pass in log on $ext_if proto tcp to ($ext_if) port smtp > pass out log on $ext_if proto tcp from ($ext_if) to port smtp > pass in log on $ext_if proto tcp to ($ext_if) port $webports > pass out log on $ext_if proto tcp from ($ext_if) to port $webports > > pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex } > > > Nov 2 07:51:13 ymer sshguard[19225]: Blocking 103.27.24.106:4 for >900secs: 30 danger in 3 attacks over 18 seconds (all: 30d in 1 abuses over 18s). > Nov 2 10:35:35 ymer sshguard[19225]: Blocking 60.190.71.52:4 for >900secs: 30 danger in 3 attacks over 8 seconds (all: 30d in 1 abuses over 8s). > Nov 2 11:09:50 ymer sshguard[19225]: Blocking 122.225.97.105:4 for >900secs: 30 danger in 3 attacks over 65 seconds (all: 30d in 1 abuses over 65s). > Nov 2 13:10:52 ymer sshguard[19225]: Blocking 50.30.32.19:4 for >900secs: 30 danger in 3 attacks over 4 seconds (all: 30d in 1 abuses over 4s). > Nov 2 14:34:55 ymer sshguard[19225]: Blocking 61.174.51.212:4 for >900secs: 30 danger in 3 attacks over 69 seconds (all: 30d in 1 abuses over 69s). > > Nov 2 16:32:09 ymer sshd[42957]: Connection from 202.109.143.110 port 3453 on 192.168.1.2 port 22 > Nov 2 16:32:13 ymer sshd[42957]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:32:14 ymer sshd[42959]: Connection from 202.109.143.110 port 2838 on 192.168.1.2 port 22 > Nov 2 16:32:17 ymer sshd[42959]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:32:21 ymer sshd[42961]: Connection from 202.109.143.110 port 3611 on 192.168.1.2 port 22 > Nov 2 16:32:34 ymer sshd[42961]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:32:41 ymer sshd[42963]: Connection from 202.109.143.110 port 2507 on 192.168.1.2 port 22 > Nov 2 16:32:48 ymer sshd[42963]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:32:49 ymer sshd[42965]: Connection from 202.109.143.110 port 4650 on 192.168.1.2 port 22 > Nov 2 16:32:52 ymer sshd[42965]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:32:52 ymer sshd[42967]: Connection from 202.109.143.110 port 4650 on 192.168.1.2 port 22 > Nov 2 16:33:01 ymer sshd[42967]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:33:02 ymer sshd[42983]: Connection from 202.109.143.110 port 4316 on 192.168.1.2 port 22 > Nov 2 16:33:12 ymer sshd[42983]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:33:18 ymer sshd[42985]: Connection from 202.109.143.110 port 2539 on 192.168.1.2 port 22 > Nov 2 16:33:27 ymer sshd[42985]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:33:28 ymer sshd[42987]: Connection from 202.109.143.110 port 4555 on 192.168.1.2 port 22 > Nov 2 16:33:35 ymer sshd[42987]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:33:38 ymer sshd[42989]: Connection from 202.109.143.110 port 3164 on 192.168.1.2 port 22 > Nov 2 16:33:43 ymer sshd[42989]: Disconnecting: Too many authentication failures for root [preauth] > Nov 2 16:33:43 ymer sshd[42991]: Connection from 202.109.143.110 port 4749 on 192.168.1.2 port 22 > Nov 2 16:33:52 ymer sshd[42991]: fatal: Read from socket failed: Connection reset by peer [preauth] > > > Best Regards > Hasse. You are being attacked by script kiddies and bots, they scan a whole ip address range looking for open port 22 and when its found they start their login attack. Changing ssh to use some other port number will stop this attack all together. I changed ssh to use port '4422' 25 years ago and no attacks since. Another way is to use the port named 'knock' to temporary open port 22 if proceeded by knock From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 05:38:00 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9F19D303 for ; Tue, 4 Nov 2014 05:38:00 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F54B170 for ; Tue, 4 Nov 2014 05:37:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id sA45biYv027594; Tue, 4 Nov 2014 16:37:45 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 4 Nov 2014 16:37:44 +1100 (EST) From: Ian Smith To: Gary Aitken Subject: Re: natd not translating? In-Reply-To: Message-ID: <20141104160325.W52402@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 05:38:00 -0000 In freebsd-questions Digest, Vol 544, Issue 1, Message: 9 On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" wrote: > Hi all, > > I'm trying to set up natd and can't for the life of me figure out > what's wrong with my config. > > natd.conf: > > use_sockets > same_ports > unregistered_only > verbose > alias_address 66.109.141.60 > > What I see: > In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to > [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) > > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60? Hi Gary, Not enough information to have any idea how your NAT box is setup. Need to know the inside and outside interface addresses (eg ifconfig); ipfw rules, especially around those invoking natd (divert rule/s) and where these are placed in your ruleset; who/where is 192.168.1.2, is 66.109.141.60 always your assigned public IP address, freebsd version? cheers, Ian (please cc me, I take questions@ as a digest) From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 08:43:24 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 82C7FA18 for ; Tue, 4 Nov 2014 08:43:24 +0000 (UTC) Received: from exprod7og123.obsmtp.com (exprod7og123.obsmtp.com [64.18.2.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F060C7AF for ; Tue, 4 Nov 2014 08:43:23 +0000 (UTC) Received: from mail-wi0-f172.google.com ([209.85.212.172]) (using TLSv1) by exprod7ob123.postini.com ([64.18.6.12]) with SMTP ID DSNKVFiRpJA64cFBnrdr8i5caBAzPYP+ypM5@postini.com; Tue, 04 Nov 2014 00:43:24 PST Received: by mail-wi0-f172.google.com with SMTP id bs8so8694272wib.5 for ; Tue, 04 Nov 2014 00:43:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:thread-index:date:message-id :subject:to:content-type; bh=AvcwZJa5EEbTSB95v94kmP7xvLNhIpAdX/0hiz+hsj8=; b=bAQ2ISnZXAJO7KCSCgy6HQZRVy38VmzKUpqdk4KD1eU3fNHEQq5GFb/GInGFxy7PcD pl0gy9endkE2SnK7Ynq0kIxvRk9nSHpJQCrR3YL320XlT+SRaQroBls3WPDxgasZR8tC 7laJCajEOpAIorihKExfrfRYUQY+UeG2prAdyNfpA3xCalORjfAdcDy4VBn9E4LMlU54 sZW7xzjclleGrZbq9YD2s1rPCgrTkjuhBOKGQ2Y0Ffe0px1F7JKeZYzrrl+2FSuWMobj br1xsXCVaT8wtgl+e/w8GCbg65BEmY0mk5e6aVw6zdsihERIRqvvzorQUi2pqhR0RxdH kFNA== X-Received: by 10.180.73.7 with SMTP id h7mr21713887wiv.83.1415084329736; Mon, 03 Nov 2014 22:58:49 -0800 (PST) X-Gm-Message-State: ALoCoQlTMm08MZhN/jwX7838HFIdYNsu4p4ft4Z5EDeY02A2tYNZhgRGYZZJT+pQVXvLCV6ZAD5Bj0b7fmszbViWxpFgEqVLIVEaqcprPc8gxwD+Q95rojNF+aoW2pgls0jNEVzoKVwAkjyK7ZJqwZ50YwLqh1tMZmJEPnozNvVKkVrKY1OPiJQ= X-Received: by 10.180.73.7 with SMTP id h7mr21713871wiv.83.1415084329609; Mon, 03 Nov 2014 22:58:49 -0800 (PST) From: Sibananda Sahu MIME-Version: 1.0 X-Mailer: Microsoft Outlook 14.0 Thread-Index: Ac/3/MavdJxczJPmThKj73Xm3bWhuQ== Date: Tue, 4 Nov 2014 12:28:48 +0530 Message-ID: Subject: Open file descriptor reference count implementation in driver To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 08:43:24 -0000 Hi, Can anybody suggest how can I implement the Open file descriptor reference count in a freebsd driver??? I have looked up at certain places in the cdev structure(sys/conf.h) and found two integer values: Int si_refcount; Int si_usecount; I think these are the stuffs useful for me. Can somebody explain what are the significance of the above mentioned integer values inside the cdev structure? Any help would be greatly appreciated. Thanks, Sibananda Sahu From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 11:22:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 512F8D79 for ; Tue, 4 Nov 2014 11:22:29 +0000 (UTC) Received: from smtprelay-h21.telenor.se (smtprelay-h21.telenor.se [195.54.99.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BFB65E77 for ; Tue, 4 Nov 2014 11:22:28 +0000 (UTC) Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-h21.telenor.se (Postfix) with ESMTP id 3AF76C5E2 for ; Tue, 4 Nov 2014 12:02:20 +0100 (CET) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AgIHAEGxWFRT4+F5PGdsb2JhbABcgw5UWM5Yh1ECgSIXAQEBAQEBBQEBAQE4O4QCAQEBAQIBViMQCxgJDQEXDwUZDAoaE4g4DQHLfAEBAQcBAQEBAR2KdIYcBxIBgxqBHgWWb4Q6gl0BgTE9hkGKF4gCPC8BgQUCBxcEgSEBAQE X-IPAS-Result: AgIHAEGxWFRT4+F5PGdsb2JhbABcgw5UWM5Yh1ECgSIXAQEBAQEBBQEBAQE4O4QCAQEBAQIBViMQCxgJDQEXDwUZDAoaE4g4DQHLfAEBAQcBAQEBAR2KdIYcBxIBgxqBHgWWb4Q6gl0BgTE9hkGKF4gCPC8BgQUCBxcEgSEBAQE X-IronPort-AV: E=Sophos;i="5.07,312,1413237600"; d="scan'208";a="676663197" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO ymer.thorshammare.org) ([83.227.225.121]) by ipb4.telenor.se with ESMTP; 04 Nov 2014 12:02:08 +0100 Received: from ymer.thorshammare.org (localhost [127.0.0.1]) by ymer.thorshammare.org (8.14.9/8.14.9) with ESMTP id sA4B23rk037408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 4 Nov 2014 12:02:07 +0100 (CET) (envelope-from hasse@ymer.thorshammare.org) Received: (from hasse@localhost) by ymer.thorshammare.org (8.14.9/8.14.9/Submit) id sA4B22jH037407; Tue, 4 Nov 2014 12:02:02 +0100 (CET) (envelope-from hasse) Date: Tue, 4 Nov 2014 12:02:02 +0100 From: Hasse Hansson To: Fbsd8 Subject: Re: sshguard pf Message-ID: <20141104110202.GA37003@ymer.thorshammare.org> References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <54581F0E.4080404@a1poweruser.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 11:22:29 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 04, 2014 at 08:34:22AM +0800, Fbsd8 wrote: > Hasse Hansson wrote: > > Hello > >=20 > > uname -a > > FreeBSD ymer.thorshammare.org 10.1-RC3 FreeBSD 10.1-RC3 #0 r273437: Wed= Oct 22 01:27:10 UTC 2014=20 > > root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 > >=20 > > I have a bit problems to get some bots blocked. I'm running pf and sshg= uard. Even tried fail2ban > > Below is a snippet from my auth.log showing sshguard blocking som IPs, = but nor the bot scans. > > Both tables abusers and sshguard are empty and allways was. > > This junk is filling up my logfiles.=20 > > Any clues what I'm doing wrong or missing ?=20 > >=20 > > I'm running two crontabs : > > # Sshguard > > 0/1 * * * * root pfctl -t sshguard -T show = >/etc/sshguard 2>/dev/null > > # > > # Bruteforce ssh > > 0/2 * * * * root pfctl -t abusers -T show >= /etc/abusers 2>/dev/null > >=20 > >=20 > > In /etc/ssh/sshd_config I've uncommented : > > Port 22 > > AddressFamily any > > Protocol 2 > > SyslogFacility AUTH > > LogLevel INFO > >=20 > > # Authentication: > >=20 > > LoginGraceTime 1m > > PermitRootLogin no > > StrictModes yes > > MaxAuthTries 5 > > MaxSessions 10 > >=20 > > PasswordAuthentication no > > PermitEmptyPasswords no > > ChallengeResponseAuthentication no > >=20 > > MaxStartups 10:30:100 > >=20 > > In my /etc/rc.conf I have : > > pf_enable=3D"YES" > > pflog_enable=3D"YES" > > pflog_logfile=3D"/var/log/pflog" > > sshguard_enable=3D"YES" > > sshguard_safety_thresh=3D"30" > > sshguard_pardon_min_interval=3D"600" > > sshguard_prescribe_interval=3D"7200" > >=20 > > In /etc/pf.conf : > > ext_if=3D"fxp0" > > int_if=3D"xl0" > > webports=3D"{ http, https }" > >=20 > > table counters persist > > table persist > >=20 > > set skip on lo > > scrub in > >=20 > > block in > > pass out > >=20 > > block quick from to any > > block drop in log quick on $ext_if inet from to any > >=20 > > pass in on $ext_if proto tcp to any port ssh flags S/SA keep state (max= -src-conn 10, max-src-conn-rate 2/120, overload flush) > >=20 > > antispoof quick for { lo $ext_if $int_if } > >=20 > > pass in on $ext_if proto tcp to ($ext_if) port ssh > > pass in log on $ext_if proto tcp to ($ext_if) port smtp > > pass out log on $ext_if proto tcp from ($ext_if) to port smtp > > pass in log on $ext_if proto tcp to ($ext_if) port $webports > > pass out log on $ext_if proto tcp from ($ext_if) to port $webports > >=20 > > pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { un= reach, redir, timex } > >=20 > > > > Nov 2 07:51:13 ymer sshguard[19225]: Blocking 103.27.24.106:4 for >900= secs: 30 danger in 3 attacks over 18 seconds (all: 30d in 1 abuses over 18s= ). > > Nov 2 10:35:35 ymer sshguard[19225]: Blocking 60.190.71.52:4 for >900s= ecs: 30 danger in 3 attacks over 8 seconds (all: 30d in 1 abuses over 8s). > > Nov 2 11:09:50 ymer sshguard[19225]: Blocking 122.225.97.105:4 for >90= 0secs: 30 danger in 3 attacks over 65 seconds (all: 30d in 1 abuses over 65= s). > > Nov 2 13:10:52 ymer sshguard[19225]: Blocking 50.30.32.19:4 for >900se= cs: 30 danger in 3 attacks over 4 seconds (all: 30d in 1 abuses over 4s). > > Nov 2 14:34:55 ymer sshguard[19225]: Blocking 61.174.51.212:4 for >900= secs: 30 danger in 3 attacks over 69 seconds (all: 30d in 1 abuses over 69s= ). > >=20 > > Nov 2 16:32:09 ymer sshd[42957]: Connection from 202.109.143.110 port = 3453 on 192.168.1.2 port 22 > > Nov 2 16:32:13 ymer sshd[42957]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:32:14 ymer sshd[42959]: Connection from 202.109.143.110 port = 2838 on 192.168.1.2 port 22 > > Nov 2 16:32:17 ymer sshd[42959]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:32:21 ymer sshd[42961]: Connection from 202.109.143.110 port = 3611 on 192.168.1.2 port 22 > > Nov 2 16:32:34 ymer sshd[42961]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:32:41 ymer sshd[42963]: Connection from 202.109.143.110 port = 2507 on 192.168.1.2 port 22 > > Nov 2 16:32:48 ymer sshd[42963]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:32:49 ymer sshd[42965]: Connection from 202.109.143.110 port = 4650 on 192.168.1.2 port 22 > > Nov 2 16:32:52 ymer sshd[42965]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:32:52 ymer sshd[42967]: Connection from 202.109.143.110 port = 4650 on 192.168.1.2 port 22 > > Nov 2 16:33:01 ymer sshd[42967]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:33:02 ymer sshd[42983]: Connection from 202.109.143.110 port = 4316 on 192.168.1.2 port 22 > > Nov 2 16:33:12 ymer sshd[42983]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:33:18 ymer sshd[42985]: Connection from 202.109.143.110 port = 2539 on 192.168.1.2 port 22 > > Nov 2 16:33:27 ymer sshd[42985]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:33:28 ymer sshd[42987]: Connection from 202.109.143.110 port = 4555 on 192.168.1.2 port 22 > > Nov 2 16:33:35 ymer sshd[42987]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:33:38 ymer sshd[42989]: Connection from 202.109.143.110 port = 3164 on 192.168.1.2 port 22 > > Nov 2 16:33:43 ymer sshd[42989]: Disconnecting: Too many authenticatio= n failures for root [preauth] > > Nov 2 16:33:43 ymer sshd[42991]: Connection from 202.109.143.110 port = 4749 on 192.168.1.2 port 22 > > Nov 2 16:33:52 ymer sshd[42991]: fatal: Read from socket failed: Conne= ction reset by peer [preauth] > > > >=20 > > Best Regards > > Hasse. >=20 > You are being attacked by script kiddies and bots, they scan a whole ip= =20 > address range looking for open port 22 and when its found they start=20 > their login attack. Changing ssh to use some other port number will stop= =20 > this attack all together. I changed ssh to use port '4422' 25 years ago= =20 > and no attacks since. Another way is to use the port named 'knock' to=20 > temporary open port 22 if proceeded by knock >=20 Thank you Fbsd8 for your answer. I'm aware of changing port for ssh, but I see it as a little bit of "giving= up" Gotta be some rather easy way of just blocking those attacks. Other than bl= ocking whole of CN and half of Asia. I've tried that too. It stopped the attacks a= nd gave me some room to think it over. But I still wonder why sshguard or pf don't block those attacks. shguard does it job on other probes, but not the root logins. PF doesn't se= em to do much at all. Probably my settings somewhere, but I can't figure out where. A wild guess from my side is that sshguard are using hosts.allow instead of= pf. Well, it doesn't do much harm other than cluttering up my logfiles anyway. I'll se if I have better luck with Ossec-hids. /hasse PS. Checked up on my installation of sshguard. Appearingly I missed the switch = pf. It's now properly installed showing up as "sshguard-pf-1.5_6" and immediately got a chance to test it. It's working. root@ymer:/var/log # pfctl -t sshguard -T show No ALTQ support in kernel ALTQ related functions disabled 61.174.51.208 --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUWLIqAAoJELatlRZF6goTLn0H/0JMZyH76HccN81Xt/Lq44Yq wKsWsMV9hNWWSNvykDzg8l59FnJ1fjeB1uuyuIbOUSoAsPpN1qPzqZsLKwnGrjzZ BSufbJ9abdp7jpWxyJ7V91yevlRwGHH/AIYJM8RaO9ZiY1cWNOfMOHCFsalovoou GD+FYQzfMNT042fkA7a/1UlcvuQQZborHCTyXIvW3yGRs94KNX5Maj7rrDanRZUP FxPgccl7NVyAL9NQhtQ9il20mSoEoFWeCpRjLtYXOzUcTTp1YxriA+xcFrtLjRhD hukpjdr81HFf4H3bFfgneAhvBr6dClLGv3f6+ykc+ZpDj7k9/Ysth8P9ZsdZqa4= =W6df -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE-- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 11:53:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E461647 for ; Tue, 4 Nov 2014 11:53:03 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0CB3D251 for ; Tue, 4 Nov 2014 11:53:02 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XlcfM-0000lQ-9U for freebsd-questions@freebsd.org; Tue, 04 Nov 2014 12:52:52 +0100 Received: from vps.jonz.net ([216.17.42.59]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 04 Nov 2014 12:52:52 +0100 Received: from SPAM_TRAP_gmane by vps.jonz.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 04 Nov 2014 12:52:52 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Jonesy Subject: Re: sshguard pf Date: Tue, 4 Nov 2014 11:52:40 +0000 (UTC) Lines: 17 Message-ID: References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: vps.jonz.net User-Agent: slrn/1.0.1 (FreeBSD) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 11:53:03 -0000 On Tue, 04 Nov 2014 08:34:22 +0800, Fbsd8 wrote: > > You are being attacked by script kiddies and bots, they scan a whole ip > address range looking for open port 22 and when its found they start > their login attack. > Changing ssh to use some other port number will stop > this attack all together. I changed ssh to use port '4422' 25 years ago > and no attacks since. +1 I changed the ssh port number here several years ago and the problem went from 50-100 per day (even _with_ sshguard) to zero, zip, zilch. Jonesy From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 11:54:44 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E748972E for ; Tue, 4 Nov 2014 11:54:44 +0000 (UTC) Received: from outbound.ifdnrg.com (outbound.ifdnrg.com [193.200.98.38]) by mx1.freebsd.org (Postfix) with ESMTP id 8A50D26E for ; Tue, 4 Nov 2014 11:54:43 +0000 (UTC) Received: from [192.168.1.11] (host-78-148-104-204.as13285.net [78.148.104.204]) (authenticated bits=0) by outbound.ifdnrg.com (8.14.9/8.14.5) with ESMTP id sA4BZjUv091614 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 4 Nov 2014 11:35:46 GMT (envelope-from paul@ifdnrg.com) X-Authentication-Warning: outbound.ifdnrg.com: Host host-78-148-104-204.as13285.net [78.148.104.204] claimed to be [192.168.1.11] Message-ID: <5458BA0F.3010008@ifdnrg.com> Date: Tue, 04 Nov 2014 11:35:43 +0000 From: Paul Macdonald User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> In-Reply-To: <20141104110202.GA37003@ymer.thorshammare.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 11:54:45 -0000 On 04/11/2014 11:02, Hasse Hansson wrote: > Thank you Fbsd8 for your answer. > I'm aware of changing port for ssh, but I see it as a little bit of "givingup" > Gotta be some rather easy way of just blocking those attacks. Other than blocking > whole of CN and half of Asia. I've tried that too. It stopped the attacks and gave > me some room to think it over. the easy IS to change your ssh port, seriously it'll all just go away -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07970339546 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA ---------------------------------------------------- High Specification Dedicated Servers from £100.00pm ---------------------------------------------------- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 13:28:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0143FAD for ; Tue, 4 Nov 2014 13:28:29 +0000 (UTC) Received: from mail-ig0-x246.google.com (mail-ig0-x246.google.com [IPv6:2607:f8b0:4001:c05::246]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 694C91C1 for ; Tue, 4 Nov 2014 13:28:29 +0000 (UTC) Received: by mail-ig0-f198.google.com with SMTP id hl2so37078785igb.5 for ; Tue, 04 Nov 2014 05:28:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:message-id:date:subject:from:to:content-type; bh=vZ0fS7ET9FkI6HmXNo8SSJz1pKHM56fdInp7YrWNBnI=; b=znE21jHk2Pusc+0bAGYziq+n7fS3dD6Al2J2+BfAIwLXbmIKc24ay5Q6j7+fEs6WE9 voPFVIUU1+cWBUWbPYZeETBn8hXKeybsX1K8jXSvpIRFXdVEHXGQFr8T3ktEbUbgelQ8 avwD+xSEnDJFGGGum0RyMkd/D0xfT5yw1HXGrY7KeIfDs+d9MNEhJmHp5iw6Tn03YNeH qmcJj0nmyZdDa7npBPpxbNb+7LRlTBiEg+7ZZBZZ0qmB1F8ob2R6q7B0G5SGz1X3Wkz0 AL69GXlit38TMk+MITonWKh7l5wPI9sj+R0EqW9CTH++N/HGnxGYBz5ST/7vosSmAbFG pfvw== MIME-Version: 1.0 X-Received: by 10.182.168.114 with SMTP id zv18mr27327191obb.23.1415107708706; Tue, 04 Nov 2014 05:28:28 -0800 (PST) Message-ID: Date: Tue, 04 Nov 2014 13:28:28 +0000 Subject: Freebsddiary.org - audit report now available From: Alex Jonathan To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 13:28:29 -0000 Dear owner of Freebsddiary.org, I'm sure you have been contacted in this matter many times before but our value proposition is much different. We show the client results before we ask for any further commitment. As a business owner you might be interested to gain profit by placing your website among top in search engines. Your website needs immediate improvement for some major issues with your website. -Low online presence for many competitive keyword phrases -Unorganized social media accounts -Not compatible with all mobile devices -Many bad back links to your website I have selected your website Freebsddiary.org and prepared a FREE website audit report. This is for you, completely free at no charge. If my proposal sound's interesting for your business goal, feel free to email me, or can provide me with your phone number and the best time to call you. I am also available for an online meeting to present you this website audit report. I look forward to hearing from you - thanks! Best Regards, *Alex Jonathan* Marketing Consultant PS: I am not spamming. I have studied your website, prepared an audit report and believe I can help with your business promotion. If you still want us to not contact you, you can ignore this email or ask to remove and I will not contact again. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 14:26:20 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D4A17C7 for ; Tue, 4 Nov 2014 14:26:20 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A115EAF8 for ; Tue, 4 Nov 2014 14:26:20 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-58.adsl.hiwaay.net [216.180.19.58]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA4EQI7r032024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 4 Nov 2014 08:26:19 -0600 Message-ID: <5458E382.5090101@hiwaay.net> Date: Tue, 04 Nov 2014 08:32:34 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: "FreeBSD Questions !!!!" Subject: puzzling X11/mouse problem .... Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 14:26:20 -0000 I have had 2 instances in the last 3 days of my mouse locking up requiring a reboot to get it back. I am running XFCE desktop under FBSD 9.3-p3: [root@kabini1, /etc, 7:28:57am] 324 % uname -a FreeBSD kabini1.local 9.3-RELEASE-p3 FreeBSD 9.3-RELEASE-p3 #0: Mon Oct 20 15:08:33 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 [root@kabini1, /etc, 8:29:05am] 325 % XFCE: xfce-4.10_6, X11: libX11-1.6.2_2,1 [root@kabini1, /etc, 8:29:32am] 326 % grep -i xf86 LIST.installed.txt libXxf86dga-1.1.4_2 X DGA Extension libXxf86misc-1.0.3_2 X XF86-Misc Extension libXxf86vm-1.1.3_2 X Vidmode Extension xf86-input-keyboard-1.8.0_6 X.Org keyboard input driver xf86-input-mouse-1.9.0_5 X.Org mouse input driver xf86-video-ati-7.2.0_4 X.Org ati display driver xf86-video-intel-2.21.15_4 Driver for Intel integrated graphics chipsets xf86-video-mach64-6.9.4_4 X.Org mach64 display driver xf86-video-nv-2.1.20_5 X.Org nv display driver xf86-video-openchrome-0.3.3_4 X.Org openChrome display driver xf86-video-r128-6.9.2_4 X.Org r128 display driver xf86-video-vesa-2.3.3_4 X.Org vesa display driver xf86dga-1.0.3_1 Test program for the XFree86-DGA extension xf86dgaproto-2.1 XFree86-DGA extension headers xf86driproto-2.1.1 XFree86-DRI extension headers xf86miscproto-0.9.3 XFree86-Misc extension headers xf86vidmodeproto-2.3.1 XFree86-VidModeExtension extension headers [root@kabini1, /etc, 8:30:10am] 327 % Anything else needed to help me debug, just/please ask. TIA .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 14:37:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9D530204; Tue, 4 Nov 2014 14:37:10 +0000 (UTC) Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 03603BF9; Tue, 4 Nov 2014 14:37:09 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id n3so9471681wiv.14 for ; Tue, 04 Nov 2014 06:37:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cza4KYBMRaQS8hpEuX3JJal7wGxLut9nner04vsxwTM=; b=aSZ7th9+5vCxncej+hhzqffe60+JrRAh1PujJP5wNqIJozNzHoT7HvfKgEOgX+1TbL tnpCWMd1xNTk3D3jjvqPAWtkfVn05zY1rERtD5C4Ja2QI9i+jxyy1Nynjcv4zsnDjeJd 4A+BVdXFaIMsxMrD9VBEvtC+cdKe/ngvzCeL7ClTYmi3W93i1J1djswSg9n06n4CB5xT xm0g1iMbjd3YzeDV3O3j4PhSKMRf0YWd8t2BDF2Ehs191VPrHJeW0gZPUf7f8Mf27KBf uQoOqhzo/Lv7q3HsBR8yR1OklNStigw7+RCg5tO8ruKUkmjIrNNTe9hMW3oUrgckgGBR jEUw== X-Received: by 10.194.81.70 with SMTP id y6mr10831184wjx.113.1415111826785; Tue, 04 Nov 2014 06:37:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.194.157.202 with HTTP; Tue, 4 Nov 2014 06:36:46 -0800 (PST) In-Reply-To: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> References: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> From: Miguel Clara Date: Tue, 4 Nov 2014 14:36:46 +0000 Message-ID: Subject: Re: Order of geli "passphrase prompt" on boot To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-current X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 14:37:10 -0000 Sorry to bring this one back but I see no changes have been made to this in current. The issue is that USB devices are detected after the geli prompt and so the "geli paraphrase" prompt becomes hidden, and the simple solution would be to change the order the prompt show.... as in wait a few secs for the usb devices to be detected. Also the FreeBSD installer includes the zfs+geli install options, which encrypts root, so any user can do it now, yet when they boot they won't even see the passphrase prompt, which to me is really not inviting when we want to bring over the linux folks! Some linux distros even allow you to type the passphrase for the device in a neat prompt (black background mint logo ec...) but I don't think we need to go that far, that's probably something PC-BSD folks can do though (if they don't already). I understand tough that what some times seems simple from user perspective its really not for devs, so my question is: Is this a hard change to implement, and by change I just mean change the order or wait a few secs for usb device detection, or somehow stop this detection of the devices to "spam" the screen until a passphrase is entered!? Thanks Melhores Cumprimentos // Best Regards ----------------------------------------------- *Miguel Clara* *IT - Sys Admin & Developer* *E-mail: *miguelmclara@gmail.com www.linkedin.com/in/miguelmclara/ On Thu, Aug 28, 2014 at 5:01 PM, dweimer wrote: > On 08/28/2014 10:20 am, Francesco Toscan wrote: > >> On Wed, Aug 27, 2014 at 12:42:31PM +0100, Miguel Clara wrote: >> >>> Hi, >>> >> >> Hi, >> >>> >>> Does any one know if there's a way to change the order of the passphrase >>> prompt when the disk is encrypted? >>> >>> The ways it is now devices get detected after this prompt (usb devices it >>> seems) and makes the prompt kind of hidden which complicates things for >>> less experience users! >>> >> >> I experienced this issue running 9.0. >> 10-RELEASE seems fine (as works for me...) but i didn't investigate. >> >> If your root partition is not encrypted, you can try to mount encrypted >> volumes later, adding the relevant bits into /etc/rc.local or a rc.d >> script. Just remove the BOOT flag from your volumes with >> >> geli configure -B provider >> > > I can confirm the issue on my laptop (Dell Lattitude E6520) with > 10.0-RELEASE-p7 using an encrypted boot on zfs, and booting from usb thumb > drive. It doesn't do it if I have no other USB devices plugged in in > addition to the USB thumb frive. However if its in the port replicator, > with external mouse/keyboard I get a lot of device discovery prompts > following the prompt for the password. Its only a nuisance for me, though > when I built it off the port replicator then took it into the office and > booted it the first time I thought I broke it and hard reset it. The next > boot I was watching closely and saw the prompt go by. > > -- > Thanks, > Dean E. Weimer > http://www.dweimer.net/ > From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 14:46:28 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B7234799 for ; Tue, 4 Nov 2014 14:46:28 +0000 (UTC) Received: from mail-yh0-x231.google.com (mail-yh0-x231.google.com [IPv6:2607:f8b0:4002:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7001FD0A for ; Tue, 4 Nov 2014 14:46:28 +0000 (UTC) Received: by mail-yh0-f49.google.com with SMTP id t59so7245067yho.36 for ; Tue, 04 Nov 2014 06:46:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+6G+GZ87X8v3a8YGg+Ezycd+g0XgyLJemlRRGJlZYAM=; b=gfyexBuzlDwsguczeb53nBduU79SzKYvOyCvEOCyiB22yrb3Ch6xlbhEBy9k7+m4Ec TZGRxnogSL/7gG1yyhXP9aqfG+qU0JsivmOJuIpxKkzLIFWu8DKf6lOZ15ZK46hehqCE ksoNvZZWE/6IXMgtGPvq+ngS0Nf8oMJECXRaFg9tm5w66IAs3myHnO6vuTP6/8lsVR7l R5T1qxmRpVA6kFK2bUY8a6b0meGZeWiX76SnCpYsyvREZFTM9G8d9OYdOQFcVtTnMKr5 HcNWt/gOdqjja1n1UEwZoVSnbhcqfCbeDsbDgOazeMspRtjYNOKC2nmsKTkJkuD0uUDm 4OZg== MIME-Version: 1.0 X-Received: by 10.170.151.137 with SMTP id s131mr39619161ykc.91.1415112387573; Tue, 04 Nov 2014 06:46:27 -0800 (PST) Received: by 10.170.156.139 with HTTP; Tue, 4 Nov 2014 06:46:27 -0800 (PST) In-Reply-To: <889081AC-3AD0-403A-82E8-98CCF79F9CC8@gmail.com> References: <889081AC-3AD0-403A-82E8-98CCF79F9CC8@gmail.com> Date: Tue, 4 Nov 2014 14:46:27 +0000 Message-ID: Subject: Re: ZFS Root Mount Failure From: krad To: Stephen R Guglielmo Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Erik Gustafson , FreeBSD Mailing list X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 14:46:28 -0000 check you the file system you have the hosts the vdi files hasnt filled up. If it has it can often send the disk into read only mode. Ive had this happen a few times on my test rig On 3 November 2014 19:05, Stephen R Guglielmo wrote: > > > On October 29, 2014 4:49:55 AM EDT, Erik Gustafson < > gustafson.erik@gmail.com> wrote: > >On Tue, Oct 28, 2014 at 10:40 PM, Stephen R Guglielmo > > >> wrote: > > > >> Hey list, > >> > >> I have a machine running ZFS on root. It stopped responding this > >morning, > >> and upon a reboot, it was unable to mount root from zfs:zroot. It > >gave the > >> explanation of "error 5." > >> > >> I played with the mount prompt briefly, but didn't get anywhere. Any > >tips > >> for diagnosing and fixing the problem? > >> > > > >I had a similar issue recently. Error 5 on mount root. This was in > >virtaulbox after some sort of unexpected shutdown. > >To resolve i first made a snapshot in virtualbox > >booted from freebsd-disc1.iso (install dvd) > >zpool import > >reboot (and boot from zroot) > >zpool scrub > > > >zpool scrub said that i was going to loose some recently written data > >(generated by nightly poudrire build) > >I don't remember all, probably I needed some parameter to zpool import > >but > >all error messages were helpful it was quite easy to get it working > >again. > > > >Good luck and don't forget the backup/snapshot > > Erik, > > Thanks for the help! I was able to boot from a FreeBSD 10 CD. I got into > the LiveCD shell and imported the zpool with no problems. It said my 4 > disks were online. I then rebooted, however I got the same error at the > mountroot prompt: "Mounting from zfs:zroot failed with error 5." > > I'll try to play a bit more, maybe scrubbing it or something from the > livecd. > > Thanks, > Steve > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 14:50:18 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DC712873 for ; Tue, 4 Nov 2014 14:50:17 +0000 (UTC) Received: from mail-yh0-x22a.google.com (mail-yh0-x22a.google.com [IPv6:2607:f8b0:4002:c01::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9767DD41 for ; Tue, 4 Nov 2014 14:50:17 +0000 (UTC) Received: by mail-yh0-f42.google.com with SMTP id 29so7898876yhl.1 for ; Tue, 04 Nov 2014 06:50:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=lAWGgmpysDvPSnHFSKqC+4jvsVNgYIw0WsgbEDDGahg=; b=I2OGvdTkY0PbUTAg2084mzNHRk/2Vin1VpGGvYK/yxpwfdUe1qhzFV3fWHyj0DRj8F zBzBqwQhZZoaC6fMgSNtw636CEIims2zh2f0Bghr3vM4pZDbfv0RreC9ntcpB0NlfFcT jFcOjjQdptAJfEaRg9RrLO9PaeA731C7E8H5ayU1oDA/PpZpUz1XqQzytBpHj/TlUqkV ACzH2qdqqqeW1au3PaCfIB18oGlRFmXVbQ7lEmCBDYViRXk+R8xqW+c+9rRiuphlXHjN W7odlKtylvjuxBTezMzzCG1UQBzq2sBLPgGNTSSW0vdTJewYbv+l0BJ1mSF1s3JK7usf xyuA== MIME-Version: 1.0 X-Received: by 10.236.47.161 with SMTP id t21mr35842533yhb.100.1415112616773; Tue, 04 Nov 2014 06:50:16 -0800 (PST) Received: by 10.170.156.139 with HTTP; Tue, 4 Nov 2014 06:50:16 -0800 (PST) In-Reply-To: References: <86lhnup5l3.fsf@gly.ftfl.ca> Date: Tue, 4 Nov 2014 14:50:16 +0000 Message-ID: Subject: Re: Can't get Unbound caching/recursive server to answer on outside IP From: krad To: freebsd@fongaboo.com Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 14:50:18 -0000 have a look at sockstat -l On 3 November 2014 01:49, wrote: > > Have a FreeBSD 10 machine. Have two outside IPs bound to it. First IP has > NSD running as an authoritative server. THis is specified specifically in > the interface entry of nsd.conf. > > Trying to run caching/recursive nameserver with unbound on the second IP. > I specified the following entries in unbound.conf: > > interface: 127.0.0.1 > interface: > > > I followed the tutorial at https://calomel.org/unbound_dns.html. I added > lines for unbound-control. But other than that, and the extra interface > lines, its as specified in the tutorial... Oh, also the locations are > modified from /var/unbound/etc/ to /var/unbound/. > > I can get it to resolve when I run nslookup and set the server to > 127.0.0.1, but not when I set it to the second IP. > > I'm wondering if something else is floating around on 127.0.0.1 port 53? > Because when I run unbound-control dump_requestlist, I get an empty list. I > would think I would see the requests I made successfully on 127.0.0.1. > > BTW, I have this in IPFW: > > allow udp from any to any dst-port 53 in > > > Any ideas why I can't get answers on the second IP? > > > ------------------------------------------------------------------------- > shot through the heart ooh baby do you know what that's worth > and you're to blame ooh heaven is a place on earth > darling you give love they say in heaven love comes first > a bad name we'll make heaven a place on earth > ORBITAL "Halcyon Live" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 15:00:04 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A5739BCC; Tue, 4 Nov 2014 15:00:04 +0000 (UTC) Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5FEAEE40; Tue, 4 Nov 2014 15:00:04 +0000 (UTC) Received: from [78.35.187.124] (helo=fabiankeil.de) by smtprelay06.ispgateway.de with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from ) id 1Xlfa4-0000mD-Gl; Tue, 04 Nov 2014 15:59:36 +0100 Date: Tue, 4 Nov 2014 15:59:37 +0100 From: Fabian Keil To: Miguel Clara Subject: Re: Order of geli "passphrase prompt" on boot Message-ID: <33b02299.70afc6f7@fabiankeil.de> In-Reply-To: References: <7e30c7a0f28d63af254422a91b28f18a@dweimer.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/eM_NKnFpQcZM7_tLYVNNGe4"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Cc: freebsd-current , "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 15:00:04 -0000 --Sig_/eM_NKnFpQcZM7_tLYVNNGe4 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Miguel Clara wrote: > Sorry to bring this one back but I see no changes have been made to this = in > current. >=20 > The issue is that USB devices are detected after the geli prompt and so t= he > "geli paraphrase" prompt becomes hidden, and the simple solution would be > to change the order the prompt show.... as in wait a few secs for the usb > devices to be detected. If you don't need any USB devices to boot, you can delay their detection by loading the modules through /etc/rc.d/kld instead of the loader: fk@r500 ~ $grep kld /etc/rc.conf kld_list=3D"usb.ko usb_quirk.ko ehci.ko umass.ko" Fabian --Sig_/eM_NKnFpQcZM7_tLYVNNGe4 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlRY6dkACgkQBYqIVf93VJ2BTACeI0guNPgOZxHYiPGhdkF4czN4 E54An31rkxWTLyiCEAUQm9Ay6HifZEup =8aNg -----END PGP SIGNATURE----- --Sig_/eM_NKnFpQcZM7_tLYVNNGe4-- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 15:09:06 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 70F63B0 for ; Tue, 4 Nov 2014 15:09:06 +0000 (UTC) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 333EFF55 for ; Tue, 4 Nov 2014 15:09:05 +0000 (UTC) Received: from r56.edvax.de (port-92-195-37-193.dynamic.qsc.de [92.195.37.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 247083CC9C; Tue, 4 Nov 2014 16:09:02 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id sA4F92h3002892; Tue, 4 Nov 2014 16:09:02 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 4 Nov 2014 16:09:02 +0100 From: Polytropon To: "William A. Mahaffey III" Subject: Re: puzzling X11/mouse problem .... Message-Id: <20141104160902.3f5b9a5e.freebsd@edvax.de> In-Reply-To: <5458E382.5090101@hiwaay.net> References: <5458E382.5090101@hiwaay.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions !!!! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 15:09:06 -0000 On Tue, 04 Nov 2014 08:32:34 -0600, William A. Mahaffey III wrote: > > > I have had 2 instances in the last 3 days of my mouse locking up > requiring a reboot to get it back. I am running XFCE desktop under FBSD > 9.3-p3: Huh, that works? :-) > Anything else needed to help me debug, just/please ask. TIA .... HAL/DBUS problem, X configuration, reinstalling X11 drivers for input devices... somehow sounds familiar... Do you get any suspicious entries in /var/log/Xorg.0.log? https://www.freebsd.org/doc/handbook/x-config.html http://www.wonkity.com/~wblock/docs/html/aei.html -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 15:11:47 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D304B23F for ; Tue, 4 Nov 2014 15:11:47 +0000 (UTC) Received: from mail-yh0-x234.google.com (mail-yh0-x234.google.com [IPv6:2607:f8b0:4002:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8E8101000 for ; Tue, 4 Nov 2014 15:11:47 +0000 (UTC) Received: by mail-yh0-f52.google.com with SMTP id v1so2583929yhn.25 for ; Tue, 04 Nov 2014 07:11:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=BuOju3nPJlSdTX/yYGuCIn6NrfWDF6zCbf50JqKp1Qk=; b=KEoxos4QwnITF+78pX9TpHLD42bmkgvPXsYr/QG26u/SvFv17j4Qx3gWnx65vv/BhW 06Of/T6sBbjZPw0lWgzGr7UqPGLzdray+ux97gASSPf1TNcOvU8gUu0KaydPydJStmDQ m34GRiaIv2naLHu3KYnQFkt1HMxbjTa/opTqO05jDu3FnyOF1otDsXb4UamTqlvCh+uI p8mO8GRl9HzOBxYn6wyI001yhJh1R2VW8/Nl3L0dZT7tWSVHiifuHvlH8ez55pNUlDrV iXLoaoVJrF7jKIsz7cv3YuWwwmt5mHYyW6LjTNYp0/3j+0SauhoacMKxiscQ3Q5eLr5J i3ng== MIME-Version: 1.0 X-Received: by 10.170.174.67 with SMTP id q64mr2164832ykd.103.1415113906779; Tue, 04 Nov 2014 07:11:46 -0800 (PST) Received: by 10.170.156.139 with HTTP; Tue, 4 Nov 2014 07:11:46 -0800 (PST) In-Reply-To: <4424214.PdRTGivWqz@curlew.lan> References: <545409E0.9030809@bluerosetech.com> <5454B500.5030501@infracaninophile.co.uk> <4424214.PdRTGivWqz@curlew.lan> Date: Tue, 4 Nov 2014 15:11:46 +0000 Message-ID: Subject: Re: Root-on-ZFS upgrade question From: krad To: Mike Clarke Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 15:11:47 -0000 I would go old school and do a buildworld and kernel, then set the DESTDIR variable when you do the install parts and mergmaster Then activate and reboot. finally tweak pkg.conf to point at 10 rather than 9, and then do a pkg upgrade -f On 1 November 2014 22:35, Mike Clarke wrote: > On Saturday 01 Nov 2014 10:25:04 Matthew Seaman wrote: > > > If your original system had been maintained via freebsd-update(8) > > you could just use that to upgrade to 10.1-RELEASE in place -- when > > it tells you to reboot, just run freebsd-update again. > > I think the second run of freebsd-update needs to be applied after > booting into the new environment so do it after the beadm activate > step. > > An alternative approach is to activate the new environment immediately > after creating it and then reboot and upgrade the new environment to > rev. 10 in the "conventional" way. > > The chroot approach means that you can sort out upgrading the OS and > reinstalling all the ports at leisure without disrupting your working > system until you're ready for the final switch over. I normally use > this approach for major port upgrades and dot level system upgrades > within the same release level but I had problems with upgrading from > 9.1 to 10.0 due, I assune, to incompatibilities between the 10.0 > applications and the running 9.1 kernel. > > If you want to keep the option of reverting to your 9.x system after > the upgrade then you need to make sure that all OS release level > dependant directories like most of /usr and /usr/local are contained > in the boot environment. On the other hand you can save disk space and > download time by placing /usr/ports/distfiles outside of the boot > environment. You will probably also want to keep /var/log, /var/mail > and application databases, e.g. /var/db/mysql, outside of the boot > environment. > > -- > Mike Clarke > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 15:25:29 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3543E3F4 for ; Tue, 4 Nov 2014 15:25:29 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F1C011A6 for ; Tue, 4 Nov 2014 15:25:28 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-58.adsl.hiwaay.net [216.180.19.58]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA4FPRMl016237 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 4 Nov 2014 09:25:27 -0600 Message-ID: <5458F15E.9090509@hiwaay.net> Date: Tue, 04 Nov 2014 09:31:42 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 CC: "FreeBSD Questions !!!!" Subject: Re: puzzling X11/mouse problem .... References: <5458E382.5090101@hiwaay.net> <20141104160902.3f5b9a5e.freebsd@edvax.de> In-Reply-To: <20141104160902.3f5b9a5e.freebsd@edvax.de> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 15:25:29 -0000 On 11/04/14 09:09, Polytropon wrote: > On Tue, 04 Nov 2014 08:32:34 -0600, William A. Mahaffey III wrote: >> >> I have had 2 instances in the last 3 days of my mouse locking up >> requiring a reboot to get it back. I am running XFCE desktop under FBSD >> 9.3-p3: > Huh, that works? :-) > > > >> Anything else needed to help me debug, just/please ask. TIA .... > HAL/DBUS problem, X configuration, reinstalling X11 drivers > for input devices... somehow sounds familiar... > > Do you get any suspicious entries in /var/log/Xorg.0.log? > > https://www.freebsd.org/doc/handbook/x-config.html > > http://www.wonkity.com/~wblock/docs/html/aei.html > > > Here goes: [root@kabini1, /etc, 8:35:23am] 335 % grep -i mouse /var/log/Xorg.0.log.old [ 41.267] (**) |-->Input Device "Mouse0" [ 41.338] (WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled. [ 41.338] (WW) Disabling Mouse0 [ 43.429] (II) LoadModule: "mouse" [ 43.445] (II) Loading /usr/local/lib/xorg/modules/input/mouse_drv.so [ 43.462] (II) Module mouse: vendor="X.Org Foundation" [ 43.463] (II) Using input driver 'mouse' for 'USB Keyboard' [ 43.463] (**) Option "Device" "/dev/sysmouse" [ 43.463] (II) XINPUT: Adding extended input device "USB Keyboard" (type: MOUSE, id 6) [ 43.464] (II) USB Keyboard: SetupAuto: protocol is SysMouse [222044.088] (II) UnloadModule: "mouse" [root@kabini1, /etc, 8:35:52am] 336 % grep -i mouse /var/log/Xorg.0.log [ 32.463] (**) |-->Input Device "Mouse0" [ 32.550] (WW) Hotplugging is on, devices using drivers 'kbd', 'mouse' or 'vmmouse' will be disabled. [ 32.550] (WW) Disabling Mouse0 [ 35.022] (II) LoadModule: "mouse" [ 35.037] (II) Loading /usr/local/lib/xorg/modules/input/mouse_drv.so [ 35.077] (II) Module mouse: vendor="X.Org Foundation" [ 35.078] (II) Using input driver 'mouse' for 'USB Keyboard' [ 35.078] (**) Option "Device" "/dev/sysmouse" [ 35.078] (II) XINPUT: Adding extended input device "USB Keyboard" (type: MOUSE, id 6) [ 35.079] (II) USB Keyboard: SetupAuto: protocol is SysMouse [root@kabini1, /etc, 8:36:23am] 337 % grep -i mouse /var/log/dmesg.today ums1: on usbus4 [root@kabini1, /etc, 8:36:57am] 338 % grep -i mouse /var/log/dmesg.yesterday ums1: on usbus4 [root@kabini1, /etc, 8:37:03am] 339 % I note the UnloadModule: "mouse" in xorg.0.log.old, although no timestamps .... I suspect that may be the problem, but I don't know what caused it. pkg doesn't show any new X11/xf86 stuff, si I think I am up to date: [root@kabini1, /etc, 8:37:03am] 339 % pkg version -vIL= deluge-1.3.10,1 > succeeds index (index has 1.3.9,1) dri-9.1.7_6,2 > succeeds index (index has 9.1.7_5,2) git-2.1.2 > succeeds index (index has 2.1.0) libGL-9.1.7_3 > succeeds index (index has 9.1.7_2) libdrm-2.4.58_1,1 > succeeds index (index has 2.4.52_1,1) libevent2-2.0.21_3 > succeeds index (index has 2.0.21_2) libglapi-9.1.7_2 > succeeds index (index has 9.1.7_1) libmspub01-0.1.1 > succeeds index (index has 0.1.0_1) libreoffice-4.3.2 > succeeds index (index has 4.2.5_5) libxml2-2.9.2_1 > succeeds index (index has 2.9.1_1) libxul-24.8.1 < needs updating (index has 31.2.0) lsof-4.88,8 > succeeds index (index has 4.88.g,8) png-1.5.19 > succeeds index (index has 1.5.18) py27-libxml2-2.9.2 > succeeds index (index has 2.9.1) sudo-1.8.11.p1 > succeeds index (index has 1.8.10.p3_1) virtualbox-ose-4.3.18 > succeeds index (index has 4.3.16) virtualbox-ose-additions-4.3.18 > succeeds index (index has 4.3.16_1) virtualbox-ose-kmod-4.3.18 > succeeds index (index has 4.3.16) xfce4-wm-4.10.1_1 > succeeds index (index has 4.10.1) [root@kabini1, /etc, 9:30:39am] 340 % pkg version -vRL= Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. Updating FreeBSD_new_xorg repository catalogue... FreeBSD_new_xorg repository is up-to-date. All repositories are up-to-date. adns-1.4_2 < needs updating (remote has 1.5) db46-4.6.21.4 ? orphaned: databases/db46 dbus-1.8.8 < needs updating (remote has 1.8.8_1) desktop-file-utils-0.22_2 < needs updating (remote has 0.22_3) gnutls-3.2.19 < needs updating (remote has 3.2.19_1) htop-1.0.2_1 < needs updating (remote has 1.0.3) libcdr-0.0.16_2 ? orphaned: graphics/libcdr libfreehand00-0.0.0 ? orphaned: graphics/libfreehand00 libmspub-0.0.6_3 ? orphaned: print/libmspub libpurple-2.10.9_7 < needs updating (remote has 2.10.10) libxul-24.8.1 < needs updating (remote has 31.2.0) linux-c6-flashplugin-11.2r202.406 ? orphaned: www/linux-c6-flashplugin11 linux-c6-openssl-1.0.1e < needs updating (remote has 1.0.1e_1) linux_base-c6-6.5_1 < needs updating (remote has 6.5_2) netpbm-10.35.92_1 < needs updating (remote has 10.35.94) pidgin-2.10.9_4 < needs updating (remote has 2.10.10) serf-1.3.7_1 < needs updating (remote has 1.3.8) xf86-video-intel-2.21.15_4 < needs updating (remote has 2.21.15_5) [root@kabini1, /etc, 9:30:46am] 341 % Anything else ? -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 15:31:56 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EDE96566 for ; Tue, 4 Nov 2014 15:31:56 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id C5A9B287 for ; Tue, 4 Nov 2014 15:31:56 +0000 (UTC) Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41]) by be-well.ilk.org (Postfix) with ESMTP id 3B11633C48; Tue, 4 Nov 2014 10:31:44 -0500 (EST) Received: by lowell-desk.lan (Postfix, from userid 1147) id 218083980E; Tue, 4 Nov 2014 10:31:42 -0500 (EST) From: Lowell Gilbert To: Hasse Hansson Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> Date: Tue, 04 Nov 2014 10:31:42 -0500 In-Reply-To: <20141104110202.GA37003@ymer.thorshammare.org> (Hasse Hansson's message of "Tue, 4 Nov 2014 12:02:02 +0100") Message-ID: <44vbmv6kyp.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 15:31:57 -0000 Hasse Hansson writes: > I'm aware of changing port for ssh, but I see it as a little bit of "givingup" > Gotta be some rather easy way of just blocking those attacks. Other than blocking > whole of CN and half of Asia. I've tried that too. It stopped the attacks and gave > me some room to think it over. Changing the port won't help you avoid attacks that might succeed, but it will substantially reduce the clutter that you need to look through. I don't do it because I've had problems with paranoid networks blocking everything but a few special ports, where ssh is one of the allowed ones, but I don't know if anybody's still doing anything that silly. > But I still wonder why sshguard or pf don't block those attacks. > shguard does it job on other probes, but not the root logins. PF doesn't seem > to do much at all. Firewalls won't help detect the attack. They can be used to keep someone out once the attack has been detected. I don't know sshguard, so I can't tell you why it isn't working for you, but there certainly are ports that can do so. I use bruteblock, for example, but I know there are several other options that do the same thing. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 16:25:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0C8D17D3 for ; Tue, 4 Nov 2014 16:25:42 +0000 (UTC) Received: from avasout08.plus.net (avasout08.plus.net [212.159.14.20]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 87711A80 for ; Tue, 4 Nov 2014 16:25:40 +0000 (UTC) Received: from curlew.milibyte.co.uk ([84.92.153.232]) by avasout08 with smtp id BURW1p002516WCc01URXNe; Tue, 04 Nov 2014 16:25:31 +0000 X-CM-Score: 0.00 X-CNFS-Analysis: v=2.1 cv=XuZ0OD19 c=1 sm=1 tr=0 a=lfSX4pPLp9EkufIcToJk/A==:117 a=lfSX4pPLp9EkufIcToJk/A==:17 a=D7rCoLxHAAAA:8 a=0Bzu9jTXAAAA:8 a=GIpPufGBusUA:10 a=8nJEP1OIZ-IA:10 a=6I5d2MoRAAAA:8 a=v6wH43Vdlbg-1semvFwA:9 a=wPNLvfGTeEIA:10 Received: from sedbergh.lan ([192.168.1.13] helo=curlew.lan) by curlew.milibyte.co.uk with esmtp (Exim 4.84) (envelope-from ) id 1XlgvB-0000pD-LF for freebsd-questions@freebsd.org; Tue, 04 Nov 2014 16:25:30 +0000 From: Mike Clarke To: freebsd-questions@freebsd.org Date: Tue, 04 Nov 2014 16:25:28 +0000 Message-ID: <3112581.di7TUJWQMQ@curlew.lan> User-Agent: KMail/4.14.2 (FreeBSD/10.1-RC1-p1; KDE/4.14.2; amd64; ; ) In-Reply-To: References: <545409E0.9030809@bluerosetech.com> <4424214.PdRTGivWqz@curlew.lan> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 192.168.1.13 X-SA-Exim-Mail-From: jmc-freebsd2@milibyte.co.uk X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on curlew.lan X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 Subject: Re: Root-on-ZFS upgrade question Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="iso-8859-1" X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on curlew.milibyte.co.uk) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 16:25:42 -0000 On Tuesday 04 Nov 2014 15:11:46 krad wrote: > I would go old school and do a buildworld and kernel, then set the > DESTDIR variable when you do the install parts and mergmaster If you use beadm to create and mount a new environment and then chroot into it to build the world and kernel as described earlier in this thread then you won't need to bother about setting DESTDIR. > Then activate and reboot. > > finally tweak pkg.conf to point at 10 rather than 9, No need to tweak it - /etc/pkg/FreeBSD.conf contains the line: Url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", pkg will evaluate this to match the OS version and hardware of the boot environment. To avoid conflicts with your 9.x system you need to keep /usr and /usr/local inside your boot environment structure.. > and then do a pkg upgrade -f Since you've changed release level it's safer to sort out the packages after booting the new environment instead of in a chroot. Safer to make a list of all your packages then delete them all and reinstall. Also you should have the correct version of pkg for your current OS so cd to /usr/ports-mgmt/pkg and run make install before attempting to install or upgrade the rest of your packages. -- Mike Clarke From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 16:57:59 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9BEE375D for ; Tue, 4 Nov 2014 16:57:59 +0000 (UTC) Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5C25EDCB for ; Tue, 4 Nov 2014 16:57:59 +0000 (UTC) Received: by mail-qg0-f46.google.com with SMTP id i50so9666454qgf.5 for ; Tue, 04 Nov 2014 08:57:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:user-agent:mime-version:content-transfer-encoding:content-type :subject:date:to:message-id; bh=6BSkzragGoUxnWRZb5wQhElWcEYZbi7qONyN1F4k9Co=; b=TtWC6DokPtMptDi2ABE9cLOlPkydmfhez2w5cvKXUDraPOAvl0yVENjyXNcHLUXP0q zTiyYQGz4KF33c8lI1toJeAZ+ON0Z7O2DnIGIPWOrpmqJqwmFhiqzKy+br7fSWxDURQY zRWuccrfXT15SVZnM3sKpIRi6yJWigws0zwqIEEHV5Jt99Re9alcn5A0jg8vZugGdvfO /2andn1FoIpsDRPaeKjI0MiYFtX04CVxC4fScfhJfIVeDz4cG4qQL8yvTUSznosMZ4Zl qG5a7V3mmmFUdg2JleOCeR5KqhTGmD1QVOX2XMbc0Tr20264WNVjTfciCYLgLDgL8ayK hMUA== X-Received: by 10.224.92.81 with SMTP id q17mr36716138qam.66.1415120277941; Tue, 04 Nov 2014 08:57:57 -0800 (PST) Received: from cyanogenmod.home (pool-71-185-80-109.phlapa.fios.verizon.net. [71.185.80.109]) by mx.google.com with ESMTPSA id v4sm810068qag.23.2014.11.04.08.57.57 for (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 04 Nov 2014 08:57:57 -0800 (PST) From: Stephen R Guglielmo X-Google-Original-From: Stephen R Guglielmo User-Agent: K-9 Mail for Android MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: ZFS RaidZ - Only One HDD Light Active Date: Tue, 04 Nov 2014 11:57:55 -0500 To: freebsd-questions@freebsd.org Message-ID: <34EE252D-09FE-4FF2-94BF-B11726118336@gmail.com> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 16:57:59 -0000 Hi list, I have a system that is running ZFS on root with raidZ across 4 disks. While sorting out another problem, I had the cover off on my server and noticed that only a single HDD activity light is lighting up. Only disk #3, none of the other drives seem to be showing any activity. I've been scrubbing the zpool for a few hours now and didn't notice any other lights lighting up. The system is a HP ProLiant with SATA disks. I was wondering if this seemed strange to anyone else. -Steve From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 17:01:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 719F9816 for ; Tue, 4 Nov 2014 17:01:08 +0000 (UTC) Received: from oneyou.mcmli.com (oneyou.mcmli.com [IPv6:2001:470:1d:8da::100]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "oneyou.mcmli.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3F5B8DEC for ; Tue, 4 Nov 2014 17:01:08 +0000 (UTC) Received: from sentry.24cl.com (unknown [IPv6:2001:558:6017:a2:a860:3073:4c46:6ac9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sentry.24cl.com", Issuer "Mike's Certificate Authority" (verified OK)) by oneyou.mcmli.com (Postfix) with ESMTPS id 3jXHM55MSMz1DP5 for ; Tue, 4 Nov 2014 12:01:05 -0500 (EST) Received: from BigBloat (bigbloat.24cl.home [10.20.1.4]) by sentry.24cl.com (Postfix) with ESMTP id 3jXHM41SGpz1C0C for ; Tue, 4 Nov 2014 12:01:04 -0500 (EST) Message-ID: <201411041201010358.00BC3F63@smtp.24cl.home> In-Reply-To: <20141104155455.GB28202@neutralgood.org> References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> <5457C412.9060909@bananmonarki.se> <20141104155455.GB28202@neutralgood.org> X-Mailer: Courier 3.50.00.09.1098 (http://www.rosecitysoftware.com) (P) Date: Tue, 04 Nov 2014 12:01:01 -0500 From: "Mike." To: freebsd-questions@freebsd.org Subject: Re: Postal Notification Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 17:01:08 -0000 On 11/4/2014 at 10:54 AM kpneal@pobox.com wrote: |On Mon, Nov 03, 2014 at 07:06:10PM +0100, Bernt Hansson wrote: |> |> |> On 2014-11-03 17:01, jd1008 wrote: |> > Is there a way to PREVENT such spam??? |> > |> |> Yes. Filter on the messageheader. | |Personally, I think the idea of requiring a subscription should be |shelved until the level of spam exceeds the complaints about it. We |see far more anti-spam complaints than actual spam on this list. |-- |Kevin P. Neal http://www.pobox.com/~kpn/ ============= +1 From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 17:03:12 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DBDCA9BB for ; Tue, 4 Nov 2014 17:03:12 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id B5633EA6 for ; Tue, 4 Nov 2014 17:03:12 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 4DAFCCB8C99; Tue, 4 Nov 2014 10:42:21 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 4 Nov 2014 10:42:21 -0600 (CST) Message-ID: <33388.128.135.70.2.1415119341.squirrel@cosmo.uchicago.edu> In-Reply-To: <20141104155455.GB28202@neutralgood.org> References: <20141103140638.60B9617470E@scprod53.upprovider.it> <5457A6D1.5050209@gmail.com> <5457C412.9060909@bananmonarki.se> <20141104155455.GB28202@neutralgood.org> Date: Tue, 4 Nov 2014 10:42:21 -0600 (CST) Subject: Re: Postal Notification From: "Valeri Galtsev" To: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 17:03:12 -0000 On Tue, November 4, 2014 9:54 am, kpneal@pobox.com wrote: > On Mon, Nov 03, 2014 at 07:06:10PM +0100, Bernt Hansson wrote: >> >> >> On 2014-11-03 17:01, jd1008 wrote: >> > Is there a way to PREVENT such spam??? >> > >> >> Yes. Filter on the messageheader. > > Personally, I think the idea of requiring a subscription should be > shelved until the level of spam exceeds the complaints about it. We > see far more anti-spam complaints than actual spam on this list. I would say, your criterion will be never met as for each spam message there will be at least one complaint (it is just a statistics plus human nature). Just to add to consideration: if someone wants to ask something on the list (thus expecting some effort from others - to read and reply the question), it will not be too much to expect that that person at least puts some rather minimal effort to subscribe to the list (I would say, "confirm" is enough, no need to "approve' by list admin - those familiar with mailman know what I mean). And unsubscribe later if necessary. Also, I would suggest: change "reply-to:" in the list setting to have replies go to the list (majority of lists do so as people more often hit just "reply", not "reply all" thus the list is loosing messages in the thread). Just my $0.02 Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 18:20:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 72DF871A for ; Tue, 4 Nov 2014 18:20:09 +0000 (UTC) Received: from mail-qa0-f48.google.com (mail-qa0-f48.google.com [209.85.216.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2E166961 for ; Tue, 4 Nov 2014 18:20:08 +0000 (UTC) Received: by mail-qa0-f48.google.com with SMTP id x12so10377286qac.35 for ; Tue, 04 Nov 2014 10:20:00 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=9j+V2GA8rAAUuXeSz29/WtlPlvUg96Xq2yHd03Np9kY=; b=NDStH/qVhitW1TydograF9gSkUI1NaqXefnxXWr5uORU89I64G22TFod33CafblJa+ CMlYpz1GyfznldKdMIT2eJwd8vaItTZ8yFznTWO0J3GDtK4Xlm5sAWFd7kNacUZfB3tU /9KO4IKeCaxXCOy6evdQqlqL1z2ZWkvTFgCWy9Mpr7TB/gBxdmxe8h+1E68+r3l1vu6W 2Fc7l8YNbeH/MFVLpXW/Y74/9iYmL3o4ivBC/ZcTWfvcLZwvbbUP9sjm184YKZhH+XVJ OyvOkX/8bObk65LAA3nXLKu6xtb+uAV+/l7dF9D95qCiwkslxA8q2Z3y3oM4jWcMupnm QtnA== X-Gm-Message-State: ALoCoQmzm/CgkTvXE4v5gf597fO+GtLPdbHomuFX5bXNxYE3t0VgoDRYfj/on10KOLpa6CK6yLaR X-Received: by 10.224.68.73 with SMTP id u9mr54811196qai.75.1415123568508; Tue, 04 Nov 2014 09:52:48 -0800 (PST) Received: from mbp-1.thecreativeadvantage.com (mail.thecreativeadvantage.com. [96.236.20.34]) by mx.google.com with ESMTPSA id i33sm941275qgd.8.2014.11.04.09.52.47 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Nov 2014 09:52:48 -0800 (PST) Message-ID: <5459126E.5040708@kraus-haus.org> Date: Tue, 04 Nov 2014 12:52:46 -0500 From: Paul Kraus User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: ZFS RaidZ - Only One HDD Light Active References: <34EE252D-09FE-4FF2-94BF-B11726118336@gmail.com> In-Reply-To: <34EE252D-09FE-4FF2-94BF-B11726118336@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 18:20:09 -0000 What does a `zpool iostat -v 10` show ? What does an `iostat -x -w 10' show ? If the above show disk activity on all drives then you probably have bad chassis wiring to the other drive LEDs. On 11/4/14 11:57, Stephen R Guglielmo wrote: > Hi list, > > I have a system that is running ZFS on root with raidZ across 4 disks. While sorting out another problem, I had the cover off on my server and noticed that only a single HDD activity light is lighting up. Only disk #3, none of the other drives seem to be showing any activity. I've been scrubbing the zpool for a few hours now and didn't notice any other lights lighting up. > > The system is a HP ProLiant with SATA disks. I was wondering if this seemed strange to anyone else. > > -Steve > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- -- Paul Kraus paul@kraus-haus.org Co-Chair Albacon 2014.5 http://www.albacon.org/2014/ From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 19:56:27 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 10F4D903 for ; Tue, 4 Nov 2014 19:56:27 +0000 (UTC) Received: from smtprelay-h22.telenor.se (smtprelay-h22.telenor.se [195.54.99.197]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8A8AE64B for ; Tue, 4 Nov 2014 19:56:26 +0000 (UTC) Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167]) by smtprelay-h22.telenor.se (Postfix) with ESMTP id B80A2D4CF for ; Tue, 4 Nov 2014 20:36:59 +0100 (CET) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av8GAKkqWVRT4+F5PGdsb2JhbABVBoMOgSyHPdATFwEBAQEBAQUBAQEBODuEAwEBAQMDUyMQCxgJJQ8FGQwKGhOIRQHNfSCQTYN3gR4FngYBgTGRFYVcgiY8L4JLAQEB X-IPAS-Result: Av8GAKkqWVRT4+F5PGdsb2JhbABVBoMOgSyHPdATFwEBAQEBAQUBAQEBODuEAwEBAQMDUyMQCxgJJQ8FGQwKGhOIRQHNfSCQTYN3gR4FngYBgTGRFYVcgiY8L4JLAQEB X-IronPort-AV: E=Sophos;i="5.07,314,1413237600"; d="scan'208";a="676943975" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO ymer.thorshammare.org) ([83.227.225.121]) by ipb4.telenor.se with ESMTP; 04 Nov 2014 20:36:59 +0100 Received: from ymer.thorshammare.org (localhost [127.0.0.1]) by ymer.thorshammare.org (8.14.9/8.14.9) with ESMTP id sA4JarWx003128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 4 Nov 2014 20:36:56 +0100 (CET) (envelope-from hasse@ymer.thorshammare.org) Received: (from root@localhost) by ymer.thorshammare.org (8.14.9/8.14.9/Submit) id sA4JaqWD003127; Tue, 4 Nov 2014 20:36:52 +0100 (CET) (envelope-from hasse) Date: Tue, 4 Nov 2014 20:36:52 +0100 From: Charlie Root To: Lowell Gilbert Subject: Re: sshguard pf Message-ID: <20141104193652.GA3062@ymer.thorshammare.org> References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pWyiEgJYm5f9v55/" Content-Disposition: inline In-Reply-To: <44vbmv6kyp.fsf@lowell-desk.lan> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 19:56:27 -0000 --pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 04, 2014 at 10:31:42AM -0500, Lowell Gilbert wrote: > Hasse Hansson writes: >=20 > > I'm aware of changing port for ssh, but I see it as a little bit of "gi= vingup" > > Gotta be some rather easy way of just blocking those attacks. Other tha= n blocking > > whole of CN and half of Asia. I've tried that too. It stopped the attac= ks and gave > > me some room to think it over. >=20 > Changing the port won't help you avoid attacks that might succeed, but > it will substantially reduce the clutter that you need to look through. >=20 > I don't do it because I've had problems with paranoid networks blocking > everything but a few special ports, where ssh is one of the allowed > ones, but I don't know if anybody's still doing anything that silly. >=20 > > But I still wonder why sshguard or pf don't block those attacks. > > shguard does it job on other probes, but not the root logins. PF doesn'= t seem > > to do much at all. >=20 > Firewalls won't help detect the attack. They can be used to keep someone > out once the attack has been detected. I don't know sshguard, so I can't > tell you why it isn't working for you, but there certainly are ports > that can do so. I use bruteblock, for example, but I know there are > several other options that do the same thing. Thank you all for your answers and effort to help. I'm interested in trying out bruteblock, but a little bit confused. ( not u= nusual ) Do "bruteblock" require me to run ipfw2 as my firewall ? Bruteblock is written in pure C, doesn't use any external programs and work with ipfw2 tables via raw sockets API. /hasse --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUWSrUAAoJEDCDGDmNzjqcu4sP/R66MAKCsiBUxaILC9s+T/NH OwXwIOQvcG0Vx9N4VlKiHDpyecFCUMT+hj7Fn+byyuBX6ievt2p34frFFgHkGHO1 YZwGpaU98fJNdOzTCX1nK+8G/k4kePsTEkCDc4FBAjUqP6bY6dUCBWbaxsY1pcMb KFyLg8W0KUeQcyj73C1wOF7sIGYKToL35PoCK+pKwNdaQTyc4oQSahtyaRoV+7Rv kwY4xLpaIKE/SYKTDb5HgFziHTaypx1MGIdDdbi4xwTAYmjG5KOZFHYYwPtxcgDX Ki3o74gjQr8YYAyGb3FPz21fIbpMTeZStN6Hwylq8XsM7L69lN7pa6wy8haCjUOG 3hfIl+HlQ167EQD5HAQ5mNqsZi0YoTNTXgCTkAUUunSrNtcaABk3yyyXdBHl6HyH 0p408iYGAJ54elOGvF6cu7zlr8g5NRcRRBIdl3LMA46wm1I3dsrTgNmlzprI4HHa 5vlXSfqzlFq4V9HsH4vPR7f51Fm7q9UV1LOqlPAm7VSWIIRdRzekaDFQZACZmtV2 sLmhV0tSMCpAIVadkFV9dRslyis/Pgka+yFlzQ36Po0Milw2QwDpqOwrlz9eiBY2 lD0xAvM9bFpBc5n8EPxrZuOkWxM0CxNf8e4u5gaCjpZNkjdilB9UTVwNEKSpetrp xBVGy5G9Pyp7iiHpvQT1 =TVd/ -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/-- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 20:23:35 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C2A4823A for ; Tue, 4 Nov 2014 20:23:35 +0000 (UTC) Received: from mail-ie0-x22e.google.com (mail-ie0-x22e.google.com [IPv6:2607:f8b0:4001:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 849779D5 for ; Tue, 4 Nov 2014 20:23:35 +0000 (UTC) Received: by mail-ie0-f174.google.com with SMTP id x19so8382584ier.19 for ; Tue, 04 Nov 2014 12:23:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=HWDiapsMf0I/dR7xKBkJmfIIPRpkfT8FvzJouX3zkes=; b=sSTne9Eqw5M0Wv+C6mZ2wbSKn63NQnFw88oh8fr8cBFtT62xgc5Mu0wubfFPrVei0X nwzY+Jd60FqbXTDqX+iyLFeGZo2qzTv5u01FReUjGnimWbFhbRcgvxeZjc8FpVlAJFJa GE2yojWwVmTaCNkFNH4XUAAG366oUVjWkbLmo6eTLW/6Ms1+4uE9zPQar8P9YAMzSkCQ 2wYyFPDFFK9bHHJ3nCK2hRvREd+Qd7LBOkdPM/Nv9SLbGIphqnBgOwpv1DfPTHLfE0Bm u/Aa+0RuOmK4/rsTESjA9GRfzg8MMdEcBQjVroJXf4ouwvm4/5iw4xipqO5q0LvBFK5E bLpA== X-Received: by 10.50.108.78 with SMTP id hi14mr341480igb.27.1415132614908; Tue, 04 Nov 2014 12:23:34 -0800 (PST) Received: from localhost.localdomain (63-225-227-131.slkc.qwest.net. [63.225.227.131]) by mx.google.com with ESMTPSA id h5sm5522743igo.5.2014.11.04.12.23.32 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Nov 2014 12:23:34 -0800 (PST) Message-ID: <545935C3.4080806@gmail.com> Date: Tue, 04 Nov 2014 13:23:31 -0700 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> In-Reply-To: <20141104193652.GA3062@ymer.thorshammare.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 20:23:35 -0000 On 11/04/2014 12:36 PM, Charlie Root wrote: > On Tue, Nov 04, 2014 at 10:31:42AM -0500, Lowell Gilbert wrote: >> Hasse Hansson writes: >> >>> I'm aware of changing port for ssh, but I see it as a little bit of "givingup" >>> Gotta be some rather easy way of just blocking those attacks. Other than blocking >>> whole of CN and half of Asia. I've tried that too. It stopped the attacks and gave >>> me some room to think it over. >> Changing the port won't help you avoid attacks that might succeed, but >> it will substantially reduce the clutter that you need to look through. >> >> I don't do it because I've had problems with paranoid networks blocking >> everything but a few special ports, where ssh is one of the allowed >> ones, but I don't know if anybody's still doing anything that silly. >> >>> But I still wonder why sshguard or pf don't block those attacks. >>> shguard does it job on other probes, but not the root logins. PF doesn't seem >>> to do much at all. >> Firewalls won't help detect the attack. They can be used to keep someone >> out once the attack has been detected. I don't know sshguard, so I can't >> tell you why it isn't working for you, but there certainly are ports >> that can do so. I use bruteblock, for example, but I know there are >> several other options that do the same thing. > Thank you all for your answers and effort to help. > > I'm interested in trying out bruteblock, but a little bit confused. ( not unusual ) > > Do "bruteblock" require me to run ipfw2 as my firewall ? > > Bruteblock is written in pure C, doesn't use any > external programs and work with ipfw2 tables via raw sockets API. > > > /hasse How about creating a firewall rule that allows ssh only from known IP addresses, in addition to changing the port number? Yes, I know, IP addresses can be spoofed, but as Charlie says, it will reduce the crap you have to deal with. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 20:31:17 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EDD0D6B0 for ; Tue, 4 Nov 2014 20:31:17 +0000 (UTC) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C1261AC4 for ; Tue, 4 Nov 2014 20:31:17 +0000 (UTC) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 6060620A87 for ; Tue, 4 Nov 2014 15:31:16 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute1.internal (MEProxy); Tue, 04 Nov 2014 15:31:16 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=FNEH0xVTihMX/dsOAbDI4p7G UMk=; b=QnjYtzSXxPR02/sdSzHUqnwoxMFyigHlhYbHHTqFXB/jkCv634RGQ+Vc 4CxIxIeEE8THXHXZbjgtnOhF5Rer6S/Oc8SkxouE/VZw+tMKYS8xBOqsAA1r78La Nkk5flZC5A8/xwRVC9+4g9sd37kKfpnsALWCL1aoZ1QslkS8ufo= Received: by web3.nyi.internal (Postfix, from userid 99) id 4221910D575; Tue, 4 Nov 2014 15:31:16 -0500 (EST) Message-Id: <1415133076.3101293.187068781.08AE26B5@webmail.messagingengine.com> X-Sasl-Enc: vhS4VRT7JrJFPyU6k9PvYgyYyx+i4GsRR9M0lahXUQxE 1415133076 From: Mark Felder To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-c51dec4f In-Reply-To: <20141102154444.GA42429@ymer.thorshammare.org> References: <20141102154444.GA42429@ymer.thorshammare.org> Subject: Re: sshguard pf Date: Tue, 04 Nov 2014 14:31:16 -0600 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 20:31:18 -0000 You could always enable 2 Factor Auth for SSH and then they'll definitely have no chance of getting in :-) http://blog.feld.me/posts/2014/07/ssh-two-factor-authentication-on-freebsd/ Good luck! From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 20:41:53 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2BC0C8FC for ; Tue, 4 Nov 2014 20:41:53 +0000 (UTC) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 029DFBC5 for ; Tue, 4 Nov 2014 20:41:52 +0000 (UTC) Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41]) by be-well.ilk.org (Postfix) with ESMTP id D75AE33C48; Tue, 4 Nov 2014 15:41:45 -0500 (EST) Received: by lowell-desk.lan (Postfix, from userid 1147) id BBE733980E; Tue, 4 Nov 2014 15:41:44 -0500 (EST) From: Lowell Gilbert To: Charlie Root Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> Reply-To: freebsd-questions@freebsd.org Date: Tue, 04 Nov 2014 15:41:44 -0500 In-Reply-To: <20141104193652.GA3062@ymer.thorshammare.org> (Charlie Root's message of "Tue, 4 Nov 2014 20:36:52 +0100") Message-ID: <44oasm7l6f.fsf@lowell-desk.lan> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 20:41:53 -0000 Charlie Root writes: > Do "bruteblock" require me to run ipfw2 as my firewall ? Yes. That's why I mentioned that there are several other options, I just don't know them myself. Last I checked, bruteblock doesn't support IPv6 either, so one of these days I may have to check into the choices again. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 21:01:49 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6391BFD0 for ; Tue, 4 Nov 2014 21:01:49 +0000 (UTC) Received: from dd13304.kasserver.com (dd13304.kasserver.com [85.13.135.53]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 28503DDC for ; Tue, 4 Nov 2014 21:01:48 +0000 (UTC) Received: from nermal.rz1.convenimus.net (p4FDDC8C9.dip0.t-ipconnect.de [79.221.200.201]) by dd13304.kasserver.com (Postfix) with ESMTPA id A03BC1E0143; Tue, 4 Nov 2014 21:55:12 +0100 (CET) Received: from falbala.localnet (falbala.rz1.convenimus.net [192.168.100.75]) by nermal.rz1.convenimus.net (Postfix) with ESMTP id B325315210; Tue, 4 Nov 2014 20:25:19 +0100 (CET) From: Christian Baer To: freebsd-questions@freebsd.org Subject: Installing Windows *after* FreeBSD Date: Tue, 04 Nov 2014 21:55:11 +0100 Message-ID: <1871133.1mJRhnQs1i@falbala> User-Agent: KMail/4.14.2 (FreeBSD/10.0-RELEASE-p10; KDE/4.14.2; amd64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 21:01:49 -0000 Good evening, everyone! A few days ago I bought myself a new computer - at long last! :-) I have been working with FreeBSD for quite a while now, but only ever on servers, never on a desktop-computer or a workstation. This time I took special care to make sure FreeBSD would run on all the hardware. Only catch: The case has no room for a FreeBSD badge. :-) I guess I was a little over-enthusiastic and installed FreeBSD right away. As you can see, I managed to get it running, including X, nvdidia-driver and sound. ;-) At times, I still like gaming and although I do not spend most of my computer time doing that, I did leave some room on my SSD for Windows. To be exact, I created three primary partitions (MBR style, Win7 is a pain with UEFI), one 100MB, one ~120GB (these two are for Windows) and one ~118GB for FreeBSD. My problem is that should I install Windows now, FreeBSD won't boot anymore, because Windows will replace the boot loader. If there is any documentation about using FreeBSD and Windows on one machine, it usually assumes that Windows was installed first. Does anybody know of some documentation or howto to install these two OSs the other way around? As you can imagine, I don't really fancy the idea of starting from scratch here. Thanks for any suggestions! Best regards, Chris From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 21:18:16 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CEB884D6 for ; Tue, 4 Nov 2014 21:18:16 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9BDEDF36 for ; Tue, 4 Nov 2014 21:18:16 +0000 (UTC) Received: from kabini1.local (rbn1-216-180-19-83.adsl.hiwaay.net [216.180.19.83]) (authenticated bits=0) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id sA4LIEfx031164 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 4 Nov 2014 15:18:14 -0600 Message-ID: <5459440D.8020200@hiwaay.net> Date: Tue, 04 Nov 2014 15:24:29 -0600 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Installing Windows *after* FreeBSD References: <1871133.1mJRhnQs1i@falbala> In-Reply-To: <1871133.1mJRhnQs1i@falbala> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 21:18:16 -0000 On 11/04/14 14:55, Christian Baer wrote: > Good evening, everyone! > > A few days ago I bought myself a new computer - at long last! :-) I have been > working with FreeBSD for quite a while now, but only ever on servers, never on > a desktop-computer or a workstation. This time I took special care to make > sure FreeBSD would run on all the hardware. Only catch: The case has no room > for a FreeBSD badge. :-) > > I guess I was a little over-enthusiastic and installed FreeBSD right away. As > you can see, I managed to get it running, including X, nvdidia-driver and > sound. ;-) > > At times, I still like gaming and although I do not spend most of my computer > time doing that, I did leave some room on my SSD for Windows. To be exact, I > created three primary partitions (MBR style, Win7 is a pain with UEFI), one > 100MB, one ~120GB (these two are for Windows) and one ~118GB for FreeBSD. > > My problem is that should I install Windows now, FreeBSD won't boot anymore, > because Windows will replace the boot loader. If there is any documentation > about using FreeBSD and Windows on one machine, it usually assumes that > Windows was installed first. > > Does anybody know of some documentation or howto to install these two OSs the > other way around? As you can imagine, I don't really fancy the idea of > starting from scratch here. > > Thanks for any suggestions! > > Best regards, > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Run winders as a VM ? $0.02, no more, no less ..... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr. From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 21:37:33 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 690A39CF for ; Tue, 4 Nov 2014 21:37:33 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2D0001E2 for ; Tue, 4 Nov 2014 21:37:32 +0000 (UTC) Received: from r56.edvax.de (port-92-195-37-193.dynamic.qsc.de [92.195.37.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 5458524DF7; Tue, 4 Nov 2014 22:37:24 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id sA4LbO8s002739; Tue, 4 Nov 2014 22:37:24 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 4 Nov 2014 22:37:24 +0100 From: Polytropon To: Christian Baer Subject: Re: Installing Windows *after* FreeBSD Message-Id: <20141104223724.658347f2.freebsd@edvax.de> In-Reply-To: <1871133.1mJRhnQs1i@falbala> References: <1871133.1mJRhnQs1i@falbala> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 21:37:33 -0000 On Tue, 04 Nov 2014 21:55:11 +0100, Christian Baer wrote: > At times, I still like gaming and although I do not spend most of my computer > time doing that, I did leave some room on my SSD for Windows. To be exact, I > created three primary partitions (MBR style, Win7 is a pain with UEFI), one > 100MB, one ~120GB (these two are for Windows) and one ~118GB for FreeBSD. Depending on what games you prefer, you could try the following in order to avoid an installation of "Windows": a) run the games with wine (I'm doing this, actually) b) create a VM and run "Windows" games inside that If both do _not_ provide a sufficient environment for your games, you probably need to install it on your hard disk. > My problem is that should I install Windows now, FreeBSD won't boot anymore, > because Windows will replace the boot loader. Correct. You should therefore first install "Windows" and then FreeBSD. If you have installed FreeBSD previously, you need to boot from a live CD or USB stick and repair the damaged MBR, and also install the boot manager so you can select to boot the OS or "Windows". > If there is any documentation > about using FreeBSD and Windows on one machine, it usually assumes that > Windows was installed first. Yes, because it's less trouble. :-) > Does anybody know of some documentation or howto to install these two OSs the > other way around? As you can imagine, I don't really fancy the idea of > starting from scratch here. Boot from a different media and repair what "Windows" has damaged. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 21:38:15 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 93CCCA68 for ; Tue, 4 Nov 2014 21:38:15 +0000 (UTC) Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5F84E1EF for ; Tue, 4 Nov 2014 21:38:15 +0000 (UTC) Received: by mail-ie0-f182.google.com with SMTP id rd18so8588996iec.13 for ; Tue, 04 Nov 2014 13:38:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=KMe2fYmOtuTBK0c2M1CqDMjZjJjh1VB8Gug3UOokg+E=; b=kJbYCxVQYcIShlxkH2xPiV3mAAbbh4uMjWjPPe0UqdxidN4/XDPxS7tW/2X8jFXUQD 34MycLh8QdKD91gipZJksGhr5Pb/A1k6NiSOOQouAcTDxOFx47w5bLBR1QnWCqKmGng/ tbvUCW+Z977r2HlZ5s35NDqw0elZjD36Br0FIw/4ZhsJClMZC1TIcMlBZkTaicDlIq1S A3JuyLASFcJY5w5CFRB2kWlrE7I1EWsK/2lNrxeEGRc2hHWam5thL/Jz/GPvFviuV3Ck aHbs9cvDKwB5mPAJP6KTGGafgkNORpjKGG8IgJDYVA6tVXp+tlce3u0kWMGzWnUUMHEK j7TA== X-Received: by 10.50.51.100 with SMTP id j4mr27133174igo.39.1415137094791; Tue, 04 Nov 2014 13:38:14 -0800 (PST) Received: from localhost.localdomain (63-225-227-131.slkc.qwest.net. [63.225.227.131]) by mx.google.com with ESMTPSA id f20sm835109igz.13.2014.11.04.13.38.13 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Nov 2014 13:38:14 -0800 (PST) Message-ID: <54594745.6050306@gmail.com> Date: Tue, 04 Nov 2014 14:38:13 -0700 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Installing Windows *after* FreeBSD References: <1871133.1mJRhnQs1i@falbala> <5459440D.8020200@hiwaay.net> In-Reply-To: <5459440D.8020200@hiwaay.net> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 21:38:15 -0000 On 11/04/2014 02:24 PM, William A. Mahaffey III wrote: > On 11/04/14 14:55, Christian Baer wrote: >> Good evening, everyone! >> >> A few days ago I bought myself a new computer - at long last! :-) I >> have been >> working with FreeBSD for quite a while now, but only ever on servers, >> never on >> a desktop-computer or a workstation. This time I took special care to >> make >> sure FreeBSD would run on all the hardware. Only catch: The case has >> no room >> for a FreeBSD badge. :-) >> >> I guess I was a little over-enthusiastic and installed FreeBSD right >> away. As >> you can see, I managed to get it running, including X, nvdidia-driver >> and >> sound. ;-) >> >> At times, I still like gaming and although I do not spend most of my >> computer >> time doing that, I did leave some room on my SSD for Windows. To be >> exact, I >> created three primary partitions (MBR style, Win7 is a pain with >> UEFI), one >> 100MB, one ~120GB (these two are for Windows) and one ~118GB for >> FreeBSD. >> >> My problem is that should I install Windows now, FreeBSD won't boot >> anymore, >> because Windows will replace the boot loader. If there is any >> documentation >> about using FreeBSD and Windows on one machine, it usually assumes that >> Windows was installed first. >> >> Does anybody know of some documentation or howto to install these two >> OSs the >> other way around? As you can imagine, I don't really fancy the idea of >> starting from scratch here. >> >> Thanks for any suggestions! >> >> Best regards, >> Chris >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > > > Run winders as a VM ? $0.02, no more, no less ..... > > Hey Christian Baer, It is easy to restore FreeBSD bootloader. Just go to this web page: http://lqman.wordpress.com/2011/05/18/restore-freebsd-bootloader-after-installing-windows/ From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 21:49:49 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 70C71D11 for ; Tue, 4 Nov 2014 21:49:49 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 4C963332 for ; Tue, 4 Nov 2014 21:49:49 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 2FC14CB8CA0; Tue, 4 Nov 2014 15:49:48 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 4 Nov 2014 15:49:48 -0600 (CST) Message-ID: <59062.128.135.70.2.1415137788.squirrel@cosmo.uchicago.edu> In-Reply-To: <20141104223724.658347f2.freebsd@edvax.de> References: <1871133.1mJRhnQs1i@falbala> <20141104223724.658347f2.freebsd@edvax.de> Date: Tue, 4 Nov 2014 15:49:48 -0600 (CST) Subject: Re: Installing Windows *after* FreeBSD From: "Valeri Galtsev" To: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 21:49:49 -0000 On Tue, November 4, 2014 3:37 pm, Polytropon wrote: > On Tue, 04 Nov 2014 21:55:11 +0100, Christian Baer wrote: > >> If there is any documentation >> about using FreeBSD and Windows on one machine, it usually assumes that >> Windows was installed first. > > Yes, because it's less trouble. :-) > No, I would put it differently. Because FreeBSD (or Linux) know that other systems exist, whereas M$ (Windows) prefers not to know about existence of other OSes. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:03:25 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 17E0518B for ; Tue, 4 Nov 2014 22:03:25 +0000 (UTC) Received: from system.jails.se (unknown [IPv6:2001:16d8:cc1e:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ACDDE6D6 for ; Tue, 4 Nov 2014 22:03:24 +0000 (UTC) Received: from localhost (system.jails.se [91.205.63.85]) by system.jails.se (Postfix) with SMTP id 618F91B479F for ; Tue, 4 Nov 2014 23:03:21 +0100 (CET) Received: from klein.pean.org (klein.pean.org [IPv6:2001:16d8:ff9f::60]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by system.jails.se (Postfix) with ESMTPSA id ADC331B4797 for ; Tue, 4 Nov 2014 23:03:20 +0100 (CET) From: =?utf-8?Q?Peter_Ankerst=C3=A5l?= Content-Type: multipart/signed; boundary="Apple-Mail=_4B1E2E8C-B5F6-47E7-BB0E-678641ADBE50"; protocol="application/pkcs7-signature"; micalg=sha1 Subject: freebsd-udapte upgrade. Message-Id: <7B9081D9-0550-486D-B46F-7D392C848C40@pean.org> Date: Tue, 4 Nov 2014 23:02:54 +0100 To: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) X-Mailer: Apple Mail (2.1990.1) X-DSPAM-Result: Innocent X-DSPAM-Processed: Tue Nov 4 23:03:21 2014 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 54594d2964461942519033 X-DSPAM-Factors: 27, mail/freebsd+submit+cf+<<<<<<<, 0.40000, mail/freebsd+submit+cf+<<<<<<<, 0.40000, version+#+passwd+<<<<<<<+current, 0.40000, be+#+that+#+should, 0.40000, this+case+#+typed+q, 0.40000, submit+cf+#+current, 0.40000, submit+cf+#+current, 0.40000, "<<+#+crontab+<<<<<<<+current, 0.40000, current+#+mail/freebsd+cf, 0.40000, current+#+mail/freebsd+cf, 0.40000, <<<<<<<+#+version+mail/freebsd+submit, 0.40000, <<<<<<<+#+version+mail/freebsd+submit, 0.40000, right, 0.40000, explain+how+to+#+freebsd, 0.40000, of+the+files+has, 0.40000, current+#+group, 0.40000, <<<<<<<+#+#+ssh/sshd_config, 0.40000, <<<<<<<+#+#+ssh/sshd_config, 0.40000, Notice+#+a+#+of, 0.40000, mail/freebsd+submit+cf+<<<<<<<+current, 0.40000, mail/freebsd+submit+cf+<<<<<<<+current, 0.40000, and+look+for+%e2%80%9ccurrent, 0.40000, syslog+#+#+current, 0.40000, syslog+#+#+current, 0.40000, version+syslog+#+#+current, 0.40000, version+syslog+#+#+current, 0.40000, current+version+#+#+"<<, 0.40000 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:03:25 -0000 --Apple-Mail=_4B1E2E8C-B5F6-47E7-BB0E-678641ADBE50 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Could someone please explain how to use freebsd-update upgrade without = destroying all of your configuration files? I really don=E2=80=99t understand how to use the merge function.. In = this case i typed :q for all files it asked about. :wq seem to do about the same thing. Notice that a few of the files has this shit in = multiple places. I can=E2=80=99t be right that I should edit every file = manually and look for =E2=80=9Ccurrent version=E2=80=9D and so on? # grep "<< current" * crontab:<<<<<<< current version dhclient.conf:<<<<<<< current version group:<<<<<<< current version hosts:<<<<<<< current version inetd.conf:<<<<<<< current version master.passwd:<<<<<<< current version motd:<<<<<<< current version ntp.conf:<<<<<<< current version passwd:<<<<<<< current version services:<<<<<<< current version shells:<<<<<<< current version snmpd.config:<<<<<<< current version syslog.conf:<<<<<<< current version syslog.conf:<<<<<<< current version ttys:<<<<<<< current version ttys:<<<<<<< current version # grep "<< current" */* mail/freebsd.cf:<<<<<<< current version mail/freebsd.cf:<<<<<<< current version mail/freebsd.cf:<<<<<<< current version mail/freebsd.submit.cf:<<<<<<< current version mail/freebsd.submit.cf:<<<<<<< current version mail/freebsd.submit.cf:<<<<<<< current version mail/sendmail.cf:<<<<<<< current version mail/sendmail.cf:<<<<<<< current version mail/sendmail.cf:<<<<<<< current version mail/submit.cf:<<<<<<< current version mail/submit.cf:<<<<<<< current version mail/submit.cf:<<<<<<< current version ssh/sshd_config:<<<<<<< current version ssh/sshd_config:<<<<<<< current version= --Apple-Mail=_4B1E2E8C-B5F6-47E7-BB0E-678641ADBE50 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMbzCCBjMw ggUboAMCAQICAwiyiDANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0 YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx ODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENB MB4XDTE0MDEyMDA3NTIzOFoXDTE1MDEyMTA4NTkyMVowUzEZMBcGA1UEDRMQMWlGRkxHbTV3RmVT WjZ6OTEXMBUGA1UEAwwOcGV0ZXJAcGVhbi5vcmcxHTAbBgkqhkiG9w0BCQEWDnBldGVyQHBlYW4u b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzoKHiOE9vdQgax/GZyTaqtNvfjGI HwG1tsMOXZELs49KJY66oD//szW3yoIl8nQapUBn+hZqs3QT5PxqfElXxljYszYE6yk3kWR7EVtl IEfT7Pf24XlFw4uzoZzEjaxPJBt4+BWwb1MpqBmwTNZwZGYI9SO6JW23G9o+e+hPmlXFTovW9B36 J0M2Qu0+IE6MsDIG0y5CwuiXMqNz+vEBiIBvdef3CIidRn3/K7DQYBYn9gj/UNB1yf1GRhsNDO12 4T9+9bhlplov0srt7pqQjaSiiqVOCCWdpxvM/eF0LFBkEFATy45RKtl2vk9zM1wmI+sU29vodHoD Duf8t4bTtQIDAQABo4IC1DCCAtAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBSAhVDjVwheLV39/7XFsz9rQP0sVDAfBgNVHSME GDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAZBgNVHREEEjAQgQ5wZXRlckBwZWFuLm9yZzCCAUwG A1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVkIGFj Y29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUgU3Rh cnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9zZSBp biBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8ELzAt MCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEFBQcB AQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNzMS9j bGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1Yi5j bGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8w DQYJKoZIhvcNAQEFBQADggEBAFiVjpZEkQoHYAtb0E6MVJgzo1K6d6eEjLsCNbaw833a0jws4Rh0 KG/MjqjJzUwa2G6mVZb/JaodRK8VENnpxJ8WhjWqyQL8/lKnGa88XYMtl+i4ICur08IfQLG7zNFn yG/kOAiMNkgF4H6lZx/ezup9fowUOt0hxERXMcqo4p+RzPShx35EGRv+5gZNQ7XW4s2rzFzt9CHa Dar8SyAGHK3oFapKpHsVSUYik0QCLwnGcaHEHNUkCp1YMsjKwvmxVtQQs/2WfsqQlult8UYe0bTr nwDyLbgJDbvp9R5mZDrkUcXYlgP+mAmzTOrT1JhHbyYQjbbxJAmqkAIDcwVyDRAwggY0MIIEHKAD AgECAgEeMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBM dGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQD EyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAxNTVaFw0xNzEw MjQyMTAxNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20g Q2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDHCYPMzi3YGrEppC4Tq5a+ijKDjKaIQZZVR63UbxIP6uq/I0fhCu+cQhoU fE6ERKKnu8zPf1Jwuk0tsvVCk6U9b+0UjM0dLep3ZdE1gblK/1FwYT5Pipsu2yOMluLqwvsuz9/9 f1+1PKHG/FaR/wpbfuIqu54qzHDYeqiUfsYzoVflR80DAC7hmJ+SmZnNTWyUGHJbBpA8Q89lGxah NvuryGaC/o2/ceD2uYDX9U8Eg5DpIpGQdcbQeGarV04WgAUjjXX5r/2dabmtxWMZwhZna//jdiSy rrSMTGKkDiXm6/3/4ebfeZuCYKzN2P8O2F/Xe2AC/Y7zeEsnR7FOp+uXAgMBAAGjggGtMIIBqTAP BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUU3Ltkpzg2ssBXHx+ljVO 8tS4UYIwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcG CCsGAQUFBzABhhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFodHRwOi8vd3d3 LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3Nm c2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0 c3NsLmNvbS9pbnRlcm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQAKgwh9eKssBly4Y4xe rhy5I3dNoXHYfYa8PlVLL/qtXnkFgdtY1o95CfegFJTwqBBmf8pyTUnFsukDFUI22zF5bVHzuJ+G xhnSqN2sD1qetbYwBYK2iyYA5Pg7Er1A+hKMIzEzcduRkIMmCeUTyMyikfbUFvIBivtvkR8ZFAk2 2BZy+pJfAoedO61HTz4qSfQoCRcLN5A0t4DkuVhTMXIzuQ8CnykhExD6x4e6ebIbrjZLb7L+ocR0 y4YjCl/Pd4MXU91y0vTipgr/O75CDUHDRHCCKBVmz/Rzkc/b970MEeHt5LC3NiWTgBSvrLEuVzBK M586YoRD9Dy3OHQgWI270g+5MYA8GfgI/EPT5G7xPbCDz+zjdH89PeR3U4So4lSXur6H6vp+m9TQ XPF3a0LwZrp8MQ+Z77U1uL7TelWO5lApsbAonrqASfTpaprFVkL4nyGH+NHST2ZJPWIBk81i6Vw0 ny0qZW2Niy/QvVNKbb43A43ny076khXO7cNbBIRdJ/6qQNq9Bqb5C0Q5nEsFcj75oxQRqlKf6Tcv GbjxkJh8BYtv9ePsXklAxtm8J7GCUBthHSQgepbkOexhJ0wP8imUkyiPHQ0GvEnd83129fZjoEhd GwXV27ioRKbj/cIq7JRXun0NbeY+UdMYu9jGfIpDLtUUGSgsg2zMGs5R4jGCA28wggNrAgEBMIGU MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJl IERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQ cmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwiyiDAJBgUrDgMCGgUAoIIBrzAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNDExMDQyMjAzMjBaMCMGCSqGSIb3 DQEJBDEWBBT3yJ7yJ77mvpObV+5anHOTgjO8YDCBpQYJKwYBBAGCNxAEMYGXMIGUMIGMMQswCQYD VQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IElu dGVybWVkaWF0ZSBDbGllbnQgQ0ECAwiyiDCBpwYLKoZIhvcNAQkQAgsxgZeggZQwgYwxCzAJBgNV BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBD ZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50 ZXJtZWRpYXRlIENsaWVudCBDQQIDCLKIMA0GCSqGSIb3DQEBAQUABIIBAB+XPbSsGfZMlF2ovtmg 19s9v3xafCHsmubdTdYTV3Sw/vLy7cXwmJvQHowKvXDlMmA2e8N3VVxwxFkluqMSU4w+9FZLgRwW gMC5DTbLOj80NG2LUjOgQ53xYBLCJpflVRskvTS3cHLf5LNqjlk29QOGhjISuY5ED3oiVFF/+WnJ m1EXWczv21v5jSymJ4ORyYIfP6AaSGHqbDsKKcoNfWMI0qEcgpS44EPrWeW94CoVIx+2m0/FkYza DoATFTFcdG4iREb06wBYWdzlRPkPJUYADRy/ZFwUmp1vyrLumn1yK7GG9pUT+GCFqaeBVyfulOaF u//DyG/4bofmfpZ8NtwAAAAAAAA= --Apple-Mail=_4B1E2E8C-B5F6-47E7-BB0E-678641ADBE50-- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:07:12 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1DF9125D for ; Tue, 4 Nov 2014 22:07:12 +0000 (UTC) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D5B17767 for ; Tue, 4 Nov 2014 22:07:11 +0000 (UTC) Received: from r56.edvax.de (port-92-195-37-193.dynamic.qsc.de [92.195.37.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 2E38E2765A; Tue, 4 Nov 2014 23:07:09 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id sA4M79jK002823; Tue, 4 Nov 2014 23:07:09 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Tue, 4 Nov 2014 23:07:09 +0100 From: Polytropon To: galtsev@kicp.uchicago.edu Subject: Re: Installing Windows *after* FreeBSD Message-Id: <20141104230709.44c54a2a.freebsd@edvax.de> In-Reply-To: <59062.128.135.70.2.1415137788.squirrel@cosmo.uchicago.edu> References: <1871133.1mJRhnQs1i@falbala> <20141104223724.658347f2.freebsd@edvax.de> <59062.128.135.70.2.1415137788.squirrel@cosmo.uchicago.edu> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:07:12 -0000 On Tue, 4 Nov 2014 15:49:48 -0600 (CST), Valeri Galtsev wrote: > > On Tue, November 4, 2014 3:37 pm, Polytropon wrote: > > On Tue, 04 Nov 2014 21:55:11 +0100, Christian Baer wrote: > > > >> If there is any documentation > >> about using FreeBSD and Windows on one machine, it usually assumes that > >> Windows was installed first. > > > > Yes, because it's less trouble. :-) > > > > No, I would put it differently. Because FreeBSD (or Linux) know that other > systems exist, whereas M$ (Windows) prefers not to know about existence of > other OSes. This is correct, I just didn't want to express it that directly. Keep in mind that MICROS~1 invented the PC, the Internet, the mouse, and the only OS that exists is "Windows", so... you need additional tools to repair what the "Windows" installer damaged. Luckily, FreeBSD provides such tools natively (no need to buy a 3rd party program). :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:11:55 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6F915394 for ; Tue, 4 Nov 2014 22:11:55 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E27784D for ; Tue, 4 Nov 2014 22:11:54 +0000 (UTC) Received: from [77.23.74.131] (helo=michael-think.fritz.box) by www81.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1Xlm5f-00034T-KR; Tue, 04 Nov 2014 22:56:39 +0100 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Charlie Root" , "Lowell Gilbert" , freebsd-questions@freebsd.org Subject: Re: sshguard pf References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> <44oasm7l6f.fsf@lowell-desk.lan> Date: Tue, 04 Nov 2014 22:56:32 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: <44oasm7l6f.fsf@lowell-desk.lan> User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.98.4/19584/Tue Nov 4 18:39:15 2014) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:11:55 -0000 On Tue, 04 Nov 2014 21:41:44 +0100, Lowell Gilbert wrote: > Charlie Root writes: > >> Do "bruteblock" require me to run ipfw2 as my firewall ? > > Yes. That's why I mentioned that there are several other options, I just > don't know them myself. > > Last I checked, bruteblock doesn't support IPv6 either, so one of these > days I may have to check into the choices again. For the record, I use fail2ban, and setting it up was painless, and it will support pf. Quick-How-To: 1. Install fail2ban 2. Create file /usr/local/etc/fail2ban/jail.local [sshd] enabled = true action = pf port = ssh logpath = %(sshd_log)s [sshd-ddos] enabled = true action = pf port = ssh logpath = %(sshd_log)s 3. Modify /usr/local/etc/fail2ban/action.d/pf.conf You need the correct path to pfctl in "actionban" and "actionunban" and the correct tablename in the [Init] section at the end. 4. service fail2ban onestart > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:26:49 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 26BC4A0A for ; Tue, 4 Nov 2014 22:26:49 +0000 (UTC) Received: from kirk-ext.obspm.fr (kirk-ext.obspm.fr [145.238.193.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.obspm.fr", Issuer "TERENA SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 62F62A1D for ; Tue, 4 Nov 2014 22:26:47 +0000 (UTC) Received: from chezmoi (her78-1-88-179-224-85.fbx.proxad.net [88.179.224.85]) (authenticated bits=0) by kirk-ext.obspm.fr (8.14.4/8.14.4/DIO Observatoire de Paris - 15/04/10) with ESMTP id sA4MP1Wv017976 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 4 Nov 2014 23:25:02 +0100 Date: Tue, 4 Nov 2014 23:24:59 +0100 From: Albert Shih To: freebsd-questions@freebsd.org Subject: Memory bank. Message-ID: <20141104222459.GA2015@chezmoi> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.3.9 (kirk-ext.obspm.fr [145.238.193.20]); Tue, 04 Nov 2014 23:25:02 +0100 (CET) X-Virus-Scanned: clamav-milter 0.98.4 at kirk-ext.obspm.fr X-Virus-Status: Clean X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:26:49 -0000 Hi, On one of my server I've some issue with the memory. I've got some messages like Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:17 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:17 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:17 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 09:24:18 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 1 10:49:12 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 10:49:12 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 10:49:12 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 1 23:11:06 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 23:11:06 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 1 23:11:06 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 3 15:29:01 hostname kernel: MCA: Bank 9, Status 0x8c00004a000800c1 Oct 4 06:43:46 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 4 06:43:46 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 Oct 4 06:43:46 hostname kernel: MCA: Bank 9, Status 0x8800004a00800091 Oct 5 21:22:48 hostname kernel: MCA: Bank 5, Status 0x8c00004000010091 so the kernel tell me I should replace the bank 9 and bank 5. but how can I known which physicaly bank those 9 and 5 are. Regards. -- Albert SHIH DIO bâtiment 15 Observatoire de Paris 5 Place Jules Janssen 92195 Meudon Cedex France Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71 xmpp: jas@obspm.fr Heure local/Local time: mar 4 nov 2014 23:21:32 CET From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 22:34:30 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 77F03B71 for ; Tue, 4 Nov 2014 22:34:30 +0000 (UTC) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 51855B24 for ; Tue, 4 Nov 2014 22:34:29 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 8A9C3CB8C9B; Tue, 4 Nov 2014 16:34:29 -0600 (CST) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Tue, 4 Nov 2014 16:34:29 -0600 (CST) Message-ID: <52248.128.135.70.2.1415140469.squirrel@cosmo.uchicago.edu> In-Reply-To: <20141104230709.44c54a2a.freebsd@edvax.de> References: <1871133.1mJRhnQs1i@falbala> <20141104223724.658347f2.freebsd@edvax.de> <59062.128.135.70.2.1415137788.squirrel@cosmo.uchicago.edu> <20141104230709.44c54a2a.freebsd@edvax.de> Date: Tue, 4 Nov 2014 16:34:29 -0600 (CST) Subject: Re: Installing Windows *after* FreeBSD From: "Valeri Galtsev" To: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 22:34:30 -0000 On Tue, November 4, 2014 4:07 pm, Polytropon wrote: > On Tue, 4 Nov 2014 15:49:48 -0600 (CST), Valeri Galtsev wrote: >> >> On Tue, November 4, 2014 3:37 pm, Polytropon wrote: >> > On Tue, 04 Nov 2014 21:55:11 +0100, Christian Baer wrote: >> > >> >> If there is any documentation >> >> about using FreeBSD and Windows on one machine, it usually assumes >> that >> >> Windows was installed first. >> > >> > Yes, because it's less trouble. :-) >> > >> >> No, I would put it differently. Because FreeBSD (or Linux) know that >> other >> systems exist, whereas M$ (Windows) prefers not to know about existence >> of >> other OSes. > > This is correct, I just didn't want to express it > that directly. Keep in mind that MICROS~1 invented > the PC, the Internet, the mouse, and the only OS > that exists is "Windows", so... you need additional > tools to repair what the "Windows" installer damaged. > Luckily, FreeBSD provides such tools natively (no > need to buy a 3rd party program). :-) > The only thing I'm always holding myself from saying is that they (M$) implemented GUI ideas of... as I don't know whether it is of Xwindow system or of IBM's OS/2... On the same funny note: M$ Windows is the only OS I know whose vendor explicitly tells you that it is not safe to run without 3rd party software (antivirus ;-) Someone suggested to run it in VM. I would add: or on somebody's else machine... Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 23:21:28 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BDFEDB5C for ; Tue, 4 Nov 2014 23:21:28 +0000 (UTC) Received: from smtprelay-h21.telenor.se (smtprelay-h21.telenor.se [195.54.99.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4296BB3 for ; Tue, 4 Nov 2014 23:21:27 +0000 (UTC) Received: from ipb1.telenor.se (ipb1.telenor.se [195.54.127.164]) by smtprelay-h21.telenor.se (Postfix) with ESMTP id 7FCE9D5A5 for ; Wed, 5 Nov 2014 00:21:23 +0100 (CET) X-SENDER-IP: [83.227.225.121] X-LISTENER: [smtp.bredband.net] X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhQHAHZeWVRT4+F5PGdsb2JhbABbgw6BLddXFwEBAQEBAQUBAQEBODuEAwEBAQMDUyMQCw4KCSUPBRkMChoTiEUBxy4glESBHgWeDQGaSzwvgksBAQE X-IPAS-Result: AhQHAHZeWVRT4+F5PGdsb2JhbABbgw6BLddXFwEBAQEBAQUBAQEBODuEAwEBAQMDUyMQCw4KCSUPBRkMChoTiEUBxy4glESBHgWeDQGaSzwvgksBAQE X-IronPort-AV: E=Sophos;i="5.07,315,1413237600"; d="scan'208";a="106548677" Received: from ua-83-227-225-121.cust.bredbandsbolaget.se (HELO ymer.thorshammare.org) ([83.227.225.121]) by ipb1.telenor.se with ESMTP; 05 Nov 2014 00:21:22 +0100 Received: from ymer.thorshammare.org (localhost [127.0.0.1]) by ymer.thorshammare.org (8.14.9/8.14.9) with ESMTP id sA4NLFIW004275 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 5 Nov 2014 00:21:19 +0100 (CET) (envelope-from hasse@ymer.thorshammare.org) Received: (from root@localhost) by ymer.thorshammare.org (8.14.9/8.14.9/Submit) id sA4NLFQT004274; Wed, 5 Nov 2014 00:21:15 +0100 (CET) (envelope-from hasse) Date: Wed, 5 Nov 2014 00:21:15 +0100 From: Charlie Root To: Michael Ross Subject: Re: sshguard pf Message-ID: <20141104232115.GA3145@ymer.thorshammare.org> References: <20141102154444.GA42429@ymer.thorshammare.org> <54581F0E.4080404@a1poweruser.com> <20141104110202.GA37003@ymer.thorshammare.org> <44vbmv6kyp.fsf@lowell-desk.lan> <20141104193652.GA3062@ymer.thorshammare.org> <44oasm7l6f.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Lowell Gilbert , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 23:21:28 -0000 --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 04, 2014 at 10:56:32PM +0100, Michael Ross wrote: > On Tue, 04 Nov 2014 21:41:44 +0100, Lowell Gilbert =20 > wrote: >=20 > > Charlie Root writes: > > > >> Do "bruteblock" require me to run ipfw2 as my firewall ? > > > > Yes. That's why I mentioned that there are several other options, I just > > don't know them myself. > > > > Last I checked, bruteblock doesn't support IPv6 either, so one of these > > days I may have to check into the choices again. >=20 > For the record, I use fail2ban, > and setting it up was painless, and it will support pf. >=20 > Quick-How-To: >=20 > 1. Install fail2ban > 2. Create file /usr/local/etc/fail2ban/jail.local >=20 > [sshd] >=20 > enabled =3D true > action =3D pf > port =3D ssh > logpath =3D %(sshd_log)s >=20 >=20 > [sshd-ddos] >=20 > enabled =3D true > action =3D pf > port =3D ssh > logpath =3D %(sshd_log)s >=20 >=20 > 3. Modify /usr/local/etc/fail2ban/action.d/pf.conf > You need the correct path to pfctl in "actionban" and "actionunban" > and the correct tablename in the [Init] section at the end. >=20 > 4. service fail2ban onestart >=20 >=20 Thanks a lot everybody. Lots of good advice. Preciate all the help. Think I will give fail2ban another try with the above configuration. I've been running ossec-hids a while ago with great success, but feel like that's shooting mosquitos with a cannon in this case. /hasse --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUWV9rAAoJEDCDGDmNzjqcHD4P/A0EL8gANprYFnyvjCwUu47p oiOf3jq9WFpLm4G6qBaLNsd2ihkid5NAT53MFABmmTJ18p12bfQRI3iP/ou5+f8x HjREt010LvJ5Q+s0W9Hf1j4uWFVjDEt3reagYrDnhtQZkdxWWh3LklDqxTzN3XUo 0g1/Dy8PRmMR302iw3rZR1yzxly/5VPJooJN+jU8byNHjrup5SBmClPjS89Y+3tr lt13ybMn+Ga1nhjI8thc8pCQm4GmLtkcxvmsW1z2YyCeyoLzQJIatgCbFcmo7H6T fAqnn9stuKt/cy5cQ9GzPCw8Odt967Rg87fx7Q66z+zcQyK1F1mJWAyV85FSVYj5 cf6BtBPqn2NwYpWSqA/2DE3J2bX9YtsO56CLRGk5FuhXOpkCPhkM9nd5OzPOlx+v KFQa6v1k0YBLdOnuJ4/5sJT92EYfx72zVjRMooRgSHA9iAokapIL9UnFUj2EPuBf 8L6COGePkxbUJRI4M4JSpl1vjOTJq6QjEOaXpWvrSuC2uQGUHRvtgqNkBmlPIHy3 v1MPGt9Dn0WnLNhk/xq8cqo6OSJLMfLyAxFp+7ACdf3c/IuIphCqFGPEYVRIqsTe tI5lUd5JUQrGOutX4PAop7OKMtyPWoDeeRWw3wRscSaDPsUiEsOQmyZ1IORZLV9A ZqmJsQzuFLjSdGpsvtS/ =6LC5 -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn-- From owner-freebsd-questions@FreeBSD.ORG Tue Nov 4 23:32:51 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AFFC181B for ; Tue, 4 Nov 2014 23:32:51 +0000 (UTC) Received: from mail-pd0-x22c.google.com (mail-pd0-x22c.google.com [IPv6:2607:f8b0:400e:c02::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8B0B81D7 for ; Tue, 4 Nov 2014 23:32:51 +0000 (UTC) Received: by mail-pd0-f172.google.com with SMTP id r10so14711313pdi.3 for ; Tue, 04 Nov 2014 15:32:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=5ObDvybMOcBI8UNT9HGHe4hkQSzxtgEJLBYYBSx5vtE=; b=NbUfMatNKuU0xEmOcZlE1ZUyhw8+oObLpXHFW2kSLj5Lrg0EGtAUMjOz8JXCBoIyxe c2i5xS6S9zIvl7VERKcujeHpG1CZ+zz0J7Dp7M3ujCvxhylkfCTaX3NyRrE0udLMCc/s wbr5jm6PpFYrVlHUsHidXZpi3PEZCXvlaabie7N2yG8qsauWyaLdm+rY4PT2YLvQDjmI V5xXUKtIRZWbV8NKBEgSxgDwTRKs0Gu5mbAXISAfc4hXOoUn0PnfQ/jNRUUWdv/OaSMM EyCSEGiClBzvCEFjeUANYoCq6ETGj+u9d63AyBjKhYpSROxS/E35VXzVAaIB5SsPKEZa s+7w== MIME-Version: 1.0 X-Received: by 10.68.236.168 with SMTP id uv8mr52685150pbc.5.1415143970963; Tue, 04 Nov 2014 15:32:50 -0800 (PST) Received: by 10.70.37.143 with HTTP; Tue, 4 Nov 2014 15:32:50 -0800 (PST) Date: Tue, 4 Nov 2014 23:32:50 +0000 Message-ID: Subject: Question about the update of openssl From: Eduardo Duarte To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 23:32:51 -0000 Hello, I work for a company that was several servers using freebsd and for the last couple of days a question is on our mind... I understand that freebsd can have 2 versions of openssl installed. The base one and one that is installed from ports. My question is why openssl cannot be update through ports or another system? I understand that some times this update can be a problem and not a solution but sometimes (Example:Heartbleed bug) it can be useful and also sometimes we really want to update the machine to the last version before put it into production! If someone can answer I will be really happy and also if the question as been asked already can someone point me to the answer and sorry for the duplicate. Best regards, Eduardo Duarte From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 00:19:23 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B6EB953 for ; Wed, 5 Nov 2014 00:19:23 +0000 (UTC) Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9A2368BF for ; Wed, 5 Nov 2014 00:19:22 +0000 (UTC) Received: by mail-wg0-f48.google.com with SMTP id m15so9393065wgh.35 for ; Tue, 04 Nov 2014 16:19:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=1Y8u4FBEipnNMyXPGc0eHn5XHGJgSTyhWfz8CLG22kE=; b=JYUba/H5D/WXBaizXGp8RrN1HONlyLkAw3uNaUu4tQ0Za8/9KasN0I2iUKLVwIlXuk 6fZJnbT2O/Ux289KiaDYIOgSHWEcMgS63mBfkS7/O6b2Lh8jBqResAtPmXNUxJIRxjWW VWXYx8aHqjwVCIbl3qbkAL43FkaXslsRgJyIFfAk4UCHVbPD5JhBMgQ7ZajlzvxtddAm Xcs9/FEh1wU1AHgZ48MtSfCvmE08jQZtzKeogErFB1q0yIjPlDdsi7xNV+5zRGAKVTp3 kDIhaZKBDnBuJAkMwTgb8vuZamGHUMzoQY7MZB83qIEe8nwUB3yUBl/NrBRQtATI4mO3 lVhg== MIME-Version: 1.0 X-Received: by 10.180.37.130 with SMTP id y2mr1401589wij.78.1415146760839; Tue, 04 Nov 2014 16:19:20 -0800 (PST) Received: by 10.216.235.3 with HTTP; Tue, 4 Nov 2014 16:19:20 -0800 (PST) In-Reply-To: <1410176092.86089.YahooMailNeo@web160705.mail.bf1.yahoo.com> References: <1410170060.62398.YahooMailNeo@web160702.mail.bf1.yahoo.com> <540D8214.5070400@my.hennepintech.edu> <1410176092.86089.YahooMailNeo@web160705.mail.bf1.yahoo.com> Date: Tue, 4 Nov 2014 19:19:20 -0500 Message-ID: Subject: Re: htop alternative From: "illoai@gmail.com" To: Laszlo Danielisz , "freebsd-questions@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 00:19:23 -0000 On 8 September 2014 07:34, Laszlo Danielisz via freebsd-questions wrote: > Thank you everybody! > htop it was not written for FreeBSD, as Andrew Berg wrote. This is the reason I'm looking for a replacement. > Humm, kinda late here, but you can always try sysutils/atop. Frankly, I just did: % ls /ports/sysutils/ | grep top & went through the pkg-descr files of those for things that sounded likely. -- -- From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 00:39:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F355BD5B for ; Wed, 5 Nov 2014 00:39:09 +0000 (UTC) Received: from nightmare.dreamchaser.org (66.109.141.57-mso.montana.com [66.109.141.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AD563B0D for ; Wed, 5 Nov 2014 00:39:08 +0000 (UTC) Received: from breakaway.dreamchaser.org (breakaway.dreamchaser.org. [192.168.151.122]) by nightmare.dreamchaser.org (8.13.6/8.13.6) with ESMTP id sA51SCZA004682; Tue, 4 Nov 2014 18:28:13 -0700 (MST) (envelope-from vagabond@blackfoot.net) Message-ID: <54596FE0.7020603@blackfoot.net> Date: Tue, 04 Nov 2014 17:31:28 -0700 From: Gary Aitken User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.0 MIME-Version: 1.0 To: Ian Smith Subject: Re: natd not translating? References: <20141104160325.W52402@sola.nimnet.asn.au> In-Reply-To: <20141104160325.W52402@sola.nimnet.asn.au> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (nightmare.dreamchaser.org [192.168.151.101]); Tue, 04 Nov 2014 18:28:13 -0700 (MST) Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 00:39:10 -0000 Hi Ian, Thanks for the reply. I've made a little progress since posting that as of today, but not there yet. (see below) This whole exercise has been an example of why it's a help to all be in the same room. Especially when you don't have an alternate network connection! :-( My understanding is now not necessarily broader than it otherwise might be, but it is surely harder won and probably burned in a bit better... At my stage in life I can only hope it stays there long enough to get me to the end... On 11/03/14 22:37, Ian Smith wrote: > In freebsd-questions Digest, Vol 544, Issue 1, Message: 9 > On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" wrote: ... > > I'm trying to set up natd and can't for the life of me figure out > > what's wrong with my config. > > > > natd.conf: > > > > use_sockets > > same_ports > > unregistered_only > > verbose > > alias_address 66.109.141.60 > > > > What I see: > > In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to > > [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) > > > > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60? ... > Not enough information to have any idea how your NAT box is setup. > > Need to know the inside and outside interface addresses (eg ifconfig); > ipfw rules, especially around those invoking natd (divert rule/s) and > where these are placed in your ruleset; who/where is 192.168.1.2, is > 66.109.141.60 always your assigned public IP address, freebsd version? Sorry: world -> ep0 (66.109.141.*) fbsdbox (192.168.1.1) xl0 -> internal 66.109.141.60 is one of my assigned ip addrs. I *think* I got the above problem even with ipfw wide open: 00005 allow ip from any to any 00010 divert 8668 ip from any to any via ep0 I say *think* because I am further along but did not go back and verify the cause. My head is a bit damaged and the wall is bloody. I believe the problem was a missing entry in /boot/loader.conf (ipdivert_load="YES") which I found as a result of this note and the references to others in it: http://freebsd.1045724.n5.nabble.com/Kernel-Update-IPFW-not-working-td4208637.html Anyway, I'm past that problem and most things are working. However, still having some trouble working out my ipfw rules but if I can see what's happening I think I can figure it out. However... I can't seem to get logging to work. I have the following in natd.conf: log_denied log_ipfw_denied log_facility local0 and the following in syslog.conf !local0 *.* /var/log/natd.log If I run natd with verbose, I occasionally see "natd: failed to write packet back: Permission denied" errors on the controlling terminal. If I run without verbose (detached), I see no entries in /var/log/natd.log. Thanks for any insights. Gary From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 00:53:09 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 108782FA for ; Wed, 5 Nov 2014 00:53:09 +0000 (UTC) Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A1355FCB for ; Wed, 5 Nov 2014 00:53:08 +0000 (UTC) Received: by mail-wi0-f182.google.com with SMTP id d1so612455wiv.9 for ; Tue, 04 Nov 2014 16:53:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HpOp+FQrdMD2hLnvjy0OPDFIMZFDFOfkIXQL9MN9sNk=; b=K/IlYowj1pem3F+RTkNWaB+r5tZIBzd6WrLPehzRvw3JKQyK3outLqKCRD+CPnMysB 3GJ4bxarxEGo6UiptvCW0u704v8itB7/ebF6OH0YbFHRbE9Z9iQiux/NQ3cPuPlMLxTd THuH8YCsxt5DIe/6D908+AkuWEbIcq6jX241oTvts2AXaW9yeTBnmUlumCnRa1V1SRfO ocfB82/zGEvNaWJDoTMSJW5sASsxo7I+7LNXXMpNFAVsbtpl2ZeFPRxtbrAtM0X9JE6l JVhRYYjRnngmnWV+8KqoSVEywNMtvUPw8H4skT+AsgkutyWOnN0kwbwz8dEMfcIRYAAW ycFA== MIME-Version: 1.0 X-Received: by 10.180.106.103 with SMTP id gt7mr15294381wib.0.1415148786918; Tue, 04 Nov 2014 16:53:06 -0800 (PST) Received: by 10.216.235.3 with HTTP; Tue, 4 Nov 2014 16:53:06 -0800 (PST) In-Reply-To: <20141030224853.02fceca95497401f6a70b7bd@neuf.fr> References: <20141030224853.02fceca95497401f6a70b7bd@neuf.fr> Date: Tue, 4 Nov 2014 19:53:06 -0500 Message-ID: Subject: Re: /usr/src update From: "illoai@gmail.com" To: francesco scaglione Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-questions@freebsd.org" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 00:53:09 -0000 On 30 October 2014 17:48, francesco scaglione wrote: > Hi, ... > > Would it be safe to remove the src component from > freebsd-update.conf here as well or should I keep that? > Assuming you never do source updates of your base system, (& given that you use freebsd-update, you probably don't ever) & that you don't install any ports that require that /usr/src be present to build (assuming you build ports from source rather than just install pre-built packages), I can't think of a good reason to keep it. In any case, there's no harm in removing it, as its absence won't affect a running system, & it can be easily restored should the need arise. Good luck! -- -- From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 01:59:51 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D7A0A59D for ; Wed, 5 Nov 2014 01:59:51 +0000 (UTC) Received: from resqmta-po-11v.sys.comcast.net (resqmta-po-11v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:170]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "Bizanga Labs SMTP Client Certificate", Issuer "Bizanga Labs CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AB8AF8D1 for ; Wed, 5 Nov 2014 01:59:51 +0000 (UTC) Received: from resomta-po-20v.sys.comcast.net ([96.114.154.244]) by resqmta-po-11v.sys.comcast.net with comcast id BdzU1p0035Geu2801dzp6T; Wed, 05 Nov 2014 01:59:49 +0000 Received: from CurlySr.dbis.net ([50.183.226.175]) by resomta-po-20v.sys.comcast.net with comcast id Bdzn1p00P3nhSLa01dzn5R; Wed, 05 Nov 2014 01:59:48 +0000 Message-ID: <54598493.6050307@comcast.net> Date: Tue, 04 Nov 2014 18:59:47 -0700 From: Dave Babb User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: User Questions Subject: New Xorg DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1415152789; bh=zKOpQimPu/PzWVrrIqllLq/GU78MV2FP4tWhfuvBMvQ=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=Oh1eBnzxve/6xtLWBrAqMxb6ldjU0x+VcqVhmvIGri7i4WJkbzLywFfkSIHVHaggM dv1URdWDqSZ92pCcKIYUdxpzEm9CoZ8RCzKQlNENTN2KJbeI+6VWIGVQBvDFRJlVIy /MYbpyReWr7WINVOYvfxC0uQlNhswnKVJZ7j9gGPt89A8FtPSvoi5S90h2vUjfWlng xv0EBWFHxVB+gb4WIIbi90eehHvi1PN925PyMkzKtIggNF1QuJWR9PyEHaS2cMmUoX qvMVsGSeZBWF8xocfG4UZOeA7ZfCINPTmOX4FDGwPsu8rPgpP0zD3wYiBy3JXZqVnJ 4VIQBntb8YzSA== Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 01:59:51 -0000 FreeBSD 10.0 x64 I see in the wiki that using WITH_NEW_XORG and WITH_GALLIUM has been depreciated. So in reading in the wiki, and in the Freebsd handbook...., I don't see a clear "HowTo" to enable the new xorg, new dri, and new GL. May I ask for assistance please? Thank You! Sincerely and respectfully, Dave From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 06:39:45 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A49F8572 for ; Wed, 5 Nov 2014 06:39:45 +0000 (UTC) Received: from exprod7og123.obsmtp.com (exprod7og123.obsmtp.com [64.18.2.24]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 16F0A7D5 for ; Wed, 5 Nov 2014 06:39:44 +0000 (UTC) Received: from mail-wg0-f50.google.com ([74.125.82.50]) (using TLSv1) by exprod7ob123.postini.com ([64.18.6.12]) with SMTP ID DSNKVFnGLwnIjduneytwILivq5A24Ctf67ky@postini.com; Tue, 04 Nov 2014 22:39:45 PST Received: by mail-wg0-f50.google.com with SMTP id z12so112999wgg.23 for ; Tue, 04 Nov 2014 22:39:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:references:in-reply-to:mime-version :thread-index:date:message-id:subject:to:cc:content-type; bh=NUJCAx35K7biGQ5LQyWrTjJYG5ODUvbmzI4UaYsBcM4=; b=c8BB/f4tw1fzA+m9tn997PgUADIstRUdbsWMNW9bk3GtvhOL75u5/JXRK5zsvod6Pd D0m+IF0G3JJ4bpyf6Z1A3G1z8YjSWFCU6ihRxcQC0qyBUJRYgV51p/ym51lBN2Bkx11O r5a+1TP8RPS3b/9RkO1uemNb+Z7uiyrZzazZ4aSPYRELaITPvF3N9HcD5lGDTHMSq2Fe MdjEUeGF4eJzgtIR15yEFPdjttDaVDPxKUj/UJYdWYo5nAWSM5wfcZr9gh1dub/jvA0d Eq9L//f1jCJw5RHfDBY3Ks9eJW3Qt69ZDMrX9sSHD8/43+8FZ/YFljY1TY1RvbTIsTd/ yaGw== X-Gm-Message-State: ALoCoQmUkN//8a9r0YG130dAioIxxdMaod6OZuSqCVljLb9gYp5jyKDiT3zajw3PqhwOzGJTHCVD1IcIYOpSmd/Sxrm7lmxbyAEZWoSY1EplJl+vXwDyRhM9XdivYfpl1toCEjjFP4s7cG/PaywB+xGhct3A/LiWpw/QKOQMw4Md3aUyJ4vFdJg= X-Received: by 10.180.207.77 with SMTP id lu13mr3425797wic.12.1415169583204; Tue, 04 Nov 2014 22:39:43 -0800 (PST) X-Received: by 10.180.207.77 with SMTP id lu13mr3425779wic.12.1415169583057; Tue, 04 Nov 2014 22:39:43 -0800 (PST) From: Sibananda Sahu References: In-Reply-To: MIME-Version: 1.0 X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQNa5s5W0kWsy8xn8LVBabuf4+sv+AF03wk0mTAOiYA= Date: Wed, 5 Nov 2014 12:09:41 +0530 Message-ID: <1ab03c9bac878f437b205786d8304bd3@mail.gmail.com> Subject: RE: Open file descriptor reference count implementation in driver To: JD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 06:39:45 -0000 Hi JD, Thanks for the reply. I have grepped the whole source code in head and did not find any driver code is using the si_refcount or si_usecount. Precisely I am working on driver. I have tested by using both the variables and observed that the si_refcount shows how many times a file descriptor has been opened. Looks like this variable is incremented when an FD is opened and decremented when the same FD is closed. But the si_usecount shows the number of open FD currently opened. Let=E2=80=99s say some app has come and opened a file but did not closed an= d exited. At this point the si_refcount shows 1 but the si_usecount shows 0. These are my observations yet. If you can point me some drivers using this reference count logic without using the si_refcount and si_usecount variables, that would be a great help= . Thanks, Sibananda Sahu *From:* JD [mailto:jd1008@gmail.com] *Sent:* Wednesday, November 05, 2014 6:16 AM *To:* Sibananda Sahu *Subject:* Re: Open file descriptor reference count implementation in drive= r Why dont you look at how other device drivers are using the refcount and user count? There plenty of examples in the source code. On Mon, Nov 3, 2014 at 11:58 PM, Sibananda Sahu < sibananda.sahu@avagotech.com> wrote: Hi, Can anybody suggest how can I implement the Open file descriptor reference count in a freebsd driver??? I have looked up at certain places in the cdev structure(sys/conf.h) and found two integer values: Int si_refcount; Int si_usecount; I think these are the stuffs useful for me. Can somebody explain what are the significance of the above mentioned integer values inside the cdev structure? Any help would be greatly appreciated. Thanks, Sibananda Sahu _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org= " From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 07:37:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 638CE425 for ; Wed, 5 Nov 2014 07:37:08 +0000 (UTC) Received: from mail-vc0-x234.google.com (mail-vc0-x234.google.com [IPv6:2607:f8b0:400c:c03::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25056D7C for ; Wed, 5 Nov 2014 07:37:08 +0000 (UTC) Received: by mail-vc0-f180.google.com with SMTP id hy10so83985vcb.25 for ; Tue, 04 Nov 2014 23:37:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=oZtVeJ1Cv2Cy0b2b0VNPZSL/l805ckpkCVMcRLdBjHw=; b=nLbvsRnFlLHk5mVN5Rs+/mTkU+CRiqbhjqPIveH0ws6O00oex/LEYMxlOFoAYyWOag oaFO6epzsVtDoXlz7/mdOhxmeLOwFeLKlMN2xLUVlwiixmoMJjb/27dVG0p+TWIZ/+h2 +MPny1dxpCv3lIod196SyzYJ9ORDBUg2pTr/cg6yO8p3Tr2f/L/B1q6BzC0/CRX8q2ZH xJdHtuOqg3wqOdi0lgQ2mjw6a3Jgc+snGWycbHkapBB+R7RJwztXi0aPtWxPSpsFehNM 2i1lz+4mFNH2u001WTtzRHumQKICsDPsixLmQ5vylxbNhW2eUSJHmc2S2Ss+rfnnkyMc KuwQ== X-Received: by 10.52.121.167 with SMTP id ll7mr4136947vdb.35.1415173027024; Tue, 04 Nov 2014 23:37:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.11.147 with HTTP; Tue, 4 Nov 2014 23:36:26 -0800 (PST) From: Odhiambo Washington Date: Wed, 5 Nov 2014 10:36:26 +0300 Message-ID: Subject: FreeBSD Artwork - obi_chuck opening computer casing To: User Questions Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 07:37:08 -0000 Hello, I am one of those who have used FreeBSD for like 17 years and obviously a lot has changed and some things are not easy to find. I remember there used to be quite a number of FreeBSD Artwork images somewhere. One of those was that of the FreeBSD obi chuck opening a computer casing. I have found some of these images here - http://www.xaras.it/Varie/cazzate/gallery/chucks/, but cannot seem to find this one where a computer casing is being opened. Anyone remembers it and knows where I can find it? Thanks in advance -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 "I can't hear you -- I'm using the scrambler." From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 08:33:49 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EB1F1B1D for ; Wed, 5 Nov 2014 08:33:48 +0000 (UTC) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05D1E392 for ; Wed, 5 Nov 2014 08:33:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id sA58XPGI081937; Wed, 5 Nov 2014 19:33:25 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 5 Nov 2014 19:33:25 +1100 (EST) From: Ian Smith To: Gary Aitken Subject: Re: natd not translating? In-Reply-To: <54596FE0.7020603@blackfoot.net> Message-ID: <20141105181653.H52402@sola.nimnet.asn.au> References: <20141104160325.W52402@sola.nimnet.asn.au> <54596FE0.7020603@blackfoot.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 08:33:49 -0000 On Tue, 4 Nov 2014 17:31:28 -0700, Gary Aitken wrote: > Hi Ian, > > Thanks for the reply. I've made a little progress since posting that as of > today, but not there yet. (see below) > > This whole exercise has been an example of why it's a help to all be in the > same room. Especially when you don't have an alternate network connection! :-( > > My understanding is now not necessarily broader than it otherwise might be, > but it is surely harder won and probably burned in a bit better... At my > stage in life I can only hope it stays there long enough to get me to the > end... Hi Gary .. yes I'm quite old enough to know exactly what you mean :) > On 11/03/14 22:37, Ian Smith wrote: > > In freebsd-questions Digest, Vol 544, Issue 1, Message: 9 > > On Sun, 2 Nov 2014 17:36:36 -0700 "Gary Aitken" wrote: > ... > > > I'm trying to set up natd and can't for the life of me figure out > > > what's wrong with my config. > > > > > > natd.conf: > > > > > > use_sockets > > > same_ports > > > unregistered_only > > > verbose > > > alias_address 66.109.141.60 > > > > > > What I see: > > > In {default}[ICMP] [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) aliased to > > > [ICMP] 192.168.1.2 -> 128.2.42.52 8(0) > > > > > > Any thoughts on why natd isn't translating 192.168.1.2 to 66.108.141.60? > ... > > Not enough information to have any idea how your NAT box is setup. > > > > Need to know the inside and outside interface addresses (eg ifconfig); > > ipfw rules, especially around those invoking natd (divert rule/s) and > > where these are placed in your ruleset; who/where is 192.168.1.2, is > > 66.109.141.60 always your assigned public IP address, freebsd version? > > Sorry: > > world -> ep0 (66.109.141.*) fbsdbox (192.168.1.1) xl0 -> internal > 66.109.141.60 is one of my assigned ip addrs. You have a /24? I can hardly afford my /29 these days. Is fbsdbox where all your addresses are routed to? If so, to paraphrase julian@, you don't want to waste natd's time handling packets it doesn't care about, meaning packets that will never be eligible to be mapped to/from your internal network .. but that's just a refinement, for later. Are you running any services accessible from outside on any of your IPs? > I *think* I got the above problem even with ipfw wide open: > 00005 allow ip from any to any > 00010 divert 8668 ip from any to any via ep0 Rule 5 allows everything, so no packets will get as far as rule 10. Swap those and you do indeed have an open firewall, doing only NAT, though it's important to specify 'ip4' rather than 'ip' or 'all' in the divert rule .. natd gets quite upset (TSTL) when passed IPv6 traffic. > I say *think* because I am further along but did not go back and > verify the cause. My head is a bit damaged and the wall is bloody. > I believe the problem was a missing entry in /boot/loader.conf > (ipdivert_load="YES") > which I found as a result of this note and the references to others in it: > http://freebsd.1045724.n5.nabble.com/Kernel-Update-IPFW-not-working-td4208637.html Ah yes. This was fixed sometime before 9.3 on stable/9 in /etc/rc.d/ipfw: ipfw_prestart() { if checkyesno dummynet_enable; then required_modules="$required_modules dummynet" fi if checkyesno natd_enable; then required_modules="$required_modules ipdivert" fi if checkyesno firewall_nat_enable; then required_modules="$required_modules ipfw_nat" fi } so I guess you're running 8.x or an earlier 9.x? uname -a? > Anyway, I'm past that problem and most things are working. > However, still having some trouble working out my ipfw rules but if I can > see what's happening I think I can figure it out. However... Please show your ruleset; the output of 'ipfw show' will do nicely. Personally, for a setup like yours, I would (and did) start with the /etc/rc.firewall 'simple' ruleset. Apart from needing rules added to pass ICMP traffic, still not fixed after many years - it's a good basic firewall for a small network, unlike those still suggested in the IPFW handbook page .. though there's been some work done there recently too. > I can't seem to get logging to work. I have the following in natd.conf: > log_denied > log_ipfw_denied > log_facility local0 > and the following in syslog.conf > !local0 > *.* /var/log/natd.log > If I run natd with verbose, I occasionally see > "natd: failed to write packet back: Permission denied" > errors on the controlling terminal. > If I run without verbose (detached), I see no entries in /var/log/natd.log. That failure may relate to use of log_ipfw_denied (default when using 'verbose' anyway) or it could be to do with IPv6 traffic, as above. You see no log entries at all? I'd try using the default log. I never found much value in /var/log/alias.log (natd's default log), compared to adding a few temporary 'count log' rules before and after the divert rule/s, and/or running tcpdump in two consoles, one inside and one outside, while verifying various test traffic as working. So at least temporarily, add 'log' to various rules so you can see what's being diverted, passed or denied in /var/log/security. Eg, a 'count log ip4 from any to any' both before and after the divert rule will show you exactly what natd's done to every packet, while testing. I don't see the advantage in using another facility either, but it's your box :) Does /var/log/natd.log already exist? If not you'd need to touch it first. And have 'log yes' in natd.conf as well as those above. If I were starting again I'd be using ipfw_nat (in-kernel NAT) instead of natd anyway; natd(8) is still a useful reference, the descriptions in ipfw(8) are rather terse if you don't already know natd terminology, but it maps pretty well one-to-one with natd / divert usage, and is faster. [Which is something else that needs updating in the Handbook page; yes Warren, I have been working on that a bit lately, since you mentioned dru@'s updates .. and hope to have something for you fairly soon :] > Thanks for any insights. Well let's see your ruleset (offlist if considered sensitive) and full natd.conf, and related rules from rc.conf (gateway_enable and such); also ifconfig, less anything sensitive, could provide a clue or two. cheers, Ian From owner-freebsd-questions@FreeBSD.ORG Wed Nov 5 09:25:26 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D65A481E for ; Wed, 5 Nov 2014 09:25:26 +0000 (UTC) Received: from blue.qeng-ho.org (blue.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4C962AD3 for ; Wed, 5 Nov 2014 09:25:25 +0000 (UTC) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by fileserver.home.qeng-ho.org (8.14.7/8.14.5) with ESMTP id sA596dU4001346 for ; Wed, 5 Nov 2014 09:06:40 GMT (envelope-from freebsd@qeng-ho.org) Message-ID: <5459E89F.7080801@qeng-ho.org> Date: Wed, 05 Nov 2014 09:06:39 +0000 From: Arthur Chance User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freeBSD-Questions Subject: zpool component names - gpt vs. gptid Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Nov 2014 09:25:26 -0000 These days I use GPT labelled partitions (/dev/gpt/