Date: Fri, 8 Aug 2014 07:18:36 -0700 From: Laszlo Danielisz <laszlo.danielisz@yahoo.com> To: Norman Khine <norman@khine.net>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: correctly configuring PF with jailed environments Message-ID: <1407507516.17973.YahooMailNeo@web160705.mail.bf1.yahoo.com> In-Reply-To: <CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw@mail.gmail.com> References: <CAKgQ7UK%2BCA7fp9vkV=4t5t814PwjQeTDyDhQF_FJOU2zO-=7aw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you tried disabling logging?=A0=0AAt least it can help reducing the lo= ad.=0A=0A=0AOn Thursday, August 7, 2014 2:12 PM, Norman Khine <norman@khine= .net> wrote:=0A =0A=0A=0Ahello, i have a web application running 3 jail env= ironments one for Nginx=0AWeb server, one for MongoDB/Redis and one for my = Node.js application=0A=0Athis is my current pf.conf file=0A=0Ahttps://gist.= github.com/nkhine/d03ea23a749c47bcc4d0=0A=0Athis works, as there is no acce= ss to my node app nor any of the dbs from=0Apublic interfaces.=0A=0Athe rul= es come out as=0A=0A# pfctl -s rules=0Ascrub out log on igb0 all random-id = min-ttl 15 set-tos 0x1c fragment=0Areassemble=0Ascrub in log on igb0 all mi= n-ttl 15 fragment reassemble=0Ascrub in all fragment reassemble=0A=0Ai find= that on my webserver i get timeouts and the applicationd does not=0Aload u= p quickly!=0A=0Aalso, are there any improvements i can make to this as to e= nsure a more=0Asecure environment?=0A=0Aany advice much appreciated=0A=0A--= =0A%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26)= for=0Ac in ",adym,*)&uzq^zqf" ] )=0A______________________________________= _________=0Afreebsd-questions@freebsd.org mailing list=0Ahttp://lists.freeb= sd.org/mailman/listinfo/freebsd-questions=0ATo unsubscribe, send any mail t= o "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@FreeBSD.ORG Fri Aug 8 14:27:39 2014 Return-Path: <owner-freebsd-questions@FreeBSD.ORG> Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 64F3C54B for <freebsd-questions@freebsd.org>; Fri, 8 Aug 2014 14:27:39 +0000 (UTC) Received: from mail.parts-unknown.org (home.parts-unknown.org [50.250.218.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E56228F9 for <freebsd-questions@freebsd.org>; Fri, 8 Aug 2014 14:27:38 +0000 (UTC) Received: from mail.parts-unknown.org (unknown [127.0.0.1]) by mail.parts-unknown.org (Postfix) with ESMTP id 8B749598CDCC; Fri, 8 Aug 2014 07:27:38 -0700 (PDT) Received: by mail.parts-unknown.org (Postfix, from userid 1001) id 6CC0D598CDB5; Fri, 8 Aug 2014 07:27:38 -0700 (PDT) Date: Fri, 8 Aug 2014 07:27:38 -0700 From: David Benfell <benfell@parts-unknown.org> To: "illoai@gmail.com" <illoai@gmail.com> Subject: Re: Touchpad issues Message-ID: <20140808142738.GA99074@home.parts-unknown.org> References: <20140802223804.GA42137@home.parts-unknown.org> <CAHHBGkpUmmLrXi_4W25HU=eDXyDyqCZzPunqAqHZrQLR3gvLtg@mail.gmail.com> <20140808034755.GA98543@home.parts-unknown.org> <CAHHBGkrRX+AQmmyrxhaqyUQQHY0mnAp+XFNRGck+DDhmWaWRPw@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <CAHHBGkrRX+AQmmyrxhaqyUQQHY0mnAp+XFNRGck+DDhmWaWRPw@mail.gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: ClamAV using ClamSMTP on home.parts-unknown.org Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 08 Aug 2014 14:27:39 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 08, 2014 at 08:36:35AM -0400, illoai@gmail.com wrote: > On 7 August 2014 23:47, David Benfell <benfell@parts-unknown.org> wrote: > > On Thu, Aug 07, 2014 at 12:22:34PM -0400, illoai@gmail.com wrote: > >> > >> I strongly dislike xorg taking over the kernel r=F4le of > >> mediating hardware, so I don't have a HAL-ified xorg, > >> & I have > >> hw.psm.synaptics_support=3D1 > >> in my /boot/loader.conf > >> & I use the old, simple "Driver" "mouse" with /dev/sysmouse > >> (Options "Protocol" "auto"). Letting moused(8) > >> handle the plugging & unplugging of USB mousies > >> works fine & everything I need does what I need. > >> > No HAL at all (you have to build xorg-server from ports). I also have > hald_enable=3D"NO" (& dbus_enable=3D"NO") set in /etc/rc.conf because > I simply dislike those abominations. moused(8), handles USB mousies > just fine for my purposes. >=20 > Set up basically just like https://wiki.freebsd.org/SynapticsTouchpad > The default min_pressure of 16 has worked okay for a couple of > years, it only reacts when my palm actually brushes the touchpad. >=20 Okay, thanks! I will give all this a try. --=20 David Benfell <benfell@parts-unknown.org> See https://parts-unknown.org/node/2 if you don't understand the attachment. --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJT5N5aAAoJEBV64x4SNmArzZoQAInddSkZdb0xP/syhT5En4BU m6ss7oPesu4TJk+muLHzMv7jfHsx9WsSsTKwmfTvft3lNQhGSbVk/CCNdpBlFp08 1Rf7xcOB+DJL4yyvT86x3s/UtLU063C97ZfT/OHEqQZuimV3yRT93iohPr7OMcGN pe69Lc50f3pfTDWOp5c2dEwoQv6Tj/U5pvmdaCxPzgnk3ng67AIOIZwSrkRt0QlN 3Uwzwqgvk8pzY9VccnFhsxNSN+5lTeIHPXEl0GdKsG+VqH714DshzT382rI3OYKU x6gd9jc6W7YIGcu8229w0uuiNXPmDPpAjBEEJuQYMTHqLazO1IaAg9OsdMqI+ReE L/drWBzATGgT9wVDnby0KhUOait/N18wH1O84EVLvvpdQGAtBsdEPymBk/2iPg1q UU56VRan4MK9HtJzln9XGczc313qHcFBpW1DG/+pkAOt/Y2O/cGQZhL415aijuXf 0RSv6z2u+6PJzmT+UW/ncWedjlPxLCrzqEpYhw0MHzzIwdV5cS0k5AATjBXbZmke nIOQAQSL4LZJjhdvdpGjv2WAhDL6UI8Wkjslhsss7hUZyykN17Wtofcc3Z9Bt8k0 /b2Jf6u3hlg3cAXFOmknWrEXPCFby/bG7bMq4UNUi3HGO+C4pRvkuoYTu63PQy7G 4Rz3Xscf2PvJOKCT2Ufq =GuYD -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1407507516.17973.YahooMailNeo>