similar to: Status of FreeBSD 6.2?

I need to build up a few servers and routers, and am wondering how FreeBSD 9.1 is shaping up. Will it be likely to be more stable and robust than 9.0-RELEASE? Are there issues that will have to wait until 9.2-RELEASE to be fixed? Opinions welcome. --Brett Glass

I'm interested in crafting firewall rules that throttle connections that have lasted more than a certain amount of time. (Most such connections are P2P traffic, which should be given a lower priority than other connections and may constitute network abuse.) Alas, it doesn't appear that FreeBSD's IPFW can keep tabs on how long a connection has been established. Is there another firewall

I would like to request that some useful work on networking be MFCed from -CURRENT to -STABLE in time for the release of FreeBSD 6.3. In particular, I'd like to see some of the Netgraph nodes which are new or which have seen extensive development brought in -- ng_nat and ng_car in particular. Bringing in the latest version of ng_nat would allow more flexible in-kernel NAT, while ng_car (which

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.

In the next month or two I've got to upgrade a number of servers that are currently on an EOL'd version of 4-STABLE. I foresee that I'll have very limited time to do full OS upgrades on these systems in the coming several years, so I want to make sure I bring them onto an extended-life branch. Right now 4.11 has the furthest projected EOL date (Jan 31 2007), and the projected EOL

I'm constructing a Web server which may require restricted areas of the site to be used from public places where a password might be sniffed. The damage that could be done by taking snapshots of the content from one session with a spy program is minimal. What the owner of the server does NOT want, though, is to allow unauthorized parties to gain unfettered access by stealing the password via

Everyone: We're starting to see a rash of password guessing attacks via SSH on all of our exposed BSD servers which are running an SSH daemon. They're coming from multiple addresses, which makes us suspect that they're being carried out by a network of "bots" rather than a single attacker. But wait... there's more. The interesting thing about these attacks is that

We're being ping-flooded by the Nachi worm, which probes subnets for systems to attack by sending 92-byte ping packets. Unfortunately, IPFW doesn't seem to have the ability to filter packets by length. Assuming that I stick with IPFW, what's the best way to stem the tide? --Brett Glass

OK, an official OpenSSH advisory was released, see here: <URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html > The fix is currently in FreeBSD -CURRENT and -STABLE. It will be applied to the security branches as well today. Attached are patches: buffer46.patch -- For FreeBSD 4.6-RELEASE and later buffer45.patch -- For FreeBSD 4.5-RELEASE and

I'm working with a FreeBSD user -- a teacher -- who's running KDE on a system on which she neither has nor wants root privileges. She wants to be able to mount and unmount floppies and ZIP cartridges from within KDE, using the standard KwikDisk utility (which, by the way, generates mount and unmount command that don't conform to FreeBSD syntax; however, it appears possible to fix this

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

What does mean this bizarre msgid? maillog: Mar 31 19:31:15 cu sm-mta[5352]: h2VFVEGS005352: from=<nb@sindbad.ru>, size=1737, class=0, nrcpts=1, msgid=<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAfp4Fa2ShPE2u4pP/QpPDIMKAAAAQAAAAj+zb4Isbuk+tYEPVF9Vf, proto=ESMTP, daemon=MTA, relay=wg.pu.ru [193.124.85.219] -- Nikolaj I. Potanin, SA http://www.drweb.ru ID

Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was: >IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Another rebuild didn't work out so... I reviewed

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

I just got the D-Link DWL-G520M PCI wireless card. I'm not interested in super-G or any other post-802.11b feature in particular; the reason I got it was because the marketing materials hinted that (at least some revision of it) had the Atheros chipset. It isn't recognized at all by ath(4) on 5.5. Here is the pciconf -lv section: none0@pci0:14:0: class=0x020000 card=0x3a681186

Hi, Just two quick questions: 1. Would it be possible or difficult to upgrade FreeBSD 4.8 -STABLE to 5.2 -STABLE when it comes out? 2. Which is the best for a production environment, -STABLE or -RELEASE Someone told me they think the latter is better because it doesn't require as much downtime for an upgrade. Thanks Joe

Hi Soeren, We encounter here a deadlock with a quite new ATA 120GB disk. The disk worked good for about 3 weeks, but now we have a strange problem. There seems to be one defective file on the disk. fsck doesn't find it, and if I do a cat file > /dev/null The machine locks completly. Serial console is dead, no remote DDB via ALTBREAK possible anymore, no panic message, just freezed. The

Subject: user/3610: repetable tcpdump remote crash Resent-Date: Sat, 20 Dec 2003 08:55:02 -0700 (MST) Resent-From: gnats@cvs.openbsd.org (GNATS Filer) Resent-To: bugs@cvs.openbsd.org Date: Sat, 20 Dec 2003 16:42:25 +0100 (CET) From: venglin@freebsd.lublin.pl Reply-To: venglin@freebsd.lublin.pl To: gnats@openbsd.org >Number: 3610 >Category: user >Synopsis: repetable

Hi, This was the commit of SA-12:04.sysret to RELENG_7_4, which makes sense to me: http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?r1=216618&r2=236953 But when it was applied to RELENG_8_1, it looks wrong, as if it was applied in the wrong place. The indentation is broken, and the code inserted looks like it wouldn't be effective:

I've just realized that I see in releng/7 something that I did not see in releng/6 - even if I use a file with custom rules in firewall_type I still get default loopback rules installed. I think that this is not correct, I am using custom rules exactly because I want to control *everything* (e.g. all deny rules come with log logamount xxx). -- Andriy Gapon