similar to: Importing into rc.firewal rules

Hi, > On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote: >> I have a grown list of IPs that I am "deny ip from ###.### to any". Infected machines, hackers, etc.. >> >> Is there a way to have this list outside of rc.firewall and just read it in? > from man ipfw LOOKUP TABLES Lookup tables are useful to handle large sparse address sets, typically

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. What are my options on monitoring activity on my external card? This morning I noticed my DSL modem activity light is blinking non-stop. Looking at /var/log/ don't see anything suspicious. I feel tempted to add "log" to all my ipfw pass rules, but wonder if there isn't a better way. I am mostly concerned

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Hello, Possibly some of you will have read the news about "Hijacking a Macbook in 60 Seconds or Less"[1]. At this time I was searching a wireless card for my server and I wonder how this can affect to the combination FreeBSD+ath(4). The ath_hal page states that FreeBSD use a binary driver and I think it is located in this file[2]. Unlike OpenBSD which affirms that they have

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:09.htt Security Advisory The FreeBSD Project Topic: information disclosure when using HTT Category: core Module: sys Announced:

We have a number of Soekris devices that we will be deploying remotely in semi- hostile physical environments. The remote links are dialup so I dont have a lot of bandwidth available. I want to do integrity checks of the images so that I can detect any tampering of the flash image. If I upload a static sha256 binary to /tmp on the remote box (which is a RAM disk) and then do something

Hi, I'm pondering building my own SSL accelerator out of a multi-CPU FreeBSD system and a crypto accelerator. What's the recommended hardware crypto accelerator card these days? Thanks, ==ml -- Michael Lucas mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org Today's chance of throwing it all away to start a goat farm: 49.1% http://www.BlackHelicopters.org/~mwlucas/

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

On a FreeBSD 5.0 the behaviour of screen when connecting to other users sessions have changed. Previously: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX with such a message Current: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3.

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

I had originally mentioned this only to 2 people, which was Jordan K. Hubbard and Paul Henning-Kemp, but since I have received a lot of queries on this, I thought I might as well post it on the FreeBSD announce groups. Included below is a posting done on the Linux-atm mailing group, by Pragnesh Sampat. I have just adapted for FreeBSD. RV -------------------------- Announcement

Am I correct: pigeonhole now wants the symlink to the filter file to use an absolute path instead of the relative paths we had? i.e.) sieve-filterfile@ -> /home/mail/domain/user at domain/roundcube.sieve instead of sieve-filterfile@ -> roundcube.sieve Dovecot logs these: dovecot: managesieve(user at domain.org): Warning: sieve-storage: Active sieve script symlink

In message <20050731135919.GA43753@afields.ca>, Allan Fields writes: >Yes, this is all very nice, but when is someone actually going to >commit it? ;) I'm (as always) short of time, and GBDE is not the top priority for me for the time being. So I am more than happy to see people band together and improve gbde. The main work necessary is to polish the userland program and that

Is it possible to find a repository that hold a newer version of tar. The current version is 1.26 I have some students trying to build Yocto project on my Centos 7 host, but OpenEmbedded reports incompatibility problems with the current version of tar. I thank you on beforehand for any help. |< -- Med venlig hilsen Klaus Kolle Teknikumingeni?r, B.Sc.EE., e-mail : klaus at kolle.dk

I've included all posts till now. Can I ask anyone with older proliant multi-cpu hardware using the smart2 controllers to get in touch with me? I am curious to know if this works for anyone... -D Quoting Danny Carroll <fbsd@dannysplace.net>: > Still more info... > It does not work on 5_0-RELEASE either. > > -D > ----- Original Message ----- > From: "Danny

I notice most things say to open ports 10000-20000 for UDP for SIP, however from time to time this range isn't where Asterisk is opening the ports: We're at xxx.xxx.xxx.xxx port 8542 Answering with capability 0x2(GSM) Answering with capability 0x4(ULAW) Answering with capability 0x8(ALAW) This call has no audio, presumably because port 8542 is firewalled in the iptables on the server.

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

I'm not a master of the internet RFCs, but I do believe icmp messages have different types. Now to enable traceroute for IPFW, I might put in a rule like this: ipfw add pass icmp from any to me However, how would I make a rule to limit icmp messages to just those used by traceroute? Can the messages be distinguished as such? A dynamic rule that exists only for the duration of a traceroute

I'm wondering how I can let the caller choose to leave a voicemail message or continue to wait. Of course I can leave the queue and let the caller go back to the queue is he/she decides to stay waiting. But then they are new in queue again. How can I make such a menu where the caller keep their number in queue ? Thanks, Poul