similar to: ipfirewall(4)) cannot be changed

Hello, I really like the idea behind mac_portacl but I find it difficult to use it because of one issue. When an unprivileged program binds to high automatic port with a call to bind(2) and port number set to 0 the system chooses the port to bind to itself. This mechanismus is used by number of programs, most commonly by ftp clients in active mode. Unfortunately this 0 is checked by the

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

Hi all, I was intending on trying out gjournal on a new disk i've added in my desktop. I had a look to see what the most recent patch provided by Pawel and found http://people.freebsd.org/~pjd/patches/gjournal6_20061024.patch I created the directories as per Pawel's original post (http://lists.freebsd.org/pipermail/freebsd-fs/2006-June/001962.html) and the patch succeeded with no failed

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful

Hi, I have a dovect 1.0.15 on my mailserver and as a Client I use offlineimap. Since some time now my mailsynchronisation got slow - I don't know exactly where the problem is, but I tried to track it down. Usually the UID-Searches are fast (according to the offlineimap-debugging) but as soon as it comes to big folders it takes a long time: [..] DEBUG[imap]: 37:15.22 < * 1

I've got a fix for the panic from the cd(4)/da(4) drivers when INVARIANTS is turned on in -stable. The fix is to create a task queue that runs in a thread context and use that to create the sysctl variables needed by cd(4) and da(4). The eventual fix will be to move the CAM transport layer probe code into a kernel thread. Anyway, these patches work for me, but if I could get some feedback

I am currently blocking out netbios UDP port 137 on my firewall and was wondering what the following means in terms of security: Jul 9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137 MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111 I have gottena few 100 of these and was wondering if there are some vulnerabilties related to netbios out there?? What do the S/I/F/L fields stand for?? I

Here's a patch against 4.8-RELEASE kernel that allows disk writes on softupdates-enabled filesystems to be delayed for (theoretically) arbitrarily long periods of time. The motivation for such updating policy is surprisingly not purely suicidal - it can allow disks on laptops to spin down immediately after I/O operations and stay idle for longer periods of time, thus saving considerable amount

Hi Jeff, I have a single-CPU system with P4 HTT-enabled processor (7.1-RELEASE-p3), kernel compiled with SCHED_ULE. Copyright (c) 1992-2009 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.1-RELEASE-p3 #0:

Hi, I have a system with a 4.11 Kernel. Unless I'm doing something very wrong, there seems to be something odd with ipfw. Take the following rules: ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep- state ipfw add 00299 deny log all from any to any out via bge0 ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit src-addr 2 ipfw add 00499 deny log

Hi. On my FreeBSD 4.8 configured IPFW2+IPF+IPNAT and I use them all: - IPFW - traffic accounting, shaping, balancing and filtering; - IPFilter - policy routing; - IPNAT - masquerading. I want to know, how IP-packets flow through all of this components? What's the path? incoming: IPFW Layer2 -> IPFW&Dummynet -> IPNAT -> IPFilter ? outgoing: IPFW Layer2 ->

---------- Forwarded message ---------- Received: from lists.securityfocus.com (lists.securityfocus.com [216.102.46.4]) by blues.jpj.net (right/backatcha) with SMTP id VAA15167 for <trevor@JPJ.NET>; Tue, 27 Jul 1999 21:17:48 -0400 (EDT) Received: (qmail 28179 invoked from network); 27 Jul 1999 19:14:06 -0000 Received: from lists.securityfocus.com (216.102.46.4) by lists.securityfocus.com

This looks like a very cool feature addition to RELENG_7! Are there any performance penalties that you know of with this built in ? ---Mike At 09:13 PM 7/23/2008, Julian Elischer wrote: >julian 2008-07-24 01:13:22 UTC > > FreeBSD src repository > > Modified files: (Branch: RELENG_7) > contrib/pf/pfctl parse.y > lib/libc/sys

Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was: >IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Another rebuild didn't work out so... I reviewed

Apparently rsync breaks on FreeBSD if you turn off -O2 (which is the default.) The breakage is apparently inside zlib. You'd have to think it was a compiler bug, but perhaps not. I haven't tried to reproduce it yet. -- Martin ----- Forwarded message from grog@FreeBSD.org ----- Date: Fri, 19 Apr 2002 23:14:46 -0700 (PDT) From: <grog@FreeBSD.org> To: mbp@samba.org Subject: PR

Hey All, [NOTE: crossposting between freebsd-current@, freebsd-security@, and freebsd-stable at . Please forgive me if crossposting is frowned upon.] Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology. It helps secure applications against low-level exploits. A popular secure implementation is known as PaX ASLR, which is a third-party patch for Linux. Our

Hey All, [NOTE: crossposting between freebsd-current@, freebsd-security@, and freebsd-stable at . Please forgive me if crossposting is frowned upon.] Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology. It helps secure applications against low-level exploits. A popular secure implementation is known as PaX ASLR, which is a third-party patch for Linux. Our

Hi list, how to perform a differential backup using rsync? On web there is a great confusion about diff backup concept when searched with rsync. Users says diff because it copy only differences. For me differential is backup from last full backup. Other users says that to perform a differential backup I must include in rsync command: --backup --backup-dir=/some/path but from manual page of

Hi, We're having some trouble with detection of a couple of Sil3124 SATA controller cards on newer motherboard and processor combos. Specifically, we're running a Supermicro X9SCM-F motherboard (latest BIOS) and Intel E3-1220v2 CPU. What we're seeing: - Syba Sil3124 PCIe cards are only being detected when installed in PCIe Slot 4 -- The motherboard documentation shows that this