similar to: Multiple Firewalls with ipfilter?

Hello- I am bit confused here. I have just had some issues with my box and I am looking for some opinions. I just had been denied access to my box...supposedly from a memory shortage in reference to my NIC....more specifically, mbuf clusters exhausted. Now I am looking in my /var/log/messages for when this started and I notice a discrepancy in my logs. Now from where I am looking, I see

Hello, I've been playing a bit with the "noexec" flag for filesystems. It can represent a substantial obstacle against the exploitation of security holes. However, I think it's not perfect yet. First thing, an attempt to execute a program from a noexec-mounted filesystem should be logged. It is either a very significant security event, or it can drive nuts an

I am experiencing poor network performance on Dom0. When i ping other hosts on the same LAN, packets are out of order, and they show response times ranging from < 1 ms to several seconds, and some packets get lost. For example, a typical ping result looks like this: 87 packets transmitted, 80 received, +3 errors, 8% packet loss, time 86038ms rtt min/avg/max/mdev =

I have a FreeBSD box acting as a firewall and NAT gateway I would like to set it up to transparently pass IPSec packets -- I have an IPSec VPN client running on another machine, connecting to a remote network. Is there a way to do this? I can't find any hints in the man pages.

Hello all, I want to learn about requirements if I want to protect gigabit network with ipfilter as transparent firewall. Which type of hardware is required to install FreeBSD + ipf (as transparancy ) . We use 3 gigabit ethernet to protection which type of gigabit ethernet carts are powerfull. Also, what about the NMBCLUSTERS , IPSTATE_SIZE and IPSTATE_MAX in ip_state.h. I want to collect all

hello i was uploading drivers and renamed a printer by error with the name of an other existing one. now, when i rename one of them or click-right and ask for properties, it's always the first printer that is renamed or that i see the properties of. so i cant fix my mistake. has anybody the same problem ? how should i fix that ? thanks ELH -- ?ric LE H?NAFF ?cole normale sup?rieure -

hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options

I've found out from two different kernel configs that after properly compling kernel with IPFILTER support it causes the system not to boot. Its hard to say, what exactly it does, cause its not a local system. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to

Hi all. I didn't find any thread discussing it, sorry if I am re-posting the same subject. Is there a way to check the ipfilter/ipfw out-flow with bridge? Is it implemented? I've heard its not done due a performance issue (it's writen in ipf-howto), but performance is not the main goal for me in this single situation. I would like to have the stateful firewall and the bridge _fully_

Hi, sorry for cross-mailing. Reply-to: set to freebsd-net. I have seen some discussion on freebsd-security etc. about some parts of the subject. I have seen older messages in archives. Regularly the same questions seem to come up. I have not found an all-including description of the answer to s.th. like: "Can anybody tell me the order packets get processed in kernel related to IPSec,

Has anyone gotten a transparent firewall working? I''m using snv_125 on an IBM x346 (snv_130 goes into endless boot loops on this hardware). I can create a working bridge with dladm, but can''t stop packets, even with "block in quick all". That stops packets on my management interface bge0, but not on the bridge. :( tim at ghost:~# ifconfig -a lo0:

I wrote a small app that monitors a Back-UPS ES500 UPS via the uhid0 interface. I want to run the daemon with as little privs as possible. gastest# ls -l /dev/uhid0 crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0 gastest# Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop privs of the daemon yet still be able to read from the device ? All I am doing is

Hi! I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN router. My problem is with firewalling the VPN part. I'm using a tunnel to a RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my internal net (172.17.0.0/24) to that box only: spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique; spdadd $REDHAT/32 172.17.0.0/24

hello i solved my problem. i wanted a manager to be able to modify files in the users' profiles from his windows workstation. The solution i found is with adding this lige to the profiles share bloc in smb.conf : root postexec = setfacl -R -m g:"Domain Admins":rwx /share/profiles/%U regards ELH -------- Message original -------- Sujet: profile question Date: Tue, 18 Jul 2006

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

This looks like a very cool feature addition to RELENG_7! Are there any performance penalties that you know of with this built in ? ---Mike At 09:13 PM 7/23/2008, Julian Elischer wrote: >julian 2008-07-24 01:13:22 UTC > > FreeBSD src repository > > Modified files: (Branch: RELENG_7) > contrib/pf/pfctl parse.y > lib/libc/sys

Apologies for the elementary nature of the question (yes, I'm another newbie)... I'd like to perform a multiple regression on a single data set containing a representation of energy consumption and temperatures containing account number, usage (KWh), heating degree days (HDD) and cooling degree (CDD) days. I want to get the coefficients back from the following equation: lm(AvgKWh ~

hello i cant manage groups with usrmgr and the configuration below debian sarge, samba 3.0.22, openldap 2.2.23, smbldap-tools 0.8.7. usrmgr reports he cant find the groups. is it solved by samba 3.0.23a ? does anybody report enhancement after upgrading to 3.0.23a ? Regards ELH -- ?ric LE H?NAFF ?cole normale sup?rieure - Centre de ressources informatiques Informaticien, Ing?nieur d?veloppements

Hello everyone, I've been fiddling around with the snow and Rmpi packages on my new Intel Mac, and have run into a few problems. When I make a cluster on my machine, both slaves start up just fine, and everything works as expected. When I try to make a cluster including another networked machine it hangs. I've followed the suggestions at

Hi there, I have been browsing for web hosting and I found some firms (one of them is <http://www.hub.org>) offering 'virtual server hosting using FreeBSD'. They say that virtual server is different from virtual host, for the first is a completely separated enviroment, like a standalone server. I am a newbie on FreeBSD, I search at the archive and Google for this info; and at this