• 13.Apr.09
    OpenBSD’s pf null pointer dereference network, news, security | pfortuny | (0)
    We have talked quite a few times about pf, OpenBSD's Packet Filter (firewall). Well, a bug has been discovered which may trigger a kernel panic. There exists a solution, be sure to patch your boxes asap. Notice that the 'editing' solution works on all platforms and versions (at least from 4.2 upwards and probably on older ones).
  • 09.Apr.09
    ARP control and information network | fernape | (0)
    ARP is the protocol used to map IP to hardware addresses. This information is kept in a cache for some time (20 m. in the original implementation). The arp command can help you to know and control the ARP cache (This command is from a FreeBSD 7.1 box and it could differ in options or flags from your own version): $ arp -a ( at 00:13:f7:96:53:02 on re0 [ethernet] Shows all the entries in the arp cache. In my case, I know of my router IP and hardware address. $ arp -i re0 -a The same as the previous one but limiting the scope to ...
  • 22.Mar.09
    RPM: listing files in installed packages cmd, network | rafacas | (0)
    # rpm -ql postgresql-libs /usr/lib/ /usr/lib/ /usr/lib/ /usr/lib/ /usr/lib/ /usr/lib/ /usr/lib/ /usr/lib/ [...] Lists all files of an installed package. It works only if the package is already installed on your system
  • 09.Jan.09
    Authpf: authenticated routing and firewalling on OpenBSD network, security, shell | pfortuny | (0)
    In our detailed description of OpenBSD's packet filter (here and there) we mentioned authpf, and spoke of it as a useful tool, but what is it use? I tend to understand it as an instrument for authenticated routing, that is, a way to provide routing (and firewalling etc...) services only to authenticated users. Think of a corporate setting with different users having access to different services according to their identities (and not according to their computer's IPs, which may well be dynamic or different). For example, user boss may access the firm's MAIN smb (ports 139, 435) server and any http ...
  • 22.Dec.08
    Disabling promiscuous mode on an interface cmd, network | rafacas | (0)
    # ifconfig eth0 -promisc Disables promiscous mode on the eth0 interface.
  • 30.Nov.08
    Enabling promiscuous mode on an interface cmd, network | rafacas | (0)
    # ifconfig eth0 promisc Enables promiscuous mode the eth0 interface so that all frames arriving at the interface will be passed on to the Operating System.
  • 20.Nov.08
    pf, OpenBSD’s [p]acket [f]ilter (2) network, security | pfortuny | (1)
    We introduced OpenBSD's pf in a previous post. In the present one, we are going to start commenting a full-featured firewall configuration which uses quite a few of pf's functionalities: macros, lists, anchors... As we said then, OpenBSD's FAQ contains the complete and detailed documentation. Here is the complete set [but for those related to authpf] of firewall rules, usually stored at /etc/pf.conf (bear with me for the long quote, but I'd rather comment a complete file than do it in parts). # 0) Start: macros and tables ext_if="rl0" int_if="vr0" ext_services = "{smtp www 222}" in_services = "{ssh smtp domain www}" always_open ...
  • 18.Nov.08
    iftop cmd, network, shell | fernape | (0)
    $ iftop On BSD systems, displays NIC statistics. Install from /usr/ports/net-mgmt/iftop
  • 02.Nov.08
    pf, OpenBSD’s [p]acket [f]ilter (1) network, security | pfortuny | (1)
    When anyone has asked me in the last two years about installing a firewall at his LAN's border, I have always recommended them OpenBSD's packet filter pf. I discovered OpenBSD a couple of years ago while designing a hall of residence's local network and firewall. I was by then quite tired of Linux's netfilter/iptables and the first time I read about pf, I fell in love with it. We are now more accustomed to this, but when I saw that you could write firewall rules like pass in on $ext_if proto tcp from any port 80 to $ext_if I knew I had found ...