Peter N. M. Hansteen<p>Fellow network nerds, at EuroBSDcon 2025 in Zagreb, there will be a Network Management with the OpenBSD Packet Filter Toolset" <a href="https://events.eurobsdcon.org/2025/talk/FW39CX/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">events.eurobsdcon.org/2025/tal</span><span class="invisible">k/FW39CX/</span></a> session, a full day tutorial starting at 2025-09-25 10:30 CET. You can register for the conference and tutorial by following the links from the conference Registration and Prices <a href="https://2025.eurobsdcon.org/registration.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">2025.eurobsdcon.org/registrati</span><span class="invisible">on.html</span></a> page. <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/eurobsdcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eurobsdcon</span></a> <a href="https://mastodon.social/tags/conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conference</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/zagreb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zagreb</span></a></p>
mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog
Verwaltet von:
Serverstatistik:
1,4 Tsd.aktive Profile
mastodontech.de: Über · Status · Profilverzeichnis · Datenschutzerklärung
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.4.1
#pf
1 Beitrag · 1 Beteiligte*r · 1 Beitrag heute
Peter N. M. Hansteen<p>Yes, The Book of PF, 4th Edition Is Coming Soon <a href="https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/yes_the_boo</span><span class="invisible">k_of_pf_4th_ed_is_coming.html</span></a> </p><p>Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder <a href="https://nostarch.com/book-of-pf-4th-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nostarch.com/book-of-pf-4th-ed</span><span class="invisible">ition</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/tcpip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tcpip</span></a> <a href="https://mastodon.social/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv6</span></a> <a href="https://mastodon.social/tags/ipv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv4</span></a> <a href="https://mastodon.social/tags/bookofpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bookofpf</span></a></p><p>... and of course somebody had to ask, "when can we expect a fifth edition", to which the answer was "let's get this one out the door first"</p><p>That said, watch this space for further announcements!</p>
Thoralf Will 🇺🇦🇮🇱🇹🇼<p>Oops, meine <a href="https://soc.umrath.net/tags/evcc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>evcc</span></a>-vm ist abgeraucht:</p><p>kernel: BUG: unable to handle page fault for address: ffffffffaf67d513<br>kernel: <a href="https://soc.umrath.net/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a>: supervisor write access in kernel mode<br>kernel: <a href="https://soc.umrath.net/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a>: error_code(0x0003) - permissions violation<br>kernel: PGD d015067 P4D d015067 PUD d016063 PMD b6001e1 <br>kernel: Oops: 0003 [#2] PREEMPT SMP PTI</p><p>Und das jetzt schon das 2. Mal in dieser Woche. Klingt uncool.</p><p><a href="https://soc.umrath.net/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxmox</span></a></p>
Peter N. M. Hansteen<p>Long rumored, eagerly anticipated by some, "The Book of PF, 4th edition" <a href="https://nostarch.com/book-of-pf-4th-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nostarch.com/book-of-pf-4th-ed</span><span class="invisible">ition</span></a> is now available for PREORDER. The most up to date guide to the OpenBSD and FreeBSD networking toolset <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://mastodon.social/tags/preorder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>preorder</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> (again for the CEST-ish crowd)</p>
Martin Pugh<p>OK, so, that's weird.....</p><p>I ran `syspatch` and `pkg_add -u` on my blog webserver late yesterday afternoon and all sorts of weirdness ensued.</p><p>I could no longer SSH into the box. IPv6 seemed to be broken completely. I couldn't login at the Proxmox console because I set ridiculously long password for all my accounts before I disable password auth anyway, and there's no way I'm getting all 63 mixed case and symbol characters correct...</p><p>So, I broke out the OpenBSD recovery console to change my password and do some tinkering but I was way too tired last night so shelved the problem. Oh, and I should mention it seemed to still be accepting web requests for the blog...</p><p>This morning, I'm a little more awake, I've been on the case again and we're up and running. I have no clue why yet, but it seems all my PF rules that used `egress` for the interface no longer work. Switching to the real interface name fixes everything. It's got to be route related, as `egress` applies to all interface with a default route but I can't see what cause that to not apply to the only interface the server has.</p><p><a href="https://bsd.network/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv6</span></a> <a href="https://bsd.network/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://bsd.network/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Networking</span></a> <a href="https://bsd.network/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a></p>
Peter N. M. Hansteen<p>Confirmed: There will be a full day PF tutorial "Network Management with the OpenBSD Packet Filter Toolset" at <a href="https://mastodon.social/tags/eurobsdcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eurobsdcon</span></a> 2025 in <a href="https://mastodon.social/tags/zagreb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zagreb</span></a>.</p><p>Details to emerge via <a href="https://2025.eurobsdcon.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">2025.eurobsdcon.org/</span><span class="invisible"></span></a>, and expect more goodies to be announced!</p><p><a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/bsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsd</span></a></p>
Europe<p>What happens to mortgage rates if the Canada-U.S. trade war ends?</p><p>Open this photo in gallery: The market currently expects the Bank of Canada to cut interest rates by…<br><a href="https://flipboard.social/tags/Europe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Europe</span></a> <a href="https://flipboard.social/tags/Business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Business</span></a> <a href="https://flipboard.social/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://flipboard.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a>-ca <a href="https://flipboard.social/tags/tariffs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tariffs</span></a> <a href="https://flipboard.social/tags/tradewar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tradewar</span></a><br><a href="https://www.europesays.com/2177198/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2177198/</span><span class="invisible"></span></a></p>
Peter N. M. Hansteen<p>Network Management with the OpenBSD Packet Filter Toolset <a href="https://www.bsdcan.org/2025/timetable/timetable-Network-Management-with.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bsdcan.org/2025/timetable/time</span><span class="invisible">table-Network-Management-with.html</span></a> at <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a> now concluded, new slides up at <a href="https://nxdomain.no/~peter/pf_fullday.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_fullday.</span><span class="invisible">pdf</span></a> -- now with during-session updates (labs available for attendees only, sorry) </p><p><a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://mastodon.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networktrickery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrickery</span></a></p>
Tom<p>After 20 years of using <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> on <a href="https://mastodon.bsd.cafe/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> and only dabbling in iptables when I absolutely had to in <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>, nftables looks like an unreadable, incomprehensible shitshow; A crayon scrawl by a toddler of weird nat and mangle chains that make no sense. </p><p>The Linux developers would have been much better off porting pf to Linux.</p>
karOver the past few weeks I have been switching off of NixOS and going back to the previous OSes and distros I was using. Last week I migrated my VPS back to OpenBSD and I now feel like I can appreciate its simplicity even more. That's not the point of this though.<br><br>When migrating I was reminded of something <span class="h-card"><a href="https://camp.crates.im/users/nemo" class="u-url mention" rel="nofollow noopener" target="_blank">@nemo@camp.crates.im</a></span> previously said about only allowing ssh access to the IP addresses he know he uses. I thought I should try doing something similar especially because to me pf is way saner to use and manage than iptables.<br><br>The addresses I know I'll use are my home IPv4 address and the IPv4+6 addresses of the Mullvad enpoints I am likely to use.<br>Unfortunately I don't know what those public addresses are before connecting.<br><br>A quick script containing something like below (I didn't save it >_<) later, I was able to get all the addresses I needed for passing to pf.<br><pre>for i in *.conf; do<br> wg-quick up $i<br> curl -s4 https://zx2c4.com/ip | sed 1q<br> # the connect timeout is there because a few of the endpoints had a not-working IPv6 address<br> curl --connect-timeout -s6 https://zx2c4.com/ip | sed 1q<br> wg-quick down $i<br>done<br>``` <br><br>Now in my pf.conf I just had to do something like this which didn't seem that complicated after all. I just modelled it after my existing rule that I used for opening ports (I removed ssh from that rule in favour of this one). This can most definitely be made better, but at least it works!<br><br></pre><p><strong>explicitly allow home and vpn ip addresses</strong></p>ssh_whitelist_ipv4 = "{<br><p><strong>ipv4 addresses here</strong></p><p><strong>I put my home address at the top as is and then /24 ranges for the mullvad IPs because I was told they may change frequently</strong></p>}"<br>ssh_whitelist_ipv6 = "{<br><p><strong>ipv6 addresses here from mullvad</strong></p><p><strong>I figured that they won't change often so I simply pasted them as is without specifying prefix</strong></p>}"<br><br>...<br><br><p><strong>allow public ssh only to my normal home address and mullvad ips</strong></p>pass in log on $ext_if inet proto tcp from $ssh_whitelist_ipv4 to ($ext_if) \<br>port ssh flags S/SA keep state<br>pass in log on $ext_if inet6 proto tcp from $ssh_whitelist_ipv6 to ($ext_if) \<br>port ssh flags S/SA keep state<br><pre><br>After running for over a day, my /var/log/authlog still only shows my own connections and not some people across the globe spamming connections to invalid users.<br><br></pre>saklas$ zgrep preauth /var/log/authlog.0.gz | grep -v vin | wc -l<br>3918<br>saklas$ grep preauth /var/log/authlog | grep -v vin | wc -l<br>1<br><pre><br>I was previously using pf-badhost in place of fail2ban due to the latter not being available on OpenBSD, but pf-badhost didn't prevent active attacks while both of them still allowed those (initial) connections in the first place.<br>There's a much smaller likelihood of an attacker using the same Mullvad endpoints I use, and if they do I probably have bigger problems to worry about. I'm also pretty much always connected to my Wireguard VPN (separate post on my website for this later) and that would let me bypass this anyways. This setup is more of a failsafe if I'm unable to connect through the VPN, and a failsafe of that failsafe if things really go wrong is just using the Hetzner web console I guess.<br><br>After writing all this, I think it's better to just post this on my website and syndicate here.<br><br><a href="https://snac.13f0.net?t=openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://snac.13f0.net?t=mullvad" class="mention hashtag" rel="nofollow noopener" target="_blank">#mullvad</a> <a href="https://snac.13f0.net?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a><br></pre>
thinkberg<p>Considering a <a href="https://tetrax.de/tags/vpn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vpn</span></a> outlet server on <a href="https://tetrax.de/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a>. What would you prevent network wise? <a href="https://tetrax.de/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a></p>
Peter N. M. Hansteen<p>That Grumpy BSD Guy: A Short Reading List <a href="https://nxdomain.no/~peter/the_short_reading_list.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/the_short_r</span><span class="invisible">eading_list.html</span></a> A collection of pointers to things I have written and that I think may be of value to you too (with conference teasers) <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/antispam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antispam</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/eurobsdcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eurobsdcon</span></a> <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a></p>
Peter N. M. Hansteen<p>As previously announced, there will be a PF tutorial at BSDCan 2025 - </p><p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p>Registration: <a href="https://www.bsdcan.org/2025/registration.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bsdcan.org/2025/registration.h</span><span class="invisible">tml</span></a></p><p><a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/EuroBSDcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDcon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>With <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a> now less than a month away <a href="https://www.bsdcan.org/2025/index.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bsdcan.org/2025/index.html</span><span class="invisible"></span></a> we invite your questions and input on the upcoming PF tutorials, see <br>"For Upcoming PF Tutorials, We Welcome Your Questions" <a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p><a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"</p><p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p> <a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p>"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"</p><p> <a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> </p><p>(Now with actual EuroBSDcon submissions deadline)</p>
Peter N. M. Hansteen<p>"I have yet to meet an admin who plausibly claims to never have been tripped up by their overload rules at some point." </p><p>More, and a walk down memory lane, in "The Hail Mary Cloud And The Lessons Learned" <a href="https://nxdomain.no/~peter/hailmary_lessons_learned.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/hailmary_le</span><span class="invisible">ssons_learned.html</span></a> <br><a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/bruteforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bruteforce</span></a> <a href="https://mastodon.social/tags/passwordgroping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordgroping</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/guessablepasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>guessablepasswords</span></a> <a href="https://mastodon.social/tags/hailmary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hailmary</span></a> <a href="https://mastodon.social/tags/hailmarycloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hailmarycloud</span></a></p>
jcccb<p>I found a new <a href="https://mastodon.social/tags/Hypervisor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hypervisor</span></a> toy!<br><a href="https://mastodon.social/tags/HosterCore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HosterCore</span></a> is a fresh and flexible approach to <a href="https://mastodon.social/tags/virtualization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>virtualization</span></a> management.<br>It is based on upstream <a href="https://mastodon.social/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> and uses a modern toolset like <a href="https://mastodon.social/tags/Go" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Go</span></a> <a href="https://mastodon.social/tags/jails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jails</span></a> <a href="https://mastodon.social/tags/bhyve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bhyve</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> and <a href="https://mastodon.social/tags/ZFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZFS</span></a> with dataset level encryption. <br>It offers <a href="https://mastodon.social/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> support an api and a webgui is in development.<br>Definitely worth to check out! :computerfairies:</p><p><a href="https://github.com/yaroslav-gwit/HosterCore" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/yaroslav-gwit/Hoste</span><span class="invisible">rCore</span></a></p>
dwardoric<p>Debugging aids for pf firewall rules [on FreeBSD] – Dan Langille's Other Diary</p><p><a href="https://dan.langille.org/2025/02/24/debugging-aids-for-pf-firewall-rules-on-freebsd/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dan.langille.org/2025/02/24/de</span><span class="invisible">bugging-aids-for-pf-firewall-rules-on-freebsd/</span></a></p><p><a href="https://chaos.social/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> <a href="https://chaos.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> <a href="https://chaos.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://chaos.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a></p>
r1w1s1Comparing firewall syntax for SSH (port 22) with default-deny:<br>================================================<br><br><a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#iptables</a> (Linux)<br>iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br>iptables -P INPUT DROP<br><br><a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#nftables</a> (Linux)<br>nft add rule inet my_filter input tcp dport 22 accept<br>nft add rule inet my_filter input drop<br><br><a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#ufw</a> (Linux - simplified frontend to iptables)<br>ufw allow 22/tcp<br>ufw default deny incoming<br><br><a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a> (OpenBSD)<br>pass in proto tcp to port 22<br>block all<br><br>pf’s syntax feels so elegant, human-readable, & minimal!<br><br>After 20years scripting iptables, I’m ready to try UFW on my laptop.<br><a href="https://snac.bsd.cafe?t=firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#firewall</a> <a href="https://snac.bsd.cafe?t=sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a> <a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#iptables</a> <a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#ufw</a> <a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#nftables</a><br>
AngesagtLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen