Search results

You must ensure that newsyslog executes a script during rotation. For example, the newsyslog rotation log entry has the 'R' flag set, which, according to the man page, is doing this: newsyslog.conf: if this flag is set the newsyslog(8) will run shell command defined in path_to_pid_cmd_file...

The first option didn't work for me. I see the 2nd one for the first time now, I have no clue if it works or not, the problem was solved on my side.

I got into this error after updating from 12.0-RELEASE to 12.1-RELEASE. The solution that worked for me was to forcibly remove pkg root@server:/var/db/pkg # pkg update -f Updating FreeBSD repository catalogue... pkg: repository meta /var/db/pkg/FreeBSD.meta has wrong version 2 pkg: Repository...

I'll share my thoughts on this matter, even though this subject is old. Installing multiple PHP versions on a single machine IS possible, with acceptable level of dependency mess/conflicts, at least as long as PEAR is not involved, and standard PHP extensions are installed. As mentioned on one...

Because thge above answers don't seem concudent to me, I'll post the solution that worked for me. I'm upgrading a machine having two versions of python installed, v2.7 and v3.6. While upgrading mesa-libs, a dependency to llvm pops up, which fails to compile because it has a dependency to python...

I would like to use that pppoe client tester/emulator.... Can you make a port, or a source tarball in worst case?

When you change pf ruleset a reboot is NOT required. /etc/rc.d/pf reload should be enough. Try to do a tcpdump on the external interface (em0) and on the private interface, please put the dumps here, but try to obfuscate less the addresses and the timestamps. It's enough to obfuscate the...

The sample pf.conf, located at /usr/src/share/examples/pf/pf.conf contains an example: #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 Adjust it to suit your needs. Translated from iptables -t nat -A PREROUTING -i interfacehere-p tcp --dport requested_port_here -j DNAT --to...

I can confirm that using dummynet (and IPFW) and pf at a time works, I haven't tried ALTQ. But on high traffic networks it is advisable to use only one firewall/traffic conditioner.

I can tell that IPFW can do that job, using pipes or queues. I don't know how complicate it may be to use pf for this task.

If you have many users and multiple e-mail administrators, then it makes sense to use a more complex solution. I wrote here how I configure mail servers with Postfix, Dovecot 2, virtual users using MySQL database, DKIM, SASL authentication, Greylisting, SPF check, webmail, amavisd-new...

I agree, some organizations (most of them small, in my experience) don't use proper SMTP servers. In the past 7 years, I took care of the corporate email server. I started using greylisting 4 years ago. During this 4 years, I had less than four events related to greylisting per year. So, I...

Indeed, DutchDaemon, the local system administrator can't see what mails didn't arrive. But the persons who weren't able to send mail to your domain should have received a non-delivery notice, if they are using proper mail servers, with queues. Only if the partners are using poor web-based...

Use greylisting + RBL Checks + more strict SMTP restrictions: reverse DNS record existence, proper HELO, etc + amavisd-new + spamassassin + SPF checks + DKIM signing/verifying. greylisting alone will cut at least 80% of the SPAM volume.

This "standard" output is displayed because the GENERIC kernel configuration file does not include options ALTQ and some of the following options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ options ALTQ_NOPCC options ALTQ_DEBUG

I had a similar problem with a PPPoE WAN connection. It is very likely that your internal clients to use MTU 1500 (default), while the VPN connection uses a lower MTU. I've put pf to perform tcp fragment reassembling, with a rule like "scrub in all max-mss 1440", if I remember correctly. You can...

AFAIK, PPTP VPN uses TCP/1723 and GRE. So, your current firewall looks like: $cmd allow tcp from me to any dst-port 1723 $cmd allow tcp from any to me dst-port 1723 $cmd allow udp from any to me dst-port 1723 $cmd allow udp from me to any dst-port 1723 And I think you should change it to: $cmd...

Performance-wise, it's better to use ipfw tables instead of individual 'ipfw add' lines. If the maximum table items is reached, then you can use another method: routing. zebra (from quagga suite) can add a lot of routes to a 'disc' (discard) device. The best anti-spam approach I've used so far...

use NAT on the external interface. no nat on $ext_if from ($ext_if:0) inet from 192.168.10.25 to 192.168.10.0/24 # It may work this way too, possibly more 'portable' # no nat on $ext_if from (ext_if:0) proto icmp from (ext_if:network) to (ext_if:network) nat on $ext_if from ($ext_if) ->...

This is a design feature. But the packets sent to FF:FF:FF:FF:FF:FF are known as 'broadcast packets' instead of unicast. I don't take this for granted, this should be written 'LLDP and CDP messages should not be allowed'... They provide their own source ethernet address, but send the packet to...