Peter N. M. Hansteen<p>Yes, The Book of PF, 4th Edition Is Coming Soon <a href="https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/yes_the_boo</span><span class="invisible">k_of_pf_4th_ed_is_coming.html</span></a> </p><p>Long rumored and eagerly anticipated by some, the fourth edition of The Book of PF is now available for preorder <a href="https://nostarch.com/book-of-pf-4th-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nostarch.com/book-of-pf-4th-ed</span><span class="invisible">ition</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/tcpip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tcpip</span></a> <a href="https://mastodon.social/tags/ipv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv6</span></a> <a href="https://mastodon.social/tags/ipv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ipv4</span></a> <a href="https://mastodon.social/tags/bookofpf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bookofpf</span></a></p><p>... and of course somebody had to ask, "when can we expect a fifth edition", to which the answer was "let's get this one out the door first"</p><p>That said, watch this space for further announcements!</p>
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.
Administered by:
Server stats:
69active users
lingo.lol: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#pf
1 post · 1 participant · 0 posts today
Peter N. M. Hansteen<p>Long rumored, eagerly anticipated by some, "The Book of PF, 4th edition" <a href="https://nostarch.com/book-of-pf-4th-edition" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nostarch.com/book-of-pf-4th-ed</span><span class="invisible">ition</span></a> is now available for PREORDER. The most up to date guide to the OpenBSD and FreeBSD networking toolset <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://mastodon.social/tags/preorder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>preorder</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> (again for the CEST-ish crowd)</p>
Peter N. M. Hansteen<p>Confirmed: There will be a full day PF tutorial "Network Management with the OpenBSD Packet Filter Toolset" at <a href="https://mastodon.social/tags/eurobsdcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eurobsdcon</span></a> 2025 in <a href="https://mastodon.social/tags/zagreb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zagreb</span></a>.</p><p>Details to emerge via <a href="https://2025.eurobsdcon.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">2025.eurobsdcon.org/</span><span class="invisible"></span></a>, and expect more goodies to be announced!</p><p><a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/bsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsd</span></a></p>
Peter N. M. Hansteen<p>Network Management with the OpenBSD Packet Filter Toolset <a href="https://www.bsdcan.org/2025/timetable/timetable-Network-Management-with.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bsdcan.org/2025/timetable/time</span><span class="invisible">table-Network-Management-with.html</span></a> at <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a> now concluded, new slides up at <a href="https://nxdomain.no/~peter/pf_fullday.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_fullday.</span><span class="invisible">pdf</span></a> -- now with during-session updates (labs available for attendees only, sorry) </p><p><a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://mastodon.social/tags/sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sysadmin</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networktrickery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networktrickery</span></a></p>
Tom<p>After 20 years of using <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> on <a href="https://mastodon.bsd.cafe/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> and only dabbling in iptables when I absolutely had to in <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>, nftables looks like an unreadable, incomprehensible shitshow; A crayon scrawl by a toddler of weird nat and mangle chains that make no sense. </p><p>The Linux developers would have been much better off porting pf to Linux.</p>
karOver the past few weeks I have been switching off of NixOS and going back to the previous OSes and distros I was using. Last week I migrated my VPS back to OpenBSD and I now feel like I can appreciate its simplicity even more. That's not the point of this though.<br><br>When migrating I was reminded of something <span class="h-card"><a href="https://camp.crates.im/users/nemo" class="u-url mention" rel="nofollow noopener" target="_blank">@nemo@camp.crates.im</a></span> previously said about only allowing ssh access to the IP addresses he know he uses. I thought I should try doing something similar especially because to me pf is way saner to use and manage than iptables.<br><br>The addresses I know I'll use are my home IPv4 address and the IPv4+6 addresses of the Mullvad enpoints I am likely to use.<br>Unfortunately I don't know what those public addresses are before connecting.<br><br>A quick script containing something like below (I didn't save it >_<) later, I was able to get all the addresses I needed for passing to pf.<br><pre>for i in *.conf; do<br> wg-quick up $i<br> curl -s4 https://zx2c4.com/ip | sed 1q<br> # the connect timeout is there because a few of the endpoints had a not-working IPv6 address<br> curl --connect-timeout -s6 https://zx2c4.com/ip | sed 1q<br> wg-quick down $i<br>done<br>``` <br><br>Now in my pf.conf I just had to do something like this which didn't seem that complicated after all. I just modelled it after my existing rule that I used for opening ports (I removed ssh from that rule in favour of this one). This can most definitely be made better, but at least it works!<br><br></pre><p><strong>explicitly allow home and vpn ip addresses</strong></p>ssh_whitelist_ipv4 = "{<br><p><strong>ipv4 addresses here</strong></p><p><strong>I put my home address at the top as is and then /24 ranges for the mullvad IPs because I was told they may change frequently</strong></p>}"<br>ssh_whitelist_ipv6 = "{<br><p><strong>ipv6 addresses here from mullvad</strong></p><p><strong>I figured that they won't change often so I simply pasted them as is without specifying prefix</strong></p>}"<br><br>...<br><br><p><strong>allow public ssh only to my normal home address and mullvad ips</strong></p>pass in log on $ext_if inet proto tcp from $ssh_whitelist_ipv4 to ($ext_if) \<br>port ssh flags S/SA keep state<br>pass in log on $ext_if inet6 proto tcp from $ssh_whitelist_ipv6 to ($ext_if) \<br>port ssh flags S/SA keep state<br><pre><br>After running for over a day, my /var/log/authlog still only shows my own connections and not some people across the globe spamming connections to invalid users.<br><br></pre>saklas$ zgrep preauth /var/log/authlog.0.gz | grep -v vin | wc -l<br>3918<br>saklas$ grep preauth /var/log/authlog | grep -v vin | wc -l<br>1<br><pre><br>I was previously using pf-badhost in place of fail2ban due to the latter not being available on OpenBSD, but pf-badhost didn't prevent active attacks while both of them still allowed those (initial) connections in the first place.<br>There's a much smaller likelihood of an attacker using the same Mullvad endpoints I use, and if they do I probably have bigger problems to worry about. I'm also pretty much always connected to my Wireguard VPN (separate post on my website for this later) and that would let me bypass this anyways. This setup is more of a failsafe if I'm unable to connect through the VPN, and a failsafe of that failsafe if things really go wrong is just using the Hetzner web console I guess.<br><br>After writing all this, I think it's better to just post this on my website and syndicate here.<br><br><a href="https://snac.13f0.net?t=openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#openbsd</a> <a href="https://snac.13f0.net?t=mullvad" class="mention hashtag" rel="nofollow noopener" target="_blank">#mullvad</a> <a href="https://snac.13f0.net?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a><br></pre>
thinkberg<p>Considering a <a href="https://tetrax.de/tags/vpn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vpn</span></a> outlet server on <a href="https://tetrax.de/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a>. What would you prevent network wise? <a href="https://tetrax.de/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a></p>
Peter N. M. Hansteen<p>That Grumpy BSD Guy: A Short Reading List <a href="https://nxdomain.no/~peter/the_short_reading_list.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/the_short_r</span><span class="invisible">eading_list.html</span></a> A collection of pointers to things I have written and that I think may be of value to you too (with conference teasers) <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/antispam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>antispam</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/eurobsdcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eurobsdcon</span></a> <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a></p>
Peter N. M. Hansteen<p>As previously announced, there will be a PF tutorial at BSDCan 2025 - </p><p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p>Registration: <a href="https://www.bsdcan.org/2025/registration.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bsdcan.org/2025/registration.h</span><span class="invisible">tml</span></a></p><p><a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/EuroBSDcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDcon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>With <a href="https://mastodon.social/tags/bsdcan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsdcan</span></a> now less than a month away <a href="https://www.bsdcan.org/2025/index.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bsdcan.org/2025/index.html</span><span class="invisible"></span></a> we invite your questions and input on the upcoming PF tutorials, see <br>"For Upcoming PF Tutorials, We Welcome Your Questions" <a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p><a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"</p><p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p> <a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Peter N. M. Hansteen<p>For Upcoming PF Tutorials, We Welcome Your Questions <br><a href="https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/pf_tutorial</span><span class="invisible">_upcoming_questions_welcome.html</span></a></p><p>"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"</p><p> <a href="https://mastodon.social/tags/EuroBSDCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EuroBSDCon</span></a> <a href="https://mastodon.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a> <a href="https://mastodon.social/tags/PF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PF</span></a> <a href="https://mastodon.social/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a>, <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/Ottawa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ottawa</span></a> <a href="https://mastodon.social/tags/BookofPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BookofPF</span></a> <a href="https://mastodon.social/tags/BSDCan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDCan</span></a> <a href="https://mastodon.social/tags/conferences" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>conferences</span></a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> </p><p>(Now with actual EuroBSDcon submissions deadline)</p>
Peter N. M. Hansteen<p>"I have yet to meet an admin who plausibly claims to never have been tripped up by their overload rules at some point." </p><p>More, and a walk down memory lane, in "The Hail Mary Cloud And The Lessons Learned" <a href="https://nxdomain.no/~peter/hailmary_lessons_learned.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/hailmary_le</span><span class="invisible">ssons_learned.html</span></a> <br><a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/bruteforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bruteforce</span></a> <a href="https://mastodon.social/tags/passwordgroping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordgroping</span></a> <a href="https://mastodon.social/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/packetfilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>packetfilter</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/guessablepasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>guessablepasswords</span></a> <a href="https://mastodon.social/tags/hailmary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hailmary</span></a> <a href="https://mastodon.social/tags/hailmarycloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hailmarycloud</span></a></p>
r1w1s1Comparing firewall syntax for SSH (port 22) with default-deny:<br>================================================<br><br><a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#iptables</a> (Linux)<br>iptables -A INPUT -p tcp --dport 22 -j ACCEPT<br>iptables -P INPUT DROP<br><br><a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#nftables</a> (Linux)<br>nft add rule inet my_filter input tcp dport 22 accept<br>nft add rule inet my_filter input drop<br><br><a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#ufw</a> (Linux - simplified frontend to iptables)<br>ufw allow 22/tcp<br>ufw default deny incoming<br><br><a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a> (OpenBSD)<br>pass in proto tcp to port 22<br>block all<br><br>pf’s syntax feels so elegant, human-readable, & minimal!<br><br>After 20years scripting iptables, I’m ready to try UFW on my laptop.<br><a href="https://snac.bsd.cafe?t=firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#firewall</a> <a href="https://snac.bsd.cafe?t=sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#sysadmin</a> <a href="https://snac.bsd.cafe?t=pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#pf</a> <a href="https://snac.bsd.cafe?t=iptables" class="mention hashtag" rel="nofollow noopener" target="_blank">#iptables</a> <a href="https://snac.bsd.cafe?t=ufw" class="mention hashtag" rel="nofollow noopener" target="_blank">#ufw</a> <a href="https://snac.bsd.cafe?t=nftables" class="mention hashtag" rel="nofollow noopener" target="_blank">#nftables</a><br>
mudala<p>Fresh out of the Oven.</p><p>I was searching for the best replacement of my Lenovo X1 Carbon 8th Gen's Wirreless Card (...not found yet - anyone?), and found this instead, which may be my 2morrows read:</p><p>A <a href="https://mastodon.bsd.cafe/tags/beginners" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>beginners</span></a> Guide To <a href="https://mastodon.bsd.cafe/tags/Firewalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewalling</span></a> with <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.bsd.cafe/tags/pfsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfsense</span></a> </p><p><a href="https://srobb.net/pf.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">srobb.net/pf.html</span><span class="invisible"></span></a></p><p>Maybe also interesting site for <span class="h-card" translate="no"><a href="https://mastodon.bsd.cafe/@vermaden" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vermaden</span></a></span> s BSD-News? §8-)</p>
jhx<p>New video out! 😎 </p><p>Setting up a basic <a href="https://mastodon.bsd.cafe/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> with <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> on <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> :freebsd: </p><p>Enjoy 🙂 </p><p><a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.bsd.cafe/tags/bsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsd</span></a> <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.bsd.cafe/tags/firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firewall</span></a> </p><p>On <a href="https://mastodon.bsd.cafe/tags/youtube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>youtube</span></a> <br><a href="https://youtu.be/W3LLuCb8VAs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/W3LLuCb8VAs</span><span class="invisible"></span></a></p><p>On <a href="https://mastodon.bsd.cafe/tags/Odysee" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Odysee</span></a> <br><a href="https://odysee.com/@YetanotherSysAdmin:0/Setting-up-a-basic-firewall-with-pf-on-FreeBSD:d" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">odysee.com/@YetanotherSysAdmin</span><span class="invisible">:0/Setting-up-a-basic-firewall-with-pf-on-FreeBSD:d</span></a></p>
Peter N. M. Hansteen<p>Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too) <a href="https://nxdomain.no/~peter/blogposts/recent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nxdomain.no/~peter/blogposts/r</span><span class="invisible">ecent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html</span></a> from 2021 but has aged surprisingly well <a href="https://mastodon.social/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/libresoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libresoftware</span></a> <a href="https://mastodon.social/tags/libressl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>libressl</span></a> <a href="https://mastodon.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://mastodon.social/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.social/tags/laptops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>laptops</span></a></p>
Kevin Karhan :verified:<p><a href="https://infosec.space/tags/FriendlyReminder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FriendlyReminder</span></a> for people using <a href="https://infosec.space/tags/pfBlockerNG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfBlockerNG</span></a> on <a href="https://infosec.space/tags/pfSense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pfSense</span></a> / <a href="https://infosec.space/tags/OPNsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OPNsense</span></a> or any other <a href="https://infosec.space/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a>-based <a href="https://infosec.space/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewall</span></a>|ing-<a href="https://infosec.space/tags/distro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>distro</span></a>: </p><p>Clean up ´´´/var/log/pfblockerng´´´ regularly, or else it'll fill up with disrespectful quickness depending on your setup.</p><ul><li><em>Ask me how I know!</em></li></ul><p><a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sysadmin</span></a> <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> <a href="https://infosec.space/tags/Maintenance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Maintenance</span></a> <a href="https://infosec.space/tags/DigitalJanitor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalJanitor</span></a> <a href="https://infosec.space/tags/BSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSD</span></a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.space/tags/Networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Networking</span></a> <a href="https://infosec.space/tags/Netgate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Netgate</span></a> <a href="https://infosec.space/tags/Decisio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Decisio</span></a> <a href="https://infosec.space/tags/Router" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Router</span></a> <a href="https://infosec.space/tags/Filtering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Filtering</span></a> <a href="https://infosec.space/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://infosec.space/tags/logging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logging</span></a> <a href="https://infosec.space/tags/logs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>logs</span></a> <a href="https://infosec.space/tags/log" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>log</span></a> <a href="https://infosec.space/tags/syslog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>syslog</span></a></p>
jhx<p>Very useful cheat sheet on <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> :openbsd: </p><p><a href="https://www.openbsdhandbook.com/pf/cheat_sheet/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">openbsdhandbook.com/pf/cheat_s</span><span class="invisible">heet/</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firewall</span></a> <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.bsd.cafe/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenBSD</span></a></p>
napierge<p>Finally run debian12 with gui thanks to vm-bhyve on freebsd14 after several month of tweaking and learning. Really big thank to <span class="h-card" translate="no"><a href="https://mastodon.bsd.cafe/@vermaden" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vermaden</span></a></span> and his article <a href="https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vermaden.wordpress.com/2023/08</span><span class="invisible">/18/freebsd-bhyve-virtualization/</span></a> ❤️</p><p>But one thing I still dont get it. I have a problem with resolving a DNS on the VM. IP addreses works well but domain names like google.com not at all. I solved it by adding "nameserver 8.8.8.8" in /etc/resolv.conf in VM, but I am not sure if I solve it well and dont understabd why I have to solve it anyway, I do not remeber that I would have to set it.<br>I se vm-bhyve with host wifi wlan interface so I had to set NAT in PF, in article it is a section laptop wifi nat. Is it normal to set resolv.conf file in VM?</p><p><a href="https://mastodon.bsd.cafe/tags/freebsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freebsd</span></a> <a href="https://mastodon.bsd.cafe/tags/bhyve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bhyve</span></a> <a href="https://mastodon.bsd.cafe/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://mastodon.bsd.cafe/tags/nat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nat</span></a> <a href="https://mastodon.bsd.cafe/tags/pf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pf</span></a> <a href="https://mastodon.bsd.cafe/tags/virtualization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>virtualization</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload