Fresh out of the Oven.

I was searching for the best replacement of my Lenovo X1 Carbon 8th Gen's Wirreless Card (...not found yet - anyone?), and found this instead, which may be my 2morrows read:

A #beginners Guide To #Firewalling with #pf #pfsense

https://srobb.net/pf.html

Maybe also interesting site for @vermaden s BSD-News? §8-)

@bsd_nl conference day at Maximus Brewery in Utrecht

A lovely day with a great beer on the sunny terrace.

Thanks to the organizers and speakers @kp #PF firewall and Benedict Reuschling #OpenZFS

New video out!

Setting up a basic #firewall with #pf on #FreeBSD

Enjoy

#freebsd #bsd #pf #firewall

On #youtube
https://youtu.be/W3LLuCb8VAs

On #Odysee
https://odysee.com/@YetanotherSysAdmin:0/Setting-up-a-basic-firewall-with-pf-on-FreeBSD:d

What do the clever OpenBSD firewall folks use to put up a reasonable defence against known bad actors?

I have an SSH bastion host that gest spammed with connection attempts (it only accepts key authentication but even so...) as well as web server for my blog that gets requests for dot files, PHP, cpanel, etc...

On both I'm currently running a shell script that greps the logs for keywords and feeds those IP's into a temporary blocklist but I'm sure there must be a better way, plus some way to feed in a reputable source of bad IP's before they become a problem would be nice.

Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too) https://nxdomain.no/~peter/blogposts/recent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html from 2021 but has aged surprisingly well #openbsd #freesoftware #libresoftware #libressl #ssh #pf #laptops

#pf #photos @photography #prettyflowers #images #pretty #flowers

Very useful cheat sheet on #pf

https://www.openbsdhandbook.com/pf/cheat_sheet/

Finally run debian12 with gui thanks to vm-bhyve on freebsd14 after several month of tweaking and learning. Really big thank to @vermaden and his article https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/

But one thing I still dont get it. I have a problem with resolving a DNS on the VM. IP addreses works well but domain names like google.com not at all. I solved it by adding "nameserver 8.8.8.8" in /etc/resolv.conf in VM, but I am not sure if I solve it well and dont understabd why I have to solve it anyway, I do not remeber that I would have to set it.
I se vm-bhyve with host wifi wlan interface so I had to set NAT in PF, in article it is a section laptop wifi nat. Is it normal to set resolv.conf file in VM?

For some reason I just looked up my now just over 2 year old piece "The Things Spammers Believe - A Tale of 300,000 Imaginary Friends" https://nxdomain.no/~peter/spammers_believe_in_300k_imaginary_friends.html (prettified, tracked https://bsdly.blogspot.com/2022/09/the-things-spammers-believe-tale-of.html) and realized that number will soon roll past the next big round marker. #spamtraps #traplist #spam #antispam #openbsd #pf #spamd #cybercrime #bottomfeeders #imaginaryfriends

A piece of oft-repeated #openbsd #pf advice, from this morning on openbsd-misc:

In addition to the official resources such as the PF FAQ (https://www.openbsd.org/faq/pf/index.html) I think my own writings such as "A Few of My Favorite Things About The OpenBSD Packet Filter Tools" https://nxdomain.no/~peter/better_off_with_pf.html (or with G's trackers
as the cost for slightly nicer formatting https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html)
which has a few useful links at the end including to a certain book that *might*
be worth looking into.

#pf #images #flowers #prettyflowers #photos @photography #pretty

#pf #pretty #flowers #photos @photography #prettyflowers #images

#pf #flowers @photography #prettyflowers #photos #images #pretty

There was a "Network Management with the OpenBSD Packet Filter Toolset" tutorial session at @EuroBSDCon 2024, here are the updated slides: https://nxdomain.no/~peter/pf_fullday.pdf #openbsd #pf #networking #security #tcpip #ipv6 #ipv4 #ssh #spam #packetfilter #eurobsdcon

Surely port-forwarding UDP and TCP packets to a #Minecraft (Debian) server using #relayd on #OpenBSD should be straightforward?

Spent quite a bit of time on this yesterday and didn't manage it. I'm a relative newb when it comes to networking, #pf, etc but even #AI couldn't get me through it.

Has anyone done this? Grateful for any tips.

authlog

(ft. the tome of pf: https://nostarch.com/pf3 by @pitrh )

Whenever I see the a "How to protect your #SSH server against #bruteforce attacks" post or article centered on some #Linux woodo, I always think to post about how easy it is to deal with those on #OpenBSD and #FreeBSD with #PF add #statetracking options: As in https://home.nuug.no/~peter/pf/en/bruteforce.html, supplemented with https://nxdomain.no/~peter/forcing_the_password_gropers_through_a_smaller_hole.html, alternatively the PF tutorial https://nxdomain.no/~peter/pf_fullday.pdf and of course The Book of PF, https://nostarch.com/pf3

Also the slowpoke version: https://nxdomain.no/~peter/hailmary_lessons_learned.html

Ten years plus on "Effective Spam and Malware Countermeasures - Network Noise Reduction Using Free Tools" https://nxdomain.no/~peter/effective_spam_and_malware_countermeasures.html still seems to be relevant (mod that we never got #IPv6 greylisting done) #malware #networksecurity #antispam #OpenBSD #internetsecurity, #networking #mailsecurity #packetfilter #countermeasures #networkmail #PF #greylisting #spam #FreeBSD