Comments for worrbase http://www.worrbase.com Highlighting the thrilling adventures of William Orr Fri, 16 Jul 2010 12:40:32 +0000 http://wordpress.org/?v=2.9.2 hourly 1 Comment on OpenBSD pf vs Linux iptables: A Comparison by Sunner http://www.worrbase.com/2009/11/14/openbsd-pf-vs-linux-iptables-a-comparison/comment-page-1/#comment-60 Sunner Fri, 16 Jul 2010 12:40:32 +0000 http://www.worrbase.com/?p=12#comment-60 TeKKen, based on your comments I take it you haven't used OpenBSD in about 7-8 years or more? It hasn't used IPF since version 2.9, which is nearing a decade old, and PF has had the NAT functionality built in since 3.2 or so. TeKKen, based on your comments I take it you haven’t used OpenBSD in about 7-8 years or more? It hasn’t used IPF since version 2.9, which is nearing a decade old, and PF has had the NAT functionality built in since 3.2 or so.

]]> Comment on OpenBSD pf vs Linux iptables: A Comparison by worr http://www.worrbase.com/2009/11/14/openbsd-pf-vs-linux-iptables-a-comparison/comment-page-1/#comment-48 worr Wed, 09 Jun 2010 07:58:34 +0000 http://www.worrbase.com/?p=12#comment-48 What I said there was a little ambiguous. I'll edit it later today for clarity. What I meant was that packets that are part of an existing connection are passed through your iptables rules. When pf passes (or blocks) the beginning of a new connection, it will continue to do the same action upon those packets without passing them through the ruleset. Thanks for pointing that out. Additionally, pf has NAT built in. Also, pf can log to pflog, which is a binary file read with tcpdump. If you want to log in plaintext, you can log to syslog as well. Since it's built in to pf, it's faster than loading the ulogd iptables extension. What I said there was a little ambiguous. I’ll edit it later today for clarity.

What I meant was that packets that are part of an existing connection are passed through your iptables rules. When pf passes (or blocks) the beginning of a new connection, it will continue to do the same action upon those packets without passing them through the ruleset.

Thanks for pointing that out.

Additionally, pf has NAT built in.

Also, pf can log to pflog, which is a binary file read with tcpdump. If you want to log in plaintext, you can log to syslog as well. Since it’s built in to pf, it’s faster than loading the ulogd iptables extension.

]]> Comment on Google App Engine, Twitter4J and OAuth by Carsten http://www.worrbase.com/2010/03/13/google-app-engine-twitter4j-and-oauth/comment-page-1/#comment-47 Carsten Wed, 09 Jun 2010 07:00:43 +0000 http://www.worrbase.com/?p=18#comment-47 I'm doing the exact same thing. ;-) After trying to build Twitter4j it was pretty easy to authenticate with Twitter, but I messed up my callback, so the user got an authentication error every now and then. I'll rewrite my code using your methods as a guide. Thanks for this post! :-) I’m doing the exact same thing. ;-) After trying to build Twitter4j it was pretty easy to authenticate with Twitter, but I messed up my callback, so the user got an authentication error every now and then.

I’ll rewrite my code using your methods as a guide. Thanks for this post! :-)

]]> Comment on OpenBSD pf vs Linux iptables: A Comparison by TeKKen http://www.worrbase.com/2009/11/14/openbsd-pf-vs-linux-iptables-a-comparison/comment-page-1/#comment-46 TeKKen Tue, 08 Jun 2010 08:34:45 +0000 http://www.worrbase.com/?p=12#comment-46 "With iptables, all of your packets pass through all of your rules" Is this a fact? I don't think so. I built freebsd ipfw based firewalls + linux iptables and there isn't much difference with the current 4/8/16 core hardwares... IPF lacks in many features what linux iptables have one of them is layer7 filtering which is great if you build QoS gateways where you want to give more priority for latency sensitive apps and less for file transfer apps. ULOGd in linux is just very nice too , I'm not sure if this is available in bsd. NAT is another good compact thing in iptables when you have to run, configure separate natd on bsd. "pf, you can change tables, variables, lists and anchors on the fly" After an FW setup properly I hardly ever touch it so this is irrelevant. “With iptables, all of your packets pass through all of your rules”

Is this a fact? I don’t think so.
I built freebsd ipfw based firewalls + linux iptables and there isn’t much difference with the current 4/8/16 core hardwares…

IPF lacks in many features what linux iptables have one of them is layer7 filtering which is great if you build QoS gateways where you want to give more priority for latency sensitive apps and less for file transfer apps.

ULOGd in linux is just very nice too , I’m not sure if this is available in bsd.

NAT is another good compact thing in iptables when you have to run, configure separate natd on bsd.

“pf, you can change tables, variables, lists and anchors on the fly”
After an FW setup properly I hardly ever touch it so this is irrelevant.

]]> Comment on Formspring.me API beta by Geoff Hotchkiss http://www.worrbase.com/2010/06/03/formspring-me-api-beta/comment-page-1/#comment-45 Geoff Hotchkiss Thu, 03 Jun 2010 22:36:57 +0000 http://www.worrbase.com/?p=40#comment-45 The major problem in your code is that you're writing Perl :-/ The major problem in your code is that you’re writing Perl :-/

]]> Comment on LTSP by Drew Stephens http://www.worrbase.com/2010/04/22/ltsp/comment-page-1/#comment-33 Drew Stephens Thu, 22 Apr 2010 14:46:47 +0000 http://www.worrbase.com/?p=32#comment-33 Awesome to hear something new in the user center—hopefully this will keep more of the machines in working condition. Awesome to hear something new in the user center—hopefully this will keep more of the machines in working condition.

]]> Comment on LTSP by Andrew http://www.worrbase.com/2010/04/22/ltsp/comment-page-1/#comment-32 Andrew Thu, 22 Apr 2010 11:55:27 +0000 http://www.worrbase.com/?p=32#comment-32 Any luck getting physical ports forwarded? Any luck getting physical ports forwarded?

]]> Comment on mars_nwe and the Great IPX Battle: Part I by worr http://www.worrbase.com/2009/11/06/mars_nwe-and-the-great-ipx-battle-part-i/comment-page-1/#comment-21 worr Mon, 08 Feb 2010 04:10:08 +0000 http://www.worrbase.com/?p=11#comment-21 So about that. I never got around to working with it again, and I've got another big project to deal with. However, it will probably work if you can grab an older version of glibc (probs from oldstable). That might work. I need to play with it again, and if you want I might be able to get to it in the next week or so. So about that. I never got around to working with it again, and I’ve got another big project to deal with. However, it will probably work if you can grab an older version of glibc (probs from oldstable). That might work. I need to play with it again, and if you want I might be able to get to it in the next week or so.

]]> Comment on mars_nwe and the Great IPX Battle: Part I by netnotwork_guy http://www.worrbase.com/2009/11/06/mars_nwe-and-the-great-ipx-battle-part-i/comment-page-1/#comment-20 netnotwork_guy Mon, 08 Feb 2010 03:56:59 +0000 http://www.worrbase.com/?p=11#comment-20 Did you ever get this working? I have a mission critical system at my company that is about 18 years old and will only connect to NetWare file shares. Maintaining the old Netware server to keep this thing running, and trying to make modern systems "play nice" with it, is causing terrible issues and takes a huge amount of my time. In all my searches I am yet to read of someone successfully emulating a netware file server with debian or any free and open source distro. I would be willing to do testing and bug reporting if someone has the development ability to make mars_nwe work on debian. Did you ever get this working? I have a mission critical system at my company that is about 18 years old and will only connect to NetWare file shares. Maintaining the old Netware server to keep this thing running, and trying to make modern systems “play nice” with it, is causing terrible issues and takes a huge amount of my time. In all my searches I am yet to read of someone successfully emulating a netware file server with debian or any free and open source distro. I would be willing to do testing and bug reporting if someone has the development ability to make mars_nwe work on debian.

]]> Comment on OpenBSD pf vs Linux iptables: A Comparison by Chris Lockfort http://www.worrbase.com/2009/11/14/openbsd-pf-vs-linux-iptables-a-comparison/comment-page-1/#comment-6 Chris Lockfort Mon, 16 Nov 2009 14:29:15 +0000 http://www.worrbase.com/?p=12#comment-6 http://lists.freebsd.org/pipermail/freebsd-pf/2007-May/003299.html Step 1: Download GeoIP data. Step 2: Regex. Step 3: pfctl yourself some new tables into memory Step 4: Cronjob it Step 5: ??? Step 6: Profit http://lists.freebsd.org/pipermail/freebsd-pf/2007-May/003299.html

Step 1: Download GeoIP data.
Step 2: Regex.
Step 3: pfctl yourself some new tables into memory
Step 4: Cronjob it
Step 5: ???
Step 6: Profit

]]>