From owner-freebsd-questions@freebsd.org Sun Nov 5 01:00:09 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72CEDE5C1F9 for ; Sun, 5 Nov 2017 01:00:09 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from mail.pettijohn-web.com (pettijohn-web.com [108.61.222.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pettijohn-web.com", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2EF0E6611D for ; Sun, 5 Nov 2017 01:00:08 +0000 (UTC) (envelope-from edgar@pettijohn-web.com) Received: from FreeBSD (50.59.65.174 [50.59.65.174]) by mail.pettijohn-web.com (OpenSMTPD) with ESMTPSA id 5d0593ae TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO for ; Sat, 4 Nov 2017 20:00:01 -0500 (CDT) Date: Sat, 4 Nov 2017 19:58:51 -0500 From: Edgar Pettijohn To: freebsd-questions@freebsd.org Subject: spamd Message-ID: <20171105005850.GA77940@FreeBSD> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 01:00:09 -0000 Was the /etc/services file recently changed by an update? If so I didn't notice it listed as a file to be changed. Either way my cron job to run spamd-setup was complaining that spamd-cfg couldn't be found in /etc/services. It was an easy fix. If you are reading this because you had the same issue. Just add these lines: spamd 8025/tcp #spamd spamd-sync 8025/udp #spamd sync spamd-cfg 8026/tcp #spamd configuration Thanks, Edgar From owner-freebsd-questions@freebsd.org Sun Nov 5 14:18:32 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F4DBE6CF3F for ; Sun, 5 Nov 2017 14:18:32 +0000 (UTC) (envelope-from fbsdq@juicer.orange-carb.org) Received: from secure.orange-carb.org (secure.orange-carb.org [76.10.176.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 329128130F for ; Sun, 5 Nov 2017 14:18:31 +0000 (UTC) (envelope-from fbsdq@juicer.orange-carb.org) Received: (qmail 2043 invoked by uid 1009); 5 Nov 2017 09:11:48 -0500 Message-ID: <20171105141148.2041.qmail@secure.orange-carb.org> From: fbsdq@juicer.orange-carb.org (Colin Henein) Subject: Modernizing freebsd-update or moving to source upgrades To: freebsd-questions@freebsd.org Date: Sun, 5 Nov 2017 09:11:48 -0500 (EST) X-Mailer: ELM [version 2.5 PL8] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 14:18:32 -0000 Greetings all. With the new EOL policy, people will need to be upgrading a lot more than before, and I am wondering if there are plans to improve or replace the freebsd-update utility with something more modern. I have enjoyed using freebsd for almost 20 years. I was delighted when freebsd-update first came out, but have found many challenges using it. It works fine for within-release upgrades and pretty well for minor-point releases, but I have twice had catastrophic failures when upgrading across a major release boundary that could not be downgraded using the tool. This makes me extremely nervous to run freebsd-upgrade. Aside from catastrophic failures, the system provided for "merging" configuration files is one that only a robot could love. Tens to hundreds of files to merge (frequently the code intended to prevent version numbers from needing to be merged does not work, especially if freebsd-update has been used to perform upgrades more than once, especially multiple major upgrades). If any error is made in this delicate process it is impossible to go back and fix a file that has already been saved. No warning if any merge tag is missed, and merge characters can easily be saved into (and break) critical files. I certainly appreciate the work of the original developer in creating the tool, but if the community is moving to more frequent updates then I would suggest that this tool needs to be revisited to improve usability and safety. If this tool is not going to be updated soon, then I think I need to move to updating fbsd from source. QUESTION: Do I need to do anything special to change over to updating fbsd from source if I have been using freebsd-update in the past? I see the instructions at section 23.5 of the handbook. Can I just check out a new source tree with SVN from the 11.1 repository and follow the steps to overwrite 11.0 with 11.1? Very much appreciate any tips, especially on merging files in etc. Regards, Colin From owner-freebsd-questions@freebsd.org Sun Nov 5 14:32:58 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 548C2E6D3A5 for ; Sun, 5 Nov 2017 14:32:58 +0000 (UTC) (envelope-from srguglielmo@gmail.com) Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CD7C081A48 for ; Sun, 5 Nov 2017 14:32:57 +0000 (UTC) (envelope-from srguglielmo@gmail.com) Received: by mail-lf0-x22a.google.com with SMTP id k40so7839608lfi.4 for ; Sun, 05 Nov 2017 06:32:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Wl2KRi7yEkeJNm2XIANxZslyVkXMuHjEGNCIEcEag4U=; b=RkQiCbyvxCZ2oxBJ7ipOnQTNFy9bVOSwNxdUl2aOeO9M6jSXyBhRyI3k0cvAROtEcf CcnJSLmHOaw+diSSXilJbAp9y9k9HhekhmlEmkObccA92xqzJkcpjbZGnxpTmTtHt9IX A/y5EghrMY5gvkUgjsCGtdaXbVhDbk4iSAD6ZcqyQSTcCWdmnrH4cy75q3mJ4CZIp8JF 6y2srNqNqWLYjwU8yWhr1aIkPNq8WevQS5TCRCdXp9veFEW70I2OSXnKn4fkD4kTVqQ7 HeJLvgKN/eLZN2TUf/3Go79oIw5jC8vrNK6fnZfliX7gR26RQeJegxmPxWD3lGca1/QR 2wnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Wl2KRi7yEkeJNm2XIANxZslyVkXMuHjEGNCIEcEag4U=; b=qee7oZTMjV3G7NXCY/oRmnR6zZZep2g8Ibk3e0Yqco2kPVl69DHSjb1dn7zD53X9NM 2ziL5Dsx2LRh3yraIlxBhUxYY6D/I+GOUfe1nL2JACFvxtBEUrwhgBLvqHo1P8dvlAfI yXVGf1r4DIkJJ/SR8LffTj5sh1OOgQozQLJLffisUxs6SeUoihREUvxAG4gxJ15vAE37 yR7Gak1EzNSrlwqyY7GU9BMh05xc8BCfTsK8RJjSiMgWI6a68vwtR99DBosaJqCfa1b3 PHD0+wmAKFlaDsYzdiL818ZLmVLBwzuKzr87W04t+//kzoMOJQEmHXFtC8NVInL+IPzZ r06w== X-Gm-Message-State: AMCzsaXCCAEB7x2Ui8VcsWuexxOTGQkQct/8wQo0HCHkW0RqAqCVDQjm HwXsaF3/ZxsBTKwmV9x31Rh4PLK5VQ/VxmxJd+uz1g== X-Google-Smtp-Source: ABhQp+RouIv30BLv9SK76rA5aF5XpAFpcXz9HKxTEPVQ5xxVMKapR8ck5QQUS3XhNwBIdFw5CIcedMkquGnmNDe+sTU= X-Received: by 10.46.80.16 with SMTP id e16mr5333448ljb.165.1509892375707; Sun, 05 Nov 2017 06:32:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.46.18.10 with HTTP; Sun, 5 Nov 2017 06:32:54 -0800 (PST) Received: by 10.46.18.10 with HTTP; Sun, 5 Nov 2017 06:32:54 -0800 (PST) In-Reply-To: References: From: Stephen R Guglielmo Date: Sun, 5 Nov 2017 09:32:54 -0500 Message-ID: Subject: Re: Configuring Drupal8 fails To: FreeBSD Mailing list Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 14:32:58 -0000 On Nov 4, 2017 7:46 AM, "Carmel NY" wrote: I am looking for someone with experience with Drupal8. I am not able to get this application up and running. I have read the documentation that came with the program and even purchased the "Beginning Drupal8" by Todd Tomlnson. Alas, without success. The setup script freezes immediately after entering the database info. The tables are entered into the MySQL database, but that is it. I am also continually receiving a "time" error that I cannot understand or correct. FreeBSD 11.1-RELEASE-p3 (amd64) PHP 5.6.32 (cli) mysql Ver 14.14 Distrib 5.6.38 This is the error message: Warning: DateTime::createFromFormat(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. Set date.timezone in your PHP.ini file (/usr/local/etc/php.ini, if I recall correctly). https://secure.php.net/manual/en/datetime.configuration.php#ini.date.timezone From owner-freebsd-questions@freebsd.org Sun Nov 5 16:35:43 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36965E379E0 for ; Sun, 5 Nov 2017 16:35:43 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-oln040092004067.outbound.protection.outlook.com [40.92.4.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCEB81831 for ; Sun, 5 Nov 2017 16:35:42 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=tQr364ZxQJ0J8L8iCs/kj+7rt8JFhOo4fkKc6XxMzHI=; b=KbhjBgZZo0/+YN0oWm80BPji13cIkFoguDqZiDu0v8ieF8pHOUqqlmxz2XGzkCbDkJCFn1j5ME/ONizadwJf/4cQuy4jML3iN2L1PzT7nrX2ENZuMJT4lBJrI9UnltLSLlksHxtErEjThhtnDQY1z9Nw5Bx4sUM70OZ5mcaWiA8kOujKC+tDBXz8t0iF/QO2MovmfudO2qkk5FTyduDtWev3lhuvY9EfxNzv9W8rivsS8Euy6y/sryTkcUNVHOQnNiSV0aXhOa2Ag2nEdwIJf0UtuCDjdCWiMC7tDhqpPnwWwDChrc1rCTPQW44h6GTtM8S5wLpXeA4cqm11BPvKHA== Received: from CY1NAM02FT003.eop-nam02.prod.protection.outlook.com (10.152.74.57) by CY1NAM02HT022.eop-nam02.prod.protection.outlook.com (10.152.74.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.178.5; Sun, 5 Nov 2017 16:35:41 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com (10.152.74.51) by CY1NAM02FT003.mail.protection.outlook.com (10.152.74.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.197.9 via Frontend Transport; Sun, 5 Nov 2017 16:35:41 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) by BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) with mapi id 15.20.0197.017; Sun, 5 Nov 2017 16:35:41 +0000 From: Carmel NY To: FreeBSD Subject: Re: Configuring Drupal8 fails Thread-Topic: Configuring Drupal8 fails Thread-Index: AQHTVWKAFYXkLOk47025nq1fEy3QfA== Date: Sun, 5 Nov 2017 16:35:41 +0000 Message-ID: References: In-Reply-To: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=outlook.com; x-incomingtopheadermarker: OriginalChecksum:52B956D8E09B8BECB3363F030933C16E7FBB13260611B3CB2B9E77C5423E7C0B; UpperCasedChecksum:26E1D06250ABA512B39E9C6E4C236F8AABAF70C7F05EE32791F5B4931C7515D4; SizeAsReceived:7123; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [w4eYenkWDBxAwaoCXszZmMU3mF0h0fGJ] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1NAM02HT022; 6:YO46juCsJ9bQU+GU4dKWWKyenikBksSADO1TU9bMrj1r+GqBPSZz1HBVUPl1dtXnSQdH9lUB306kfrRT7G8//lGxfUeJYmYyABu3r2yYO3ajiu6zoxzVfcWK1yVPLb04lxENkitkj06tERGZ+KkR3qZKsKqCDKMiJK+LHM9zuJtvrrbMLqxT3uatxJZbg0iwjeVKaQ1lDFl4BG6oRPOq/wjKLWCJPzzUyHfiuNV26ilC8hgnFM446zFTNDT9gdaa7cnzFSWfKMqJjWilK3JfXiglcxYlpxlbq5xcL5Z6ULIQWp121+EGwcxFmOmdQ4c0PhCpjyDoTchocDs6u9UDGB+jWfy6jSn6HcPxVcRPwbs=; 5:5rId2kXVM7YOshVs28AJ1TFzGHNP6SeFIUu6hhm9Qt2Qh1rx+MtztvblLesek67mq+5Kg/XzCPjX6EByExqlfy/Z7pHXxn8B/EPSiVuXZl4KOTvrxkECZQxGQ1/sSmjP38swxZdYqTPJn8STOHZFR/OcCpRCn275+xuMAUobXOU=; 24:7NjD2GJwo6fx7+UyUof2m13sqHnCl4v4Zt+tozXE9Iaj9VF9vFYxhumKzbNymkyjZESsVo1J4oh2UwXCYY2oAXIOhL55vBPsjj1gEKW9r8o=; 7:1oK+OlJEhAKHrhexX0m/TniT0J1XHDJ0DVJzSvcgDRpUt8or+g4WEOLNSWDDex3k/y++dizhXuuju31muo3zDnBCdC5XOj5pxutR/80FQyrbyOmzrmG9hR8Y1OmJaNOXpohi1wym9KgH/wet0hEBjHWbRuCCmdLK1ZvS0kqZFUYs+QhebRUBRB3bdCeaXJDsXTu9FWK7PPBaugRMlrN8+yet0gJZ20g5Q9/jtUuVGLXrMQRpHgZeDDje0zw+gP6a x-incomingheadercount: 47 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 931f7811-8751-45a1-1e7e-08d5246b4077 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045); SRVR:CY1NAM02HT022; x-ms-traffictypediagnostic: CY1NAM02HT022: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:CY1NAM02HT022; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1NAM02HT022; x-forefront-prvs: 04825EA361 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:CY1NAM02HT022; H:BN6PR2001MB1730.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <4C385E9F429EA44BAB1B0BF3DD08227F@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 931f7811-8751-45a1-1e7e-08d5246b4077 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2017 16:35:41.1786 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT022 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 16:35:43 -0000 On Sun, 5 Nov 2017 09:32:54 -0500, Stephen R Guglielmo stated: >Set date.timezone in your PHP.ini file (/usr/local/etc/php.ini, if I recal= l >correctly). That was the problem; however, by default, php56 does not create a "php.ini= " file. It does; however, install both a "php.ini-development" and a "php.ini-production" file. "php56", if configured to build a "CLI" version, looks first for a "php-cli.ini" file and then a "php.ini" file, neither of which are installed by default. After doing some Googling, I discovered the problem and corrected it. I don't know why there is no package message regarding this fact, or why th= ese two identical files, except for name, are installed. Why not just one and instruct the end user to rename it to the appropriate name, either "php-cli.ini" or "php.ini". Telling them to enter the "date.timezone" info would be a plus. Perhaps, I should contact "ale@FreeBSD.org" and ask his opinion on this. In any case, I also discovered that Apache24 must be restarted for these changes to take effect. --=20 Carmel From owner-freebsd-questions@freebsd.org Sun Nov 5 17:54:39 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A991E4C647 for ; Sun, 5 Nov 2017 17:54:39 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) Received: from relay2.tomsk.ru (mail.sibptus.tomsk.ru [212.73.124.5]) by mx1.freebsd.org (Postfix) with ESMTP id D52C0632C7 for ; Sun, 5 Nov 2017 17:54:38 +0000 (UTC) (envelope-from vas@mpeks.tomsk.su) X-Virus-Scanned: by clamd daemon 0.98.5_1 for FreeBSD at relay2.tomsk.ru Received: from [212.73.125.240] (HELO admin.sibptus.transneft.ru) by relay2.tomsk.ru (CommuniGate Pro SMTP 5.1.16) with ESMTPS id 39855173 for freebsd-questions@freebsd.org; Sun, 05 Nov 2017 23:49:51 +0600 Received: from admin.sibptus.transneft.ru (sudakov@localhost [127.0.0.1]) by admin.sibptus.transneft.ru (8.15.2/8.15.2) with ESMTP id vA5HsX49040775 for ; Mon, 6 Nov 2017 00:54:35 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) Received: (from sudakov@localhost) by admin.sibptus.transneft.ru (8.15.2/8.15.2/Submit) id vA5HsTVv040774 for freebsd-questions@freebsd.org; Mon, 6 Nov 2017 00:54:29 +0700 (+07) (envelope-from vas@mpeks.tomsk.su) X-Authentication-Warning: admin.sibptus.transneft.ru: sudakov set sender to vas@mpeks.tomsk.su using -f Date: Mon, 6 Nov 2017 00:54:29 +0700 From: Victor Sudakov To: freebsd-questions@freebsd.org Subject: Re: Modernizing freebsd-update or moving to source upgrades Message-ID: <20171105175428.GA40566@admin.sibptus.transneft.ru> References: <20171105141148.2041.qmail@secure.orange-carb.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171105141148.2041.qmail@secure.orange-carb.org> Organization: AO "Svyaztransneft", SibPTUS X-PGP-Key: http://www.dreamwidth.org/pubkey?user=victor_sudakov X-PGP-Fingerprint: 10E3 1171 1273 E007 C2E9 3532 0DA4 F259 9B5E C634 User-Agent: Mutt/1.9.1 (2017-09-22) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 17:54:39 -0000 Colin Henein wrote: [dd] > > QUESTION: Do I need to do anything special to change over to > updating fbsd from source if I have been using freebsd-update in the > past? I see the instructions at section 23.5 of the handbook. Can I > just check out a new source tree with SVN from the 11.1 repository > and follow the steps to overwrite 11.0 with 11.1? Very much > appreciate any tips, especially on merging files in etc. From my experience, the source upgrade is more failsafe than the binary upgrade. If in doubt, I always use the source upgrade. IMHO you don't need to do anything special, just follow the instructions in /usr/src/Makefile, and don't forget the delete-old step. The mergemaster utility is also much more convenient than freebsd-update's merge routine, and you can rerun it as many times as you wish provided you have backed up your original /etc. I have always wondered if I could somehow use mergemaster together with binary upgrades. The last problem I had with freebsd-update (AFAIK when upgrading from 9.x to 10.x) was that after the first "freebsd-update install && reboot" all my network interfaces were gone: the old ifconfig did not go well with the new kernel. Luckily I had console access. I don't know however if this would have happened in case of a source upgrade. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN AS43859 From owner-freebsd-questions@freebsd.org Sun Nov 5 23:27:05 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27D0DE54D40 for ; Sun, 5 Nov 2017 23:27:05 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay12.qsc.de (mailrelay12.qsc.de [212.99.163.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9BA1770CD0 for ; Sun, 5 Nov 2017 23:27:04 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay12.qsc.de; Mon, 06 Nov 2017 00:26:48 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 9611C3CBF9; Mon, 6 Nov 2017 00:26:47 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vA5NQlCM005746; Mon, 6 Nov 2017 00:26:47 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 6 Nov 2017 00:26:47 +0100 From: Polytropon To: fbsdq@juicer.orange-carb.org (Colin Henein) Cc: freebsd-questions@freebsd.org Subject: Re: Modernizing freebsd-update or moving to source upgrades Message-Id: <20171106002647.db7be6d4.freebsd@edvax.de> In-Reply-To: <20171105141148.2041.qmail@secure.orange-carb.org> References: <20171105141148.2041.qmail@secure.orange-carb.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay12.qsc.de with 18D436A379C X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1508 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Nov 2017 23:27:05 -0000 On Sun, 5 Nov 2017 09:11:48 -0500 (EST), Colin Henein wrote: > With the new EOL policy, people will need to be upgrading a lot more > than before, and I am wondering if there are plans to improve or > replace the freebsd-update utility with something more modern. This will soon be pkg's task. If I understand the ongoing development correctly, pkg will also manage the base (i. e., the OS) components which will then be thought of as packages, too. > I have enjoyed using freebsd for almost 20 years. I was delighted when > freebsd-update first came out, but have found many challenges using > it. It works fine for within-release upgrades and pretty well for > minor-point releases, but I have twice had catastrophic failures when > upgrading across a major release boundary that could not be downgraded > using the tool. This makes me extremely nervous to run > freebsd-upgrade. For the common security upgrades, freebsd-update is very convenient. > Aside from catastrophic failures, the system provided for "merging" > configuration files is one that only a robot could love. Tens to > hundreds of files to merge (frequently the code intended to prevent > version numbers from needing to be merged does not work, especially if > freebsd-update has been used to perform upgrades more than once, > especially multiple major upgrades). If any error is made in this > delicate process it is impossible to go back and fix a file that has > already been saved. No warning if any merge tag is missed, and merge > characters can easily be saved into (and break) critical files. Configuration files are the things you still need to _really_ pay attention to. Sometimes, new system facilities are added, others are abolished, and things like /etc/passwd or /etc/ttys need to reflect those changes. Of course, a system administrator probably has lots of his own changes to those files, to properly (!) merging is needed. > I certainly appreciate the work of the original developer in creating > the tool, but if the community is moving to more frequent updates > then I would suggest that this tool needs to be revisited to improve > usability and safety. > > If this tool is not going to be updated soon, then I think I need to > move to updating fbsd from source. This doesn't free you from the task of caring for those changes (usually in system configuration files). > QUESTION: Do I need to do anything special to change over to updating > fbsd from source if I have been using freebsd-update in the past? I > see the instructions at section 23.5 of the handbook. Can I just check > out a new source tree with SVN from the 11.1 repository and follow > the steps to overwrite 11.0 with 11.1? Very much appreciate any tips, > especially on merging files in etc. Just pay attention to /usr/src/Makefile's comment header which shows the correct updating and installation procedure. When if builds, it usually installs. Make a backup (as always). But: No, nothing special is needed to perform updates from source. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Mon Nov 6 00:19:21 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D806BE55C5B for ; Mon, 6 Nov 2017 00:19:21 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from cdptpa-cmomta01.email.rr.com (cdptpa-outbound-snat.email.rr.com [107.14.166.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A542C71C9C for ; Mon, 6 Nov 2017 00:19:20 +0000 (UTC) (envelope-from baho-utot@columbus.rr.com) Received: from raspberrypi.bildanet.com ([65.186.81.207]) by cmsmtp with ESMTP id BV6DeJuimykfIBV6GegmXH; Mon, 06 Nov 2017 00:17:12 +0000 Received: from [192.168.1.143] (helo=desktop.example.com) by raspberrypi.bildanet.com with esmtp (Exim 4.84) (envelope-from ) id 1eBV8B-0003EX-1A for freebsd-questions@freebsd.org; Mon, 06 Nov 2017 00:19:11 +0000 Subject: Re: Modernizing freebsd-update or moving to source upgrades To: freebsd-questions@freebsd.org References: <20171105141148.2041.qmail@secure.orange-carb.org> <20171106002647.db7be6d4.freebsd@edvax.de> From: Baho Utot Message-ID: <52adfb20-69cc-c9d9-03b0-3df17bf0243e@columbus.rr.com> Date: Sun, 5 Nov 2017 19:19:10 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171106002647.db7be6d4.freebsd@edvax.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfA/hyXGrOB6QC1VcHzJmQikNbebbIA33ABlbWk86I0yGU9sL5oO0i8Ce5usg0IB6e5tCVTF8KGQR7a7TI+O7RJ7A56n4hmrUawSNa/iyXBQkfa1rTlSH 4JMtCJB3AvMQ82CV+i08BH+Jj5Vtfq5K/Ixu03YjnbiaZALRYEcqj2cYkMW6Q1wTGWAconPzHfsUqvzUu8qq2V66SIFS+PnXM5M= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 00:19:22 -0000 On 11/05/17 18:26, Polytropon wrote: > On Sun, 5 Nov 2017 09:11:48 -0500 (EST), Colin Henein wrote: >> With the new EOL policy, people will need to be upgrading a lot more >> than before, and I am wondering if there are plans to improve or >> replace the freebsd-update utility with something more modern. > > This will soon be pkg's task. If I understand the ongoing development > correctly, pkg will also manage the base (i. e., the OS) components > which will then be thought of as packages, too. > > I tried once to use the packaged base and all I could say was OH SHIT! amonst other 4 letter words. No packaged base for me unless I do it my self. From owner-freebsd-questions@freebsd.org Mon Nov 6 01:16:40 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE00AE56D3E for ; Mon, 6 Nov 2017 01:16:40 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A8270731ED for ; Mon, 6 Nov 2017 01:16:40 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pg0-x22b.google.com with SMTP id a192so6934278pge.9 for ; Sun, 05 Nov 2017 17:16:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:disposition-notification-to :date:user-agent:mime-version:in-reply-to:content-language; bh=6LwVRsVfbinvysOxVzl59iD12Nl2vrOnDXcMQ2q49p4=; b=qnVIZyeryi/C4s6v5Q1mBDg41ncCfbNJF3ntdvF8uZmKICnR1SDbAfJgDYTzPqKA8q VKJsvSC7pJBCy+3mzg9ZyLRBD/iAqaOfxiuPRK9ZjUZW5UtEcjF9sosmZzY8eXul3t0d llatQFG9oRXrVSubQjiFGFuoeKogo1aSOiTDkO7HstUJh79u6ACmGQN3XFjaJwBVg39l AtxEmvN9DU9aEcOLyR5yNunmdCO12yxxOXF0tMTI29KyOx6gBgjEeuk+vo6H5qxPB3rs uaL8ShzmFUEbPiBIfkwkhCFHSz5TdyZILwGNFZCESY+9newvtGhtY2sYRs+LqpI9ycuZ AT9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-language; bh=6LwVRsVfbinvysOxVzl59iD12Nl2vrOnDXcMQ2q49p4=; b=t9KxfufHfNCoMy/Nx/8Zm+iz170lrVyxSa9nmqj4eUNmoWUGBi2QyMAx/mgkjkebVx goDNFJd1wLVdy+LJS/pHyB0b+cenVyKI+qUQyq6nzxrJTEECgenJy1IYfj6/twmYXwF7 7f38QC9IgtVTfyXcHeRI0S5zIYoYnQNznmSe9S7jvWU666pINcIqcdINeI+r+zMGT0F2 2aUK4oapbKlRw3+1u9x3hqbjYbW9ItPmkIfJKA5wutBv8fzFH84sTuy27URsSqsv81EG AoMneiS/EPdPm4gYtkDgBfxpVeRRTnUc7XWY4pHf+nI8PjndkkT2XZSmJu3zhL2xabuh ci1A== X-Gm-Message-State: AMCzsaWFKNqdPItYFnXSghTZ3TKoDiNHK1xJM+OfUdhZwm0mtvo+zxdS SZ+vAthsHNFv4+FQyGesFJ2siw== X-Google-Smtp-Source: ABhQp+Q4osuClISkl+OWnTOzCg2A2Fcr9aj9X8xsFq24E2r8sbwo4LylE+Mn7YozFN5CtN2BuBJyyg== X-Received: by 10.101.70.15 with SMTP id v15mr11172217pgq.320.1509931000053; Sun, 05 Nov 2017 17:16:40 -0800 (PST) Received: from [192.168.1.7] (47-33-76-3.dhcp.rvsd.ca.charter.com. [47.33.76.3]) by smtp.googlemail.com with ESMTPSA id o10sm16747428pgq.69.2017.11.05.17.16.39 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 05 Nov 2017 17:16:39 -0800 (PST) Subject: Re: freebsd-questions Digest, Vol 700, Issue 6 To: freebsd-questions@freebsd.org References: From: "J.B." Message-ID: <977cc6e1-219b-8213-4790-1f28cbaebb67@gmail.com> Date: Sun, 5 Nov 2017 17:16:38 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 01:16:41 -0000 > > Message: 4 Date: Fri, 3 Nov 2017 10:44:04 -0700 From: "J.B." > To: freebsd-questions@freebsd.org > Subject: VT_ALT_TO_ESC_HACK for sc (syscons) Message-ID: > <184bbd63-e635-1d52-19a6-3e9c1a414e40@gmail.com> Content-Type: > text/plain; charset=utf-8; format=flowed FreeBSD 11.1-RELEASE is using > vt as the default console driver, and it contains a hack which maps an > ESC sequence to the Alt key on your keyboard. FreeBSD 10.3-RELEASE > uses sc as the default driver, and the Alt keys don't register a > keystroke for most cases. On vt, Alt-b, Alt-f, Alt-Backspace, etc., > behave as they do when logged in over SSH using a bash shell (with its > default emacs bindings): move the cursor backwards one word, forwards > one word, delete word to the right of the cursor, etc. How can that > effect be replicated on sc? I tried a new keymap using kbdcontrol, but > there's no way to map key combinations onto the alt-b, alt-f, alt-bs, > etc., sequences -- the mapfile only allows for single keystrokes. I > know I can set vt as the console driver on 10.3-RELEASE, but the font > in vt is so ugly I want to gouge other peoples' eyes out to save them > from the horrors of seeing it. Adjusting the screen resolution only > helped a tiny bit -- not enough to save peoples' eyes from my angry > fingers. Tried the sample fonts inside /usr/share/vt/fonts/ already. Nobody knows how to implement that hack or replicate its effect on sc? Then what about getting vt's display to look like sc? From owner-freebsd-questions@freebsd.org Mon Nov 6 02:01:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 648F8E575CE for ; Mon, 6 Nov 2017 02:01:06 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay15.qsc.de (mailrelay15.qsc.de [212.99.187.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E11C37453C for ; Mon, 6 Nov 2017 02:01:04 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay15.qsc.de; Mon, 06 Nov 2017 03:00:05 +0100 Received: from r56.edvax.de (port-92-195-23-159.dynamic.qsc.de [92.195.23.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 58A3F3CBF9; Mon, 6 Nov 2017 02:59:59 +0100 (CET) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id vA61xxv3007453; Mon, 6 Nov 2017 02:59:59 +0100 (CET) (envelope-from freebsd@edvax.de) Date: Mon, 6 Nov 2017 02:59:59 +0100 From: Polytropon To: "J.B." Cc: freebsd-questions@freebsd.org Subject: Re: freebsd-questions Digest, Vol 700, Issue 6 Message-Id: <20171106025959.231c2772.freebsd@edvax.de> In-Reply-To: <977cc6e1-219b-8213-4790-1f28cbaebb67@gmail.com> References: <977cc6e1-219b-8213-4790-1f28cbaebb67@gmail.com> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay15.qsc.de with A3090683622 X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:1.003 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 02:01:06 -0000 On Sun, 5 Nov 2017 17:16:38 -0800, J.B. wrote: > > > > Message: 4 Date: Fri, 3 Nov 2017 10:44:04 -0700 From: "J.B." > > To: freebsd-questions@freebsd.org > > Subject: VT_ALT_TO_ESC_HACK for sc (syscons) Message-ID: > > <184bbd63-e635-1d52-19a6-3e9c1a414e40@gmail.com> Content-Type: > > text/plain; charset=utf-8; format=flowed FreeBSD 11.1-RELEASE is using > > vt as the default console driver, and it contains a hack which maps an > > ESC sequence to the Alt key on your keyboard. FreeBSD 10.3-RELEASE > > uses sc as the default driver, and the Alt keys don't register a > > keystroke for most cases. On vt, Alt-b, Alt-f, Alt-Backspace, etc., > > behave as they do when logged in over SSH using a bash shell (with its > > default emacs bindings): move the cursor backwards one word, forwards > > one word, delete word to the right of the cursor, etc. How can that > > effect be replicated on sc? I tried a new keymap using kbdcontrol, but > > there's no way to map key combinations onto the alt-b, alt-f, alt-bs, > > etc., sequences -- the mapfile only allows for single keystrokes. I > > know I can set vt as the console driver on 10.3-RELEASE, but the font > > in vt is so ugly I want to gouge other peoples' eyes out to save them > > from the horrors of seeing it. Adjusting the screen resolution only > > helped a tiny bit -- not enough to save peoples' eyes from my angry > > fingers. Tried the sample fonts inside /usr/share/vt/fonts/ already. > Nobody knows how to implement that hack or replicate its effect on sc? As far as I know, sc does not support this kind of capturing key events. A notable exception is Alt+PF1, Alt+PF2 and so on for switching the virtual terminals which is "handled interally" (by the console driver itself) and won't be available to text mode programs. Maybe /usr/src/sys/dev/syscons/syscons.c reveals the magic, which probably involves ioctl()... > Then what about getting vt's display to look like sc? Not possible, as it seems. This has been discussed recently. There are too many "moving parts" within vt and in the surrounding tools. Essentially, text mode is dead. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... From owner-freebsd-questions@freebsd.org Mon Nov 6 07:23:22 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0357AE5570B for ; Mon, 6 Nov 2017 07:23:22 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 71CED634EA for ; Mon, 6 Nov 2017 07:23:21 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:f0e5:285e:d5f1:a12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id C980F2C5E for ; Mon, 6 Nov 2017 07:23:17 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: Modernizing freebsd-update or moving to source upgrades To: freebsd-questions@freebsd.org References: <20171105141148.2041.qmail@secure.orange-carb.org> <20171106002647.db7be6d4.freebsd@edvax.de> <52adfb20-69cc-c9d9-03b0-3df17bf0243e@columbus.rr.com> From: Matthew Seaman Message-ID: <2352f272-78c1-c3f9-8cc1-b6932321d1c7@FreeBSD.org> Date: Mon, 6 Nov 2017 07:23:16 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <52adfb20-69cc-c9d9-03b0-3df17bf0243e@columbus.rr.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="JBlTm2dgoHHsNcjgWxSSsXj4SqqOQpCb9" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 07:23:22 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JBlTm2dgoHHsNcjgWxSSsXj4SqqOQpCb9 Content-Type: multipart/mixed; boundary="1EPb53ndUTUD1axafUsMG0GJOsL9ewCwd"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: <2352f272-78c1-c3f9-8cc1-b6932321d1c7@FreeBSD.org> Subject: Re: Modernizing freebsd-update or moving to source upgrades References: <20171105141148.2041.qmail@secure.orange-carb.org> <20171106002647.db7be6d4.freebsd@edvax.de> <52adfb20-69cc-c9d9-03b0-3df17bf0243e@columbus.rr.com> In-Reply-To: <52adfb20-69cc-c9d9-03b0-3df17bf0243e@columbus.rr.com> --1EPb53ndUTUD1axafUsMG0GJOsL9ewCwd Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 06/11/2017 00:19, Baho Utot wrote: > On 11/05/17 18:26, Polytropon wrote: >> On Sun, 5 Nov 2017 09:11:48 -0500 (EST), Colin Henein wrote: >>> With the new EOL policy, people will need to be upgrading a lot more >>> than before, and I am wondering if there are plans to improve or >>> replace the freebsd-update utility with something more modern. >> This will soon be pkg's task. If I understand the ongoing development >> correctly, pkg will also manage the base (i. e., the OS) components >> which will then be thought of as packages, too. > I tried once to use the packaged base and all I could say was OH SHIT! > amonst other 4 letter words.=C2=A0 No packaged base for me unless I do = it my > self. pkg base is still under development, and your experience is not necessarily representative any more -- the current state is, in my opinion, fairly usable. Most of the problems are bits of missing functionality, rather than pkg(8) misbehaving. One of the principal missing parts is managing configuration files under /etc -- while pkg(8) has built-in merging functionality and should be quite capable of doing the sort of 3-way merge needed, the advice at the moment is to use mergemaster(8) or etcupate(8). That implies that you have a checked-out /usr/src available, but then you'ld need that anyhow in order to build the base system packages. The other missing bits are managing having several different kernels installed: typically you'ld want the latest new kernel to be installed /without/ removing the previous one, so that there is a safety net if the latest kernel is somehow defective. Despite the missing bits, pkg base is otherwise in pretty good shape and quite workable -- although I wouldn't advise using it for anything that your livelihood depends on just yet. Cheers, Matthew --1EPb53ndUTUD1axafUsMG0GJOsL9ewCwd-- --JBlTm2dgoHHsNcjgWxSSsXj4SqqOQpCb9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAloADeVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcUHG1hdHRoZXdA ZnJlZWJzZC5vcmcACgkQAFE/EOCp5OeFdBAAr9V4ZB9RvcNRTt8byihrbk4lNk0d it+SUM2N83eer8VAnvHJJbW58+MQei5EUNM+YN+wojrtfvrZe+pRvVX6Sh9J7DhW 4/q6rFMUUj+Oi6S9ljL+ls8Cz81Sg9DASBANGnHOyx8/wtrdxKVAlRfZGu+ZgAoK b93pYHefQ+i+9ARfdPHqSbqvU4fkRdf7/lJVK5yPHsTg2Cx4XXBjFR7VR5avyrDo pi2j/HhI9e/Nw7Rgdg/b2H0uAnNn2D0C/0iKv8TUbAltRg0B9OlbJtd3CRGNUDqQ 5JLcC1JVmRgNrDMBo89EvVW+08+Q+hLduy5i+QENxa6a8Y8eoJEBqoPCt8a/+MHE p6IF9Fb4naZZcvIghfvrmzkJ2ytmcHD1t7s6y4xFvQLD3HbkHo3pAXniIaNR3JUo A89eRHdPW9UfbG8M/aoG/sjuIHT+xC1hkPgiBaBKT9CsNIJFBQCgEbIvwxQ8PIIm hUP/m8IGGeCmOt72p5gPKCz/71SMkEn28Y9fJIPtVRvW1ZeTNOqCo6Wp9ODS0oo5 g5RfSsS5OUrSoeM2F0Mr+va2er8QPFLyuHRGveMYbmk2R5gX33NRw7TmTB7LCvGC jKOSIkc5t0jxAZhxtUTM44LIf8OZI3oA2QhRFZEjQ1RI5pS3ix9CuvLBBAUrQlFG TCXATvn4qH8CK90= =AwvT -----END PGP SIGNATURE----- --JBlTm2dgoHHsNcjgWxSSsXj4SqqOQpCb9-- From owner-freebsd-questions@freebsd.org Mon Nov 6 08:38:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED02EE56E2F for ; Mon, 6 Nov 2017 08:38:42 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7DFB165883 for ; Mon, 6 Nov 2017 08:38:42 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x22f.google.com with SMTP id y83so12308154wmc.4 for ; Mon, 06 Nov 2017 00:38:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Ej2a7hOgknOWpzIdzgcBiuwYHUkyma3FXHBAWdnvOHE=; b=J1/8ZC01PTM94bOBsqwe3xf/CjQs1MWXJIzckv458lOViMOSCRq158OQ8tSLP0o+5M I7L9kZUt/EDzch5KTmqL0K1DLh48dqfAdXmSv56sDHY70CRtDEQ2Twl7ADJazr/LyDx0 3iXLKVqgPgHi27vE3hbUJWzbP68iZXE49ae6xdWh/1Fj/t1dPzdKGvUfxuzBGD7V/amP yZFOas3C2tzrEohn3REDxcZqtxVLI9wRbEBhBebSyQuHTZM6oOx7hdDhXwEtJWrW6hT+ 2LVYewEO3QY2o3XszrDRlyLne/mb1sO3oTfplr0l2OOEVyKMp+a+Rggf2qSkJ10qVGLD R3Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ej2a7hOgknOWpzIdzgcBiuwYHUkyma3FXHBAWdnvOHE=; b=YFfZEQEIK3OkzB9p2pAR+Ja7PuExqjeG4yoBHl5kB+78MMT9h0U9R426XQbGi4iMKk QJberNnprKHm4AidWdC+pSmcjVklWqooG9KwWVuxz4qvXppRxCFoB9DWNEBXmQyfWIxD DeyrOH94HdBiRDPUd0Be1dYNSauqpU3ulMJzapLpL9M65xugM1R51toZwrrPyogzyBNV Lk3YjBMm4QWINZTz7blvN8AYIGLilcUnVtO7ivIaC4+e+7WnUj5+PhtHyUEKv+CcpMpj P8rL9kccIg46X4kxRTI3roJmOJW5O9QwXb7Eixo5d/yuMZOj2HiiyL3JqrvoTAMAhXC9 3jKA== X-Gm-Message-State: AJaThX4i4cSpZ3mdQbYIk2y0w3UrjcmJrQJY1HoEPDe3dcfT6VVjY8Nq e39e1f9njjyMp4xKnNau/KvETjnZZYG1pxi2Deprf2jX X-Google-Smtp-Source: ABhQp+TrfGKviv/CGnx6OAY+LYUCOCp9hFJWfymKaT1vwRDvHAlSrqvUwdP2z2Q0n42wb3Uzzhd2ccbWMlefFXNvD18= X-Received: by 10.28.126.146 with SMTP id z140mr5118403wmc.126.1509957520739; Mon, 06 Nov 2017 00:38:40 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.10.76 with HTTP; Mon, 6 Nov 2017 00:38:40 -0800 (PST) From: Cos Chan Date: Mon, 6 Nov 2017 09:38:40 +0100 Message-ID: Subject: How to setup IPFW working with blacklistd To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 08:38:43 -0000 Hi All I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. my blacklistd is working fine to get sshd failed login attempts. The out put: $ sudo blacklistctl dump -b address/ma:port id nfail last access 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 but I can't find information how to use the blacklistd database in IPFW from IPFW manpage would anybody explain that to me? -- with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 6 11:35:42 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D388E5AB32 for ; Mon, 6 Nov 2017 11:35:42 +0000 (UTC) (envelope-from carmel_ny@outlook.com) Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-oln040092000019.outbound.protection.outlook.com [40.92.0.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D9D16B144 for ; Mon, 6 Nov 2017 11:35:41 +0000 (UTC) (envelope-from carmel_ny@outlook.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oRsqs33CjSu97NKIcqaDh731fvVhwjAaWA/SKMFwxu8=; b=dHNnDUOqsNMdWjcxDUYe+vwbYMOrF2B6LP2u1QBzHtdcYxC3nTRMl90PcnUAhOHI135E10z9qifFy4D384cy/92mfKirBNaYb+L72aMPKZApknEs8ImwPffv2a1rzd39rf5beo2zmOS371ycW+G1DwOoiudiXKibEXGiiiBs8UZrmxIMh3Dsp8J3ppLKmKm9OPYS3sExwaZD08Bmt29mYE13vU24QsBZiv0q8Db5kOccx2ttN3drUicSl4yJXbtDdIdjVE0TgufZVaBII+HVe1mqbdahXc7wt7WgSVXzwzPPYB8VCPOOeD1cqlIWhqRPxhbRiEwbbyNhX7nWtKAFkQ== Received: from SN1NAM01FT022.eop-nam01.prod.protection.outlook.com (10.152.64.59) by SN1NAM01HT110.eop-nam01.prod.protection.outlook.com (10.152.65.249) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.178.5; Mon, 6 Nov 2017 11:35:40 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com (10.152.64.53) by SN1NAM01FT022.mail.protection.outlook.com (10.152.65.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.20.178.5 via Frontend Transport; Mon, 6 Nov 2017 11:35:40 +0000 Received: from BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) by BN6PR2001MB1730.namprd20.prod.outlook.com ([10.172.31.146]) with mapi id 15.20.0197.019; Mon, 6 Nov 2017 11:35:40 +0000 From: Carmel NY To: FreeBSD Subject: Re: How to setup IPFW working with blacklistd Thread-Topic: How to setup IPFW working with blacklistd Thread-Index: AQHTVvNfuiEwaUoevU6tmhLc6ymdOg== Date: Mon, 6 Nov 2017 11:35:40 +0000 Message-ID: References: In-Reply-To: Reply-To: FreeBSD Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=outlook.com; x-incomingtopheadermarker: OriginalChecksum:90B6E7B10C682674914927C4A19602019D827DC591E1673DFDC6FAD8657322BD; UpperCasedChecksum:15139E170472DBA0EDD43093A1EE5A68995F33213EAAC20364B684139E47F952; SizeAsReceived:7068; Count:47 x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [uUiAEfOTVa+Pbd3JIY5MIqE1PTspDH+t] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; SN1NAM01HT110; 6:QrRDmggyg/F7P0Fgw9s3tzCLjDNa+ANtxubYa+pLL4P4rXAMgey06P7l/w7RGFVw/MI1pK41zdt2hmYPQQTyUpYDGYJl2sGECBznVm3d+2oVvgRVmdcUlBxV8wmfkkz4Ipi4bFeaOM7bVu/u5OKxSbDpXlIZFVKXfhRZ+uqWBslB/kuLivpkunDaFrousRnvLt4XiTVt8M9tQTRUfa8bRE6r2D7maHBKLIUE8szWV1hOhB6T3LZ21zBpGKK+G3hycG4iREPsCVlcnzTnu/iUl7rXl6ni3J8kW4CT4w2pGw7UrHrLgj0YcYZmgp04MV87zNSR8T/ubYh4Fn2CFHEM8qQYitK55jNjhpn+/fwxQls=; 5:D4oeyN3rENryoWMtHhLsLeYnoDqytq/dMRUQzL3QPhe8MWQDzigq5sWUAYSHsoWBU9diPN0BODquSbGru2E75srYQzVoChEnaB6+s7LKTSXqPOFcwbUbgdHBXJ24RaPR4JBb3xC0yEeffsyKZV7Ry3Bx3p1XJZov/bOp4uiEPGw=; 24:8vucT0FKdNGR2/lNfdDfpc2D9dh6VdLAIXGxq5P9v2V6izvfWoQ9Vq9BG1l+rErL9D/j9s7/AVvjTcq/zpvToPiAQAaq4JnLPeZmVkPA8Ko=; 7:Pg4B4RUIu0EsOjHBEQY1hkaACbaxEkGSiS5c4Irq2Do58KUQigA1ozw/8hw7AnzLB1djEyjldadc+0dCAQr1KCxTfEWnLOlX9Oz8PCJw7ZbYbK+VJx2tj5R1PgnemaaKRbK04+LYOl0fX6XKRmQlPGrt2TkQgX0RpsxaTUYV7uGEOue2sZrQAXtQPe5HMFJ9uwjM3T2HUFLc/+4lVQl5P0V4xmLCgGF380F/j6flIa+InAiNZAy4o+EM2GuhzGti x-incomingheadercount: 47 x-eopattributedmessage: 0 x-ms-office365-filtering-correlation-id: 818a7b7c-9e52-4754-91fa-08d5250a818b x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125374)(1701031045); SRVR:SN1NAM01HT110; x-ms-traffictypediagnostic: SN1NAM01HT110: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:SN1NAM01HT110; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1NAM01HT110; x-forefront-prvs: 048396AFA0 x-forefront-antispam-report: SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:SN1NAM01HT110; H:BN6PR2001MB1730.namprd20.prod.outlook.com; FPR:; SPF:None; LANG:; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-ID: <4C23E7C59B35D04397F9A155D19196FC@namprd20.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 818a7b7c-9e52-4754-91fa-08d5250a818b X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 11:35:40.4070 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM01HT110 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 11:35:42 -0000 On Mon, 6 Nov 2017 09:38:40 +0100, Cos Chan stated: >I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > >my blacklistd is working fine to get sshd failed login attempts. >The out put: > >$ sudo blacklistctl dump -b > address/ma:port id nfail last access > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > >but I can't find information how to use the blacklistd database in IPFW >from IPFW manpage > >would anybody explain that to me? I have no personal knowledge of "blacklistd"; however, it seems that there should be a way of using "blacklistctl dump" in conjunction with "sed" or perhaps "awk" to create a list that could then be fed to "ipfw". If you could send me the output of a "blacklistctl dump -bn", I could take = a look at it for you. --=20 Carmel From owner-freebsd-questions@freebsd.org Mon Nov 6 12:53:05 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6624DE5D8E8 for ; Mon, 6 Nov 2017 12:53:05 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EC5A46E2AF for ; Mon, 6 Nov 2017 12:53:04 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x234.google.com with SMTP id p75so13583318wmg.3 for ; Mon, 06 Nov 2017 04:53:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=iTZKb7PKvnzP8S6s3EDazSM8DelBBCBjX4MkIQTJB90=; b=U5C1+6u8ZkhUD7syaRhU7lKcyA+5wq9mE9HRB3D41dmW/+6sbJrQJWW0jONwOzyIZv qo1Efe6PIBx8ydAfxGpiy285X3aosUreqE8cLDdV0bdvCJTa/wLF7q3IQdiumbEN3wOC YAZ5eCm0k1U/1EbRvv+5Gp349a+7wAmGWPb2psS8zwoHPNgUrgWPf7u3cQPDHEg4blqC MaQSadoSxlN5w1aM9zBuokII7UWi7ZQwTIER8Xm162M9iDQi8r30GLCU16qisiSW+sGQ s+MY9EMDSRzDb3HiGSw69EX+Fe/7h+vHJVdrwJ86qgXe0EIs7gVzBfcVQq2tNHHChAdF it0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=iTZKb7PKvnzP8S6s3EDazSM8DelBBCBjX4MkIQTJB90=; b=NBv1528zktgey5/pam5ildFNoteyofh0u9ehnRqy3YMb3ywydkDIxXR3p5tDSYIpBv OA0qZ6i0sLIGVAj0NuAHH67Ic2iWRubYaMPCftWHRtp/2Mzs7f/HAVU4cfQX/gEe6xhY aZS2pcrA4k9pTFoEkqBdQ84h8VFnd/you6kQ//5xJQl+UzLkHXLhdHrSQdvcP8lztzAe KSnMyE2W4bcxuQ3hqeyJm8EHxHxxlcOmLGB0vHMBaY8x6ZyJB1HFY7+6KNmoMVY4yqvE 4WpuR+GcnPNXogGzcaZxZNZ1IG+hUUy7BeuYYjKrrMsrvHShI4tQWVof3X524kUhucFh fxfA== X-Gm-Message-State: AJaThX7Q4ZArZZxMvfgryz6aEP/UpDENRhENJLvga+DZ51xqhaEOuHmF yzY1Btrsvck3fXztyad9+612TclDRifsX2qWSsqox+xp X-Google-Smtp-Source: ABhQp+RumKYgOFZ1ooJEwKGQLpPKYSvJ4RokO2GYShOeEKBFtKK/HXrn+xu4IKeeEtowv3KuZNBDmWK6BiucCDFpqnw= X-Received: by 10.28.126.146 with SMTP id z140mr5762760wmc.126.1509972782301; Mon, 06 Nov 2017 04:53:02 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.10.76 with HTTP; Mon, 6 Nov 2017 04:53:01 -0800 (PST) In-Reply-To: References: From: Cos Chan Date: Mon, 6 Nov 2017 13:53:01 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: FreeBSD Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 12:53:05 -0000 On Mon, Nov 6, 2017 at 12:35 PM, Carmel NY wrote: > On Mon, 6 Nov 2017 09:38:40 +0100, Cos Chan stated: > > >I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > >my blacklistd is working fine to get sshd failed login attempts. > >The out put: > > > >$ sudo blacklistctl dump -b > > address/ma:port id nfail last access > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > >but I can't find information how to use the blacklistd database in IPFW > >from IPFW manpage > > > >would anybody explain that to me? > > I have no personal knowledge of "blacklistd"; however, it seems that there > should be a way of using "blacklistctl dump" in conjunction with "sed" or > perhaps "awk" to create a list that could then be fed to "ipfw". > > If you could send me the output of a "blacklistctl dump -bn", I could take > a > look at it for you. > > Here is the output, thanks in advance. $ blacklistctl dump -bn 122.114.165.60/32:22 3/-1 2017/11/05 01:05:34 190.85.103.147/32:22 3/-1 2017/11/05 13:22:53 201.178.120.26/32:22 3/-1 2017/11/06 11:12:21 202.29.238.153/32:22 3/-1 2017/11/05 06:06:01 182.73.165.170/32:22 3/-1 2017/11/05 14:10:25 221.143.48.178/32:22 5/-1 2017/11/05 16:42:41 79.231.116.229/32:22 3/-1 2017/11/05 01:28:14 82.146.55.148/32:22 5/-1 2017/11/05 07:11:08 190.110.193.66/32:22 6/-1 2017/11/05 11:34:14 123.207.17.180/32:22 3/-1 2017/11/05 12:20:47 123.122.237.13/32:22 3/-1 2017/11/05 14:38:37 59.63.182.63/32:22 3/-1 2017/11/05 22:50:07 106.246.253.242/32:22 6/-1 2017/11/06 05:38:54 181.113.74.63/32:22 3/-1 2017/11/05 23:12:20 202.150.141.226/32:22 6/-1 2017/11/06 05:49:00 202.210.181.191/32:22 6/-1 2017/11/05 05:34:00 106.247.228.75/32:22 3/-1 2017/11/05 17:12:57 117.3.146.38/32:22 0/-1 1970/01/01 01:00:00 124.193.150.157/32:22 3/-1 2017/11/06 09:23:56 134.249.137.72/32:22 0/-1 1970/01/01 01:00:00 This list were generated by sshd automatically. In case to use sed or awk to create list for "ipfw", is that possible also automatically updated? > -- > Carmel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" > -- with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 6 13:11:34 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72CD4E5DF58 for ; Mon, 6 Nov 2017 13:11:34 +0000 (UTC) (envelope-from saibrownkevin22@gmail.com) Received: from mail-pg0-x241.google.com (mail-pg0-x241.google.com [IPv6:2607:f8b0:400e:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3EBC86EA7C for ; Mon, 6 Nov 2017 13:11:34 +0000 (UTC) (envelope-from saibrownkevin22@gmail.com) Received: by mail-pg0-x241.google.com with SMTP id r25so8172596pgn.4 for ; Mon, 06 Nov 2017 05:11:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:message-id:disposition-notification-to:date :user-agent:mime-version; bh=3mIswA9lTvmhJ5AT0NsPyq3SlHFQQhRyBIJ4Q0bJ2Q8=; b=FpsbEewUnH3SxMUKhocS+itzXQ5FYwjaC4gctU7GJOsjbti64MDrDeYsm6cNldoa+I gI1llgIsIiEdEO+JL/OqkbEnxUd2Zz4j2ESC+YjaYncAbJNfZ3ISancCnoGxzFDE2l9T gT+ieguUG3AAscWV3zLTkg84Nk3BV6uztD6GU0n7wvVuxfLbSN9MsWRIIwrmYqFToTxr P8mkYmGKCLbrh5P3/cEbqPVb+Ay2ywhgjVZUTM4U3iWjxaey/97n3KhYyxdaHhh7xSD2 WLmiDsho8hyPg6SMPFx47+aUUZgDYnVqNZkI93RhIHSM1HOuRMDJe6izDxFQ0dKOlJ0k MLHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:message-id :disposition-notification-to:date:user-agent:mime-version; bh=3mIswA9lTvmhJ5AT0NsPyq3SlHFQQhRyBIJ4Q0bJ2Q8=; b=Y9T8SlKkH+38SoZVCXjLn7Fu3UeO0eFMs4F1rx8vD5CPYt8Qxrkz4iZtebKBdnbHJH IHiEZ4R89tzJ2NKMCiLSOtZQce3+smp2GUsvbQBCF+rMCfhZz0Le7rpVCygCXgM1D0aC OHX+fNCl5RT7WTEJhT/jgquoMgg8NKvoF/7TUqmn16UvPpMzmA5YOA5TazflTVx5hFqX kHgPku3YE9ZhgbAFJo+Fa/+CWxEdexojxE1q8OF2g2TPOuOxKp/Y1vNMIM3DE5/OFMe0 i+BjB5ver6AfWdEkqqMBGYPDD+IpI3CWPTGHoKjRYZv5xFctli+RrQVihfs9T+Onmz5+ UKIg== X-Gm-Message-State: AMCzsaX6Ibk7mFywJrmJygMtSVqBGVIQbTpOlIrrLtjvSOWrtlKYPp9W 9hV0TamSEEJZZm6g1Un6XI7v8e0d X-Google-Smtp-Source: ABhQp+QgLWymgq4xF9ZqIk8xd6g7wNlDSioBJfmT3GfMnzuh9sfp1w55ZXwi66wfDfdVL3V0AZHiDQ== X-Received: by 10.98.60.23 with SMTP id j23mr16933724pfa.190.1509973893560; Mon, 06 Nov 2017 05:11:33 -0800 (PST) Received: from [192.168.0.3] ([103.76.211.172]) by smtp.gmail.com with ESMTPSA id e6sm26592043pfg.42.2017.11.06.05.11.31 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2017 05:11:32 -0800 (PST) From: Kevin Brown To: freebsd-questions@freebsd.org Subject: Turn the Search Trend to Your Side for freebsd.org X-Priority: 1 (Highest) Message-ID: <5c1d2ac8-8de1-f69f-de71-8235f4920d67@gmail.com> Date: Mon, 6 Nov 2017 18:41:29 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 13:11:34 -0000 Hi *freebsd.org,* How are you doing today? I'm sure you have been reached regarding this before but our value proposition is very much unique. As a business owner you might be interested to attract more visitors. So you might be wondering, despite having a proficient website, why you are not able to overturn your competitors from the Top Search Results. If you could spare couple of minutes, I could provide you a brief idea about it. To start with this is Kevin Brown, a Digital Marketing Expert. While doing a search on Google, I found freebsd.org not found on the 1st Page of results. So thought you might be interested to know about the causation for the low performance of freebsd.org. Most recently along with *FRED* update *Phantom* has become talk of the town. Phantom is the name given to random updates that Google brings at regular intervals. *Which means the websites having a single un-natural link is going to be penalized.* *Why freebsd.org Needs Our Assistance:* * freebsd.org has low PR Link Building. * Relevant keyword phrases are not on 1st Page. * freebsd.org is having coding Errors. * Content of freebsd.org need to be revised, as per Google guidelines. * freebsd.org is having On-Page and On-Site Issues. * Lack of Social Media Promotion. We can help address the above Issues, and Place the website on TOP Search Results. I guarantee 100% satisfaction, as we only deal in White Hat Process. Makes Sense!!! Drop us a email with your questions, we will answer your questions. Have a Great Day. Thanks & Regards, Kevin Brown | (Digital Marketing Expert) ----------------------------------------------------------------------------------------------- /Disclaimer:-If Interested we will send more details on our “corporate identityâ€, “company profileâ€, “why you should choose us?â€, “Price listâ€,etc. in our next email. If Not, You can simply reply with “remove†and we will delete your email from our list."The CAN-SPAM Act of 2003". -----------------------------------------------------------------------------------------------/ From owner-freebsd-questions@freebsd.org Mon Nov 6 14:10:11 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92F1DE5F07A for ; Mon, 6 Nov 2017 14:10:11 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DF24E70696 for ; Mon, 6 Nov 2017 14:10:10 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vA6E9wh3014523; Tue, 7 Nov 2017 01:09:59 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 7 Nov 2017 01:09:58 +1100 (EST) From: Ian Smith To: Cos Chan cc: freebsd-questions@freebsd.org, Carmel NY Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171106235944.U9710@sola.nimnet.asn.au> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 14:10:11 -0000 In freebsd-questions Digest, Vol 701, Issue 1, Message: 10 On Mon, 6 Nov 2017 09:38:40 +0100 Cos Chan wrote: > Hi All > > I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > my blacklistd is working fine to get sshd failed login attempts. > The out put: > > $ sudo blacklistctl dump -b > address/ma:port id nfail last access > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > but I can't find information how to use the blacklistd database in IPFW > from IPFW manpage > > would anybody explain that to me? By all means work with Carmel's offer to look at parsing the database output. All I know about blacklistd(8), blacklistd.conf(5) and blacklistctl(8) is what I just now read skimming these manual pages. However I was surprised to see no mention of using tables rather than add)ing or rem)oving individual firewall rules - and you can't use 'flush' on individual rules in ipfw(8), only on whole sets of rules. Amother problem with adding/removing individual rules is you need to allocate a large enough block of rules, then specify distinct rule numbers to ipfw(8). Messy and error-prone, especially for deleting. So you might need to replace or modify /usr/libexec/blacklistd-helper, which I haven't seen but assume is a script, to use its parameters to generate commands more like: /sbin/ipfw table $TABLENAME add addr[/masklen] [value] and /sbin/ipfw table $OTHERNAME delete addr[/masklen] as appropriate. This is immensely more efficient than adding and deleting single rules on the fly, moreso if there are many entries. When adding entries, the optional [value] might be a latest timestamp, or an expiry timestamp, or anything else you might find useful. Of course you may need a number of different tables, for blocking ssh, webhosts, mailserver or other services, but then need just a few rules dedicated to denying (or even specifically enabling) hosts or ports to addr[/masklen/ entries in a particular table. ipfw add deny tcp from table \($SPAMMERS\) to any 25,587 setup ipfw add deny tcp from table \($SSHBADGUYS\) to me 22 setup ipfw add deny all from table \($REALLYNASTY\) to any in and such. Tables really are the way to go for this sort of thing. cheers, Ian From owner-freebsd-questions@freebsd.org Mon Nov 6 15:12:16 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 651A3E6040E for ; Mon, 6 Nov 2017 15:12:16 +0000 (UTC) (envelope-from gmx@ross.cx) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E2957284F for ; Mon, 6 Nov 2017 15:12:15 +0000 (UTC) (envelope-from gmx@ross.cx) Received: from [90.187.37.173] (helo=workstation) by www81.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (Exim 4.85_2) (envelope-from ) id 1eBibO-00066L-Q6; Mon, 06 Nov 2017 15:42:15 +0100 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: freebsd-questions , "Cos Chan" Subject: Re: How to setup IPFW working with blacklistd References: Date: Mon, 06 Nov 2017 15:42:03 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.99.2/24019/Mon Nov 6 14:06:54 2017) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 15:12:16 -0000 Am .11.2017, 09:38 Uhr, schrieb Cos Chan : > Hi All > > I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > my blacklistd is working fine to get sshd failed login attempts. > The out put: > > $ sudo blacklistctl dump -b > address/ma:port id nfail last access > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > but I can't find information how to use the blacklistd database in IPFW > from IPFW manpage > > would anybody explain that to me? > Have a look at this: https://people.freebsd.org/~lidl/blacklistd.html blacklistd_enable="YES" blacklistd_flags="-r" sshd_flags="-o UseBlacklist=yes" Never tried it myself. Regards, Michael From owner-freebsd-questions@freebsd.org Mon Nov 6 15:13:38 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01798E60584 for ; Mon, 6 Nov 2017 15:13:38 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca [216.185.71.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "inet08.hamilton.harte-lyne.ca", Issuer "CA_HLL_ISSUER_2016" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C876472AB8 for ; Mon, 6 Nov 2017 15:13:37 +0000 (UTC) (envelope-from byrnejb@harte-lyne.ca) Received: from localhost (localhost [127.0.0.1]) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 11B236218B; Mon, 6 Nov 2017 10:13:30 -0500 (EST) X-Virus-Scanned: amavisd-new at harte-lyne.ca Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1]) by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uL3VAKiMWwyW; Mon, 6 Nov 2017 10:13:28 -0500 (EST) Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca [216.185.71.24]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id 7854D61F76; Mon, 6 Nov 2017 10:13:27 -0500 (EST) Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll) by webmail.harte-lyne.ca with HTTP; Mon, 6 Nov 2017 10:13:27 -0500 Message-ID: <32817ee6a687938e4ceaddecd2394116.squirrel@webmail.harte-lyne.ca> In-Reply-To: References: Date: Mon, 6 Nov 2017 10:13:27 -0500 Subject: Re: Configuring Drupal8 fails From: "James B. Byrne" To: "FreeBSD" Cc: "Carmel NY" Reply-To: byrnejb@harte-lyne.ca User-Agent: SquirrelMail/1.4.22-5.el6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 15:13:38 -0000 On: Sat, November 4, 2017 06:46 "Carmel NY" wrote: > I am looking for someone with experience with Drupal8. > I am not able to get this application up and running. > I have read the documentation that came with the program > and even purchased the "Beginning Drupal8" by Todd Tomlnson. Go to the forums. They are most helpful with most things and especially with installation issues. https://www.drupal.org/forum -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 From owner-freebsd-questions@freebsd.org Mon Nov 6 15:41:44 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2000EE61314 for ; Mon, 6 Nov 2017 15:41:44 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A5F2A74587 for ; Mon, 6 Nov 2017 15:41:43 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x229.google.com with SMTP id r68so14711003wmr.1 for ; Mon, 06 Nov 2017 07:41:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fL7MErtjnx2fFOvFsSWJRuTQ2yzLZ6R1GbKJ9GoxYls=; b=oCP3ORVzrqiL985+riidCC3VispaQGKB/R3/+1vGW6JcvT2+BM9ApmcTfPa8lUHxT8 oUd6pmO53KVvPTbFgXSFXjaXHE98DsrB7Oyp3fej2mlef2C5o4lfQlFzVpiO2J+13GQU mHsJpSWSWEVKpjIS3kuwj/3bqThQ09IDsVt9q/ykrVidQ4b1NsPhEUte6BNcdebn0e9O 2ErafQuxKDHr8P6IpLwKdB4eU3+jQd+FVRxw1akCLGQaJDXKHbLES5E5bb1vSh1nMVFl JbcVhoJYxgZJ2IHUTCjJCava2n6rXLSXQ/tbrWG3Z1fETKAZ+m22XwZnpO9+joUvoG4F gI4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fL7MErtjnx2fFOvFsSWJRuTQ2yzLZ6R1GbKJ9GoxYls=; b=boL9pkWCvJfpX23fCE9mkqoaxIr/D2eyrOI2hCsrAKcVRUCSg2gMeWy+HbCwZkOZAC HEhH16HHS8WXJHtTGKi64jaKNkERUscvZ+EMKJ7FAzLQ6Vq4Fh5mIdm7NVDBTNtMNx78 gsRFUYuexbWglNbTCM+nvyGOmRFx3vkeLCwAXsYBF2vmA++YmD7zpssn9E1Qjwr+b6vL DsmKEII9uhmuauh5YVq7NtelVHE0H7gCWyFYT6dTkJKRcgR6MHgAESWNRsIbxECknd2y Y63e7ryrCaxxNbTAJtQRDxCMsqiLYcGIjsM/G+4kpcgEoB/sBk0qNLBK9xV73VvDx+iw +bag== X-Gm-Message-State: AJaThX7YSI32NPXBAjCrWMQqkkTjwHohkM95LsK7VhrOH7oowADJ602b XZ3l+RGcAZTIDGbRr+IfRrvXae7Oz6kli2ryNhY= X-Google-Smtp-Source: ABhQp+RtvaXya/a2gw4BEUlQJiNndwOZDmOMFc5hJNJdO6o3J9gkhTUlLDTtVnzaCScrCM4OOGLjq0A4SO53yiINCcA= X-Received: by 10.28.227.139 with SMTP id a133mr5960574wmh.104.1509982902210; Mon, 06 Nov 2017 07:41:42 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.10.76 with HTTP; Mon, 6 Nov 2017 07:41:41 -0800 (PST) In-Reply-To: <20171106235944.U9710@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> From: Cos Chan Date: Mon, 6 Nov 2017 16:41:41 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Carmel NY Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 15:41:44 -0000 On Mon, Nov 6, 2017 at 3:09 PM, Ian Smith wrote: > In freebsd-questions Digest, Vol 701, Issue 1, Message: 10 > On Mon, 6 Nov 2017 09:38:40 +0100 Cos Chan wrote: > > > Hi All > > > > I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > > my blacklistd is working fine to get sshd failed login attempts. > > The out put: > > > > $ sudo blacklistctl dump -b > > address/ma:port id nfail last access > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > > but I can't find information how to use the blacklistd database in IPFW > > from IPFW manpage > > > > would anybody explain that to me? > > By all means work with Carmel's offer to look at parsing the database > output. All I know about blacklistd(8), blacklistd.conf(5) and > blacklistctl(8) is what I just now read skimming these manual pages. > > However I was surprised to see no mention of using tables rather than > add)ing or rem)oving individual firewall rules - and you can't use > 'flush' on individual rules in ipfw(8), only on whole sets of rules. > > Amother problem with adding/removing individual rules is you need to > allocate a large enough block of rules, then specify distinct rule > numbers to ipfw(8). Messy and error-prone, especially for deleting. > > So you might need to replace or modify /usr/libexec/blacklistd-helper, > which I haven't seen but assume is a script, to use its parameters to > generate commands more like: > > /sbin/ipfw table $TABLENAME add addr[/masklen] [value] > and > /sbin/ipfw table $OTHERNAME delete addr[/masklen] > > as appropriate. This is immensely more efficient than adding and > deleting single rules on the fly, moreso if there are many entries. > > When adding entries, the optional [value] might be a latest timestamp, > or an expiry timestamp, or anything else you might find useful. > > Of course you may need a number of different tables, for blocking ssh, > webhosts, mailserver or other services, but then need just a few rules > dedicated to denying (or even specifically enabling) hosts or ports to > addr[/masklen/ entries in a particular table. > > ipfw add deny tcp from table \($SPAMMERS\) to any 25,587 setup > ipfw add deny tcp from table \($SSHBADGUYS\) to me 22 setup > ipfw add deny all from table \($REALLYNASTY\) to any in > > and such. Tables really are the way to go for this sort of thing. > thanks, I studied the /usr/libexec/blacklistd-helper, looks like it is good as you said but it needs ipfw-blacklist.rc for ipfw? if [ -f "/etc/ipfw-blacklist.rc" ]; then pf="ipfw" . /etc/ipfw-blacklist.rc ipfw_offset=${ipfw_offset:-2000} fi I could not find this file in /etc/ the rc.conf file was modified to: blacklistd_enable="YES" blacklistd_flags="-C /usr/libexec/blacklistd-helper" and the blacklistd restarted but no luck yet. > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 6 16:50:51 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2AB0CE628E4 for ; Mon, 6 Nov 2017 16:50:51 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 879DB768D9 for ; Mon, 6 Nov 2017 16:50:50 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vA6Goif9020235; Tue, 7 Nov 2017 03:50:44 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 7 Nov 2017 03:50:44 +1100 (EST) From: Ian Smith To: Cos Chan cc: freebsd-questions , Carmel NY , Michael Ross Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171107033226.M9710@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 16:50:51 -0000 On Mon, 6 Nov 2017 16:41:41 +0100, Cos Chan wrote: > On Mon, Nov 6, 2017 at 3:09 PM, Ian Smith wrote: > > > In freebsd-questions Digest, Vol 701, Issue 1, Message: 10 > > On Mon, 6 Nov 2017 09:38:40 +0100 Cos Chan wrote: > > > > > Hi All > > > > > > I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > > > > my blacklistd is working fine to get sshd failed login attempts. > > > The out put: > > > > > > $ sudo blacklistctl dump -b > > > address/ma:port id nfail last access > > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > > > > but I can't find information how to use the blacklistd database in IPFW > > > from IPFW manpage > > > > > > would anybody explain that to me? > > > > By all means work with Carmel's offer to look at parsing the database > > output. All I know about blacklistd(8), blacklistd.conf(5) and > > blacklistctl(8) is what I just now read skimming these manual pages. > > > > However I was surprised to see no mention of using tables rather than > > add)ing or rem)oving individual firewall rules - and you can't use > > 'flush' on individual rules in ipfw(8), only on whole sets of rules. > > > > Amother problem with adding/removing individual rules is you need to > > allocate a large enough block of rules, then specify distinct rule > > numbers to ipfw(8). Messy and error-prone, especially for deleting. > > > > So you might need to replace or modify /usr/libexec/blacklistd-helper, > > which I haven't seen but assume is a script, to use its parameters to > > generate commands more like: > > > > /sbin/ipfw table $TABLENAME add addr[/masklen] [value] > > and > > /sbin/ipfw table $OTHERNAME delete addr[/masklen] > > > > as appropriate. This is immensely more efficient than adding and > > deleting single rules on the fly, moreso if there are many entries. > > > > When adding entries, the optional [value] might be a latest timestamp, > > or an expiry timestamp, or anything else you might find useful. > > > > Of course you may need a number of different tables, for blocking ssh, > > webhosts, mailserver or other services, but then need just a few rules > > dedicated to denying (or even specifically enabling) hosts or ports to > > addr[/masklen/ entries in a particular table. > > > > ipfw add deny tcp from table \($SPAMMERS\) to any 25,587 setup > > ipfw add deny tcp from table \($SSHBADGUYS\) to me 22 setup > > ipfw add deny all from table \($REALLYNASTY\) to any in > > > > and such. Tables really are the way to go for this sort of thing. > > thanks, I studied the /usr/libexec/blacklistd-helper, looks like it is good > as you said but it needs ipfw-blacklist.rc for ipfw? > > if [ -f "/etc/ipfw-blacklist.rc" ]; then > pf="ipfw" > . /etc/ipfw-blacklist.rc > ipfw_offset=${ipfw_offset:-2000} > fi > > I could not find this file in /etc/ Yes, you need to create it. It's both a "using ipfw" flag and somewhere to put settings, or at least the needed 'ipfw_offset=4000' one. Thanks to Michael Ross for posting the link to these instructions: https://people.freebsd.org/~lidl/blacklistd.html I downloaded the tarball from there and checked it out (no 11.x systems here). I expect that article has enough info to get you going. Also, despite no mentions in the manuals, the ipfw implementation does indeed use tables, and in a sensible fashion, given it fits in with the existing 'workstation' section in /etc/rc.firewall. Quite clever really. > the rc.conf file was modified to: > > blacklistd_enable="YES" > blacklistd_flags="-C /usr/libexec/blacklistd-helper" > > and the blacklistd restarted but no luck yet. Let us know how it works out? cheers, Ian From owner-freebsd-questions@freebsd.org Mon Nov 6 18:21:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE83AE644E0 for ; Mon, 6 Nov 2017 18:21:28 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AA3297DC2E for ; Mon, 6 Nov 2017 18:21:28 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io0-x231.google.com with SMTP id 97so16665113iok.7 for ; Mon, 06 Nov 2017 10:21:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=rC4+zNfZM5jvUo+3batQoeorRYbrXF8arp6SHPymQD8=; b=cm42R1ITQTdj/eA9LqwUYBwFcbJHi43/I9tQIv9cKbirT5x8hOsI/8a68ZQ+QUeqqv ymcrhP59grj6LE1VlOeg3pTaiQHdqBTqGdSbmcgq18E0hzyxLFuU2KcdkQHQiw8QUWQh Cxu+G2ti5/smti1oDQaAnFsLYUDoz8j43adsrFljr8zlmPnv8GyAJdPunlZOH9iaxPtg s+noRfebpZ31ycQxWLSi5kCzsjmmz5wGJJob34oHiKA3cDuvRQ6d2NdVvRf/lPJ6ywYh XIJ4ucaGaqrkmZWhLzFUL1Jw0pmr/cv0ia4F/TF9dtXkZqza6B4DosXZq1eY3EfONIJq OUjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=rC4+zNfZM5jvUo+3batQoeorRYbrXF8arp6SHPymQD8=; b=UgyDnk2fRZdB2XSPrZcQcEmsfXlIFoStp/7mtIkFrvqNIUvdm1wCzfo9MdqgP1aPvc 7ta1jYwkZbhYc5WaDikK321PnDIyUneCto0C1ruL7nD0e6vmGWNyUr5+NVe1N54gNY1e ZlCXZzDO3HTaylGMf/taXzOKg4aS7pQaqzSNFoGkSclTWFO4srojjLpuqfevOS4lzCd2 s1ET72kUN7Gs+i/mGPwa52wCwxvlmsaLusK2TWBl5/2CCFvHWePrk+Fb7FHYcdBrjeGy Cgmqj+uRf4oPddCHcDsmbiIT9V/WyxoBadYkniC+PrtohjqIypOxlkWKkYBQs+f09iww C6Jw== X-Gm-Message-State: AMCzsaXc4kakkz3oTSA8M4oBZqUl88X8RGV5+EwFtngRQ2S+kRAjw9GF 7WCmCg2rxk7liZos+b2CNOA1cA== X-Google-Smtp-Source: ABhQp+RO2/KwbL+Ivsi32QnDBeV8BZGgRzY9Ed288Nv/OOD6aIeQCbrL/vYik9TWsUr7JCQ7/n+Rfg== X-Received: by 10.107.70.6 with SMTP id t6mr19809092ioa.41.1509992487960; Mon, 06 Nov 2017 10:21:27 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id k2sm5971904iok.43.2017.11.06.10.21.27 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Nov 2017 10:21:27 -0800 (PST) Message-ID: <5A00A826.2000501@gmail.com> Date: Mon, 06 Nov 2017 13:21:26 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: how to code a timer loop in a sh script Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:21:29 -0000 Trying to write a sh script that will run continually and every 10 minutes issue a group of commands. Been trying to use the wait command and the while loop command to achieve the desired effect with no joy. Would like an example of a wait loop code to see how its done. Thanks for any help. From owner-freebsd-questions@freebsd.org Mon Nov 6 18:24:15 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 957B8E645DF for ; Mon, 6 Nov 2017 18:24:15 +0000 (UTC) (envelope-from michaelsprivate@gmail.com) Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4EB9D7DF0C for ; Mon, 6 Nov 2017 18:24:15 +0000 (UTC) (envelope-from michaelsprivate@gmail.com) Received: by mail-qk0-x22d.google.com with SMTP id o187so12106028qke.7 for ; Mon, 06 Nov 2017 10:24:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=LnrS4kdCF48sQ00LtFW7YRwyWVvvj3iKt1VzrsHNIiY=; b=vGzNgeVgJa8NmaSRnkeef/5StmEn5mIWntCFURwnEtlDYPfKbFUyJBabFNyZzbptKF 9M9w8bNkXAxckusmPcOOQHPuYAZil53XcIRZ0ipdsYoFK3FOBTlXNMbEflWCRoFFnLFZ GAsCnN4HqSroz1iYx1ib1uBhwD1dPukITMFyg7mIFHFCNL1PPF0bFkH9aecDTNB24zbr MSxEihG52Gt2AJTujS2z3X2riKzIINqjq3+odFRdMFfyXs/y+gW2srfOTp2lCCXyePSf sPMK+uZRTYvkVjwWw8b+W2a1CdXc/aRFsZXZJlyLI3vQE/+ihp/wiD+2ou+1XxLMVwBT GqdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=LnrS4kdCF48sQ00LtFW7YRwyWVvvj3iKt1VzrsHNIiY=; b=VEP2C7Og+mxi43nzlcEZle6SKRU/AKd5WaxeD4cqRJ0XwCQ4oLwj3ZPBHVcrdaU69b R99hTNpfQeGEEZfZ/zWR9S1MGaEawfr1RvhFFspnz4jvcdiy99Fmchi65Pv5gWHLoGQt YR2XLCAxmGqPreQaaVAyt1ayN3cQ4Bl3yOeQRRW7ZV93TN1CFIHVTZ6abq8rdliKpcUy F0Qqx5tKGVX06qimh5bsFpFeMZJwsTs7SAYkzm8QKhuNRDDRDLGgv0YyobJ6bC3FGeSH BvlbS6lRXNZjGenXchg8zPpd0RMdNit0jYtmnNOZlflgi8Mv2Oqjf2yISsxnT6tK0kI1 7fUg== X-Gm-Message-State: AJaThX6I+oFEKROvqfuJif51X/mtjQgYxFHwWjvBuyRaQ+Wreu20Brk0 fWV+SHipapPCs6UI85W73XsZS3ECK1+Pc7EE5ns= X-Google-Smtp-Source: ABhQp+RPKtR6x9UZCFXuYTqIHKkbRPbnOIfNDpg8suvIOdswKb3a8qK70GF/64Jo7PYE7KvYj2K7oxkWOm2/EW21aTM= X-Received: by 10.55.27.88 with SMTP id b85mr6486498qkb.144.1509992654391; Mon, 06 Nov 2017 10:24:14 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.152.29 with HTTP; Mon, 6 Nov 2017 10:24:13 -0800 (PST) Received: by 10.12.152.29 with HTTP; Mon, 6 Nov 2017 10:24:13 -0800 (PST) In-Reply-To: <5A00A826.2000501@gmail.com> References: <5A00A826.2000501@gmail.com> From: Michael Schuster Date: Mon, 6 Nov 2017 19:24:13 +0100 Message-ID: Subject: Re: how to code a timer loop in a sh script To: Ernie Luzar Cc: freeBSD Mailing List Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:24:15 -0000 Try while [ 1 ]; do do_stuff sleep 600 done Hth Michael On Nov 6, 2017 19:21, "Ernie Luzar" wrote: Trying to write a sh script that will run continually and every 10 minutes issue a group of commands. Been trying to use the wait command and the while loop command to achieve the desired effect with no joy. Would like an example of a wait loop code to see how its done. Thanks for any help. _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Mon Nov 6 18:32:00 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C79D5E6496E for ; Mon, 6 Nov 2017 18:32:00 +0000 (UTC) (envelope-from erwan@rail.eu.org) Received: from voyageurs.rail.eu.org (voyageurs.rail.eu.org [IPv6:2001:bc8:30d3::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 951187E41D for ; Mon, 6 Nov 2017 18:32:00 +0000 (UTC) (envelope-from erwan@rail.eu.org) Received: from [IPv6:2001:bc8:30d3:3040:6267:20ff:fede:1808] (unknown [IPv6:2001:bc8:30d3:3040:6267:20ff:fede:1808]) by voyageurs.rail.eu.org (Postfix) with ESMTPSA id 103E02CC01DD for ; Mon, 6 Nov 2017 19:31:57 +0100 (CET) Subject: Re: how to code a timer loop in a sh script To: freebsd-questions@freebsd.org References: <5A00A826.2000501@gmail.com> From: Erwan David Message-ID: Date: Mon, 6 Nov 2017 19:31:56 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <5A00A826.2000501@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: fr DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rail.eu.org; s=mail; t=1509993117; bh=jRDoRSzTTD63LCNrA2pGnFfUix5Tw8abNOlvNAEuBcs=; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=KT9ajm2s3JhQg4bPepQchHZrLCCHwcgf6bShyNznOXTb1RsdN32FSyGHe7WQISIZxS+Q4VBOD9dMDVhsiewwHtjaup+WmpLAZRiv+i3WDAGCviVqzBIgDXidweMdivVA8bskwjirxgTnRMM7fUTZoCmj9sh6sEcvhAblNWOxzEc= X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:32:00 -0000 Le 11/06/17 à 19:21, Ernie Luzar a écrit : > Trying to write a sh script that will run continually and every 10 > minutes issue a group of commands. Been trying to use the wait command > and the while loop command to achieve the desired effect with no joy. > Would like an example of a wait loop code to see how its done. > > Thanks for any help. > _______________________________________________ You can achieve this with gnu-watch, to run your script every 10 minutes. From owner-freebsd-questions@freebsd.org Mon Nov 6 18:35:27 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92F44E64AC8 for ; Mon, 6 Nov 2017 18:35:27 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 517A57E5B0 for ; Mon, 6 Nov 2017 18:35:26 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.43.6] (mobile-166-175-63-174.mycingular.net [166.175.63.174]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vA6IONow094941 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 6 Nov 2017 12:24:24 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: how to code a timer loop in a sh script To: Ernie Luzar , "freebsd-questions@freebsd.org" References: <5A00A826.2000501@gmail.com> From: Tim Daneliuk Message-ID: Date: Mon, 6 Nov 2017 12:24:17 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <5A00A826.2000501@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Mon, 06 Nov 2017 12:24:24 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vA6IONow094941 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.966, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.03) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:35:27 -0000 On 11/06/2017 12:21 PM, Ernie Luzar wrote: > Trying to write a sh script that will run continually and every 10 > minutes issue a group of commands. Been trying to use the wait command > and the while loop command to achieve the desired effect with no joy. > Would like an example of a wait loop code to see how its done. > > Thanks for any help. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" while [ 1 = 1 ] do command command ... sleep 600 done -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Mon Nov 6 18:44:47 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3376E64EA2 for ; Mon, 6 Nov 2017 18:44:47 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 875897EB3B for ; Mon, 6 Nov 2017 18:44:47 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: by mail-io0-x22d.google.com with SMTP id m81so16679327ioi.13 for ; Mon, 06 Nov 2017 10:44:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-transfer-encoding; bh=P6YVZWBUFWlcamhIBe7Z7VEg+pW8Qz/lsfkXFEG9HZk=; b=PqudY1Ggmnv/QY0OpU7FUowNuY68l1YjfhopCmBChv/cdFkBiGY5MCkGqmfIEM1P6T dzahgbYdsFqkrrcR1unMY44Y36lJM5OYE/InzA4yBFRmiFR5O9lhEWN0zTCeM2bvFaXJ SM1z8kwYw3BXD9c4l5t3h1y7h9OTxAZHl9pFmbmn4B0VFZgemXUSUhQXcvDhbTq4w8CS KwOXcgr0KJzrt6wmhXwhWA++7XsHjMtuNL6iPuCJEU0eoeFFKd+ERXD8wfZHJmowc2eS kMEa6C103i0miWZorXbkcOsZWUmw/Q/H/2j1b+q2e4tO27avKMil6FHkMIXRb54K7fbm hLqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-transfer-encoding; bh=P6YVZWBUFWlcamhIBe7Z7VEg+pW8Qz/lsfkXFEG9HZk=; b=oSrmb7nQZFmohRZ+FNd3ro5LZ8WSH3463hbwN53YKF31DbbqdsUyQAmLwiR95Hz5eC vaIfM9J86wiYmchlgXWck6lU2kSz1UpFdQoLypt55gRVKsqooPRbHGMjQU5Cb6CX6Kao H6Aq3ulHLezKCkltXgoE1O6tAkBJs67AR6uo67XVJLoGNBH8F1BDIwOHW/T0b066votf Co7Pc19NO1OHNwAEjR51Zr7mkc2OWD16F3hfFWRx0HWyUVmK6q1WMeGWexDqj2xVtC5h FC/b3VhUdIr6rNNMDJYdFWToKIW05nKK9cfxlWE47F9LZOT7zd/HsO90b353O6kejJwE gszQ== X-Gm-Message-State: AMCzsaWUtTDiWkM8ZyX7OqDHoH5nGk++NdYHYlYYEGurA84ZVgKtZLbi 15FqVUfETrCDYpXNMe/A55FM8w== X-Google-Smtp-Source: ABhQp+SJcfD7HhZfAZDwBj3horeNtk8pNfd9sbSBlLPLM0uL3vcPJ/szGnn0yNZ7uZaGCVtBFdt0EQ== X-Received: by 10.107.81.20 with SMTP id f20mr20723800iob.274.1509993886650; Mon, 06 Nov 2017 10:44:46 -0800 (PST) Received: from localhost.localdomain (50-243-4-3-static.hfc.comcastbusiness.net. [50.243.4.3]) by smtp.googlemail.com with ESMTPSA id d1sm4639168iti.35.2017.11.06.10.44.45 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2017 10:44:46 -0800 (PST) Message-ID: <5A00AD9D.1090708@gmail.com> Date: Mon, 06 Nov 2017 11:44:45 -0700 From: JD User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: how to code a timer loop in a sh script References: <5A00A826.2000501@gmail.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:44:47 -0000 Be careful about using numeric values for true. Please read: https://www.dartmouth.edu/~rc/classes/ksh/cond-tests.html Feb 11, 2005 - ... test can be either the test command, or its alias, [ , or the /ksh//bash built-in [[ . ... Zero is taken to be "/True/", while any non-zero /value/ is "False". So, it depends on your shell ??? On 11/06/2017 11:24 AM, Michael Schuster wrote: > Try > > while [ 1 ]; do > do_stuff > sleep 600 > done > > Hth > > Michael > > > On Nov 6, 2017 19:21, "Ernie Luzar" wrote: > > Trying to write a sh script that will run continually and every 10 minutes > issue a group of commands. Been trying to use the wait command and the > while loop command to achieve the desired effect with no joy. Would like an > example of a wait loop code to see how its done. > > Thanks for any help. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > From owner-freebsd-questions@freebsd.org Mon Nov 6 18:45:18 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC854E64F75 for ; Mon, 6 Nov 2017 18:45:18 +0000 (UTC) (envelope-from markham@ssimicro.com) Received: from barracuda.ssimicro.com (barracuda.ssimicro.com [96.46.39.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.ssimicro.com", Issuer "RapidSSL SHA256 CA - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7A0AE7EC70 for ; Mon, 6 Nov 2017 18:45:18 +0000 (UTC) (envelope-from markham@ssimicro.com) X-ASG-Debug-ID: 1509992900-08e7176661223c50001-jLrpzn Received: from mail.ssimicro.com (mail.ssimicro.com [64.247.129.10]) by barracuda.ssimicro.com with ESMTP id xuAPjWR7zozhSJGA (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 06 Nov 2017 13:28:20 -0500 (EST) X-Barracuda-Envelope-From: markham@ssimicro.com X-Barracuda-Effective-Source-IP: mail.ssimicro.com[64.247.129.10] X-Barracuda-Apparent-Source-IP: 64.247.129.10 Received: from yk-office-dhcp-64-247-130-165.ssimicro.com (yk-office-dhcp-64-247-130-165.ssimicro.com [64.247.130.165]) (authenticated bits=0) by mail.ssimicro.com (8.15.2/8.15.2) with ESMTPSA id vA6ISJf4043630 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 6 Nov 2017 11:28:19 -0700 (MST) (envelope-from markham@ssimicro.com) Subject: Re: how to code a timer loop in a sh script To: "freebsd-questions@freebsd.org" X-ASG-Orig-Subj: Re: how to code a timer loop in a sh script References: <5A00A826.2000501@gmail.com> From: markham breitbach Message-ID: Date: Mon, 6 Nov 2017 11:28:19 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <5A00A826.2000501@gmail.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Content-Language: en-US X-Barracuda-Connect: mail.ssimicro.com[64.247.129.10] X-Barracuda-Start-Time: 1509992900 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://barracuda.ssimicro.com:443/cgi-mod/mark.cgi X-Barracuda-Scan-Msg-Size: 640 X-Virus-Scanned: by bsmtpd at ssimicro.com X-Barracuda-BRTS-Status: 1 X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests= X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.44545 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 18:45:18 -0000 Any reason not to use cron for this? On 2017-11-06 11:21 AM, Ernie Luzar wrote: > Trying to write a sh script that will run continually and every 10 > minutes issue a group of commands. Been trying to use the wait command > and the while loop command to achieve the desired effect with no joy. > Would like an example of a wait loop code to see how its done. > > Thanks for any help. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" From owner-freebsd-questions@freebsd.org Mon Nov 6 19:15:41 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05A6AE65A3D for ; Mon, 6 Nov 2017 19:15:41 +0000 (UTC) (envelope-from mfv@bway.net) Received: from smtp1.bway.net (smtp1.v6.bway.net [IPv6:2607:d300:1::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D83387FC67 for ; Mon, 6 Nov 2017 19:15:40 +0000 (UTC) (envelope-from mfv@bway.net) Received: from gecko4 (host-216-220-115-213.dsl.bway.net [216.220.115.213]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: m1316v@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id 0CBB395868; Mon, 6 Nov 2017 14:15:31 -0500 (EST) Date: Mon, 6 Nov 2017 14:15:30 -0500 From: mfv To: Tim Daneliuk Cc: Ernie Luzar , "freebsd-questions@freebsd.org" Subject: Re: how to code a timer loop in a sh script Message-ID: <20171106141530.22611a51@gecko4> In-Reply-To: References: <5A00A826.2000501@gmail.com> Reply-To: mfv@bway.net MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 19:15:41 -0000 > On Mon, 2017-11-06 at 12:24 Tim Daneliuk > wrote: > >On 11/06/2017 12:21 PM, Ernie Luzar wrote: >> Trying to write a sh script that will run continually and every 10 >> minutes issue a group of commands. Been trying to use the wait >> command and the while loop command to achieve the desired effect >> with no joy. Would like an example of a wait loop code to see how >> its done. >> >> Thanks for any help. >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > >while [ 1 = 1 ] >do > command > command > ... > sleep 600 >done > Hello, It is also possible to use the ":" command as part of the loop. Thus, while : do command command ... sleep 600 done In other words replace "[ 1 = 1 ]" with a single colon ":". According to "man 1 sh": : A null command that returns a 0 (true) exit value. Cheers ... Marek From owner-freebsd-questions@freebsd.org Mon Nov 6 19:35:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9F04E660BC for ; Mon, 6 Nov 2017 19:35:28 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A369D806EB for ; Mon, 6 Nov 2017 19:35:28 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-qt0-x235.google.com with SMTP id j58so12439366qtj.0 for ; Mon, 06 Nov 2017 11:35:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oRdo8L4JIJIJ/TUu4GAQwIFdY0Ev453ZDyn8ewA5G8w=; b=i/9SI5RBJUusZxVkrgihBhPqwK5wChQ/IVB9O1MNS7CD8Dn0BKjNBHNIXPU3oV9DrS m9fQ9AjdSIVxvkP2ASnwuT6Czxu/9Hcsxu1Ey1R1NFc5+mSW7eCg/mLmgjCKnvdXLIwX 26NIccg6rkaEJ5LvyWUYm86Iiu7WXcR3+K8Mzu2GYcibjyDBP/Z3M5LNHUVhhRW6Gfgq r8kvw7e+Bb4ExRYeZ1sj9WtLfYQBv8ax6Tc8BCCuOsDldn834ShIB8cTHIExDbROP6fH iF3PBXnG8qazjvzVSUYKt47bPhE8bTVC+BHDqAeG4ERtso4rAbn32Hymp6bMk5cRD113 H/Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oRdo8L4JIJIJ/TUu4GAQwIFdY0Ev453ZDyn8ewA5G8w=; b=HD7TZOGJ0mVWlEtd75nXCLqf4uZBc98+5D03YOZjt0K9vF7AXA2jQtVTpiM09/k5rt EUihgmzDnfjgz7RQCe4NJC5OpLe5kPfHOkjG+JqhcocdcjLGHoSreQT/V2klof+chICf vMtx4+jYslXFrr/TH0EKFPRjftwvR1SR44DYHGAEFUdVkxLhwfPfRQ1l82YNZ64bWZLW WJSvRLOdF7+L2M6B/+DoQlK0IbaWeN5B20yOvrdOoWwo/XNLlTCqpM9HINZbyWwErjQ0 fmS56glfSGYK5fcfIbKDOtXCWg6YuN5+jt+MIgti+FsRJ4Hyhlp5vc2ig+gDQbKMzFnK 4eFQ== X-Gm-Message-State: AMCzsaXhB6HoELCaVkouxDBenQKsTI0gURCcQzNHM/AnpfFF0QvRSyCI 814eZSIrebgKbkz8jmhHlgAD3H68eXS+wixiDs4= X-Google-Smtp-Source: ABhQp+SeUrAt2/MdDNq3TOwUNetZt8r/9ybxZxbdes/JRAszeXNei3yhFio8zmphhnBHHXdhX1Pc2GTTDap4cqPP2v4= X-Received: by 10.237.60.3 with SMTP id t3mr23359656qte.138.1509996927749; Mon, 06 Nov 2017 11:35:27 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.20.65 with HTTP; Mon, 6 Nov 2017 11:35:27 -0800 (PST) In-Reply-To: References: <20171011130512.GE24374@apple.rat.burntout.org> From: krad Date: Mon, 6 Nov 2017 19:35:27 +0000 Message-ID: Subject: Re: FreeBSD ZFS file server with SSD HDD To: Warren Block Cc: Kate Dawson , FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 19:35:29 -0000 you might also find the throughput on that many drives in that configuration is higher than the single ssd On 1 November 2017 at 15:23, Warren Block wrote: > On Wed, 11 Oct 2017, Kate Dawson wrote: > > Hi, >> >> Currently running a FreeBSD NFS server with a zpool comprising >> >> 12 x 1TB hard disk drives are arranged as pairs of mirrors in a strip set >> ( RAID 10 ) >> >> An additional 2x 960GB SSD added. These two SSD are partitioned with a >> small partition begin used for a ZIL log, and larger partion arranged for >> L2ARC cache. >> > > For FreeNAS, we recommend against using sharing an SSD like this. In > fact, we recommend against using one SSD for anything more than a single > SLOG for a single pool. To be effective, this needs to be a low-latency > SSD, and I/O contention with other shared partitions on the same device can > negate the performance benefit. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe > @freebsd.org" > From owner-freebsd-questions@freebsd.org Mon Nov 6 20:38:28 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4AD5FE673B4 for ; Mon, 6 Nov 2017 20:38:28 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 111C21336 for ; Mon, 6 Nov 2017 20:38:27 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.43.6] (mobile-166-175-63-174.mycingular.net [166.175.63.174]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vA6KcL4r007567 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 6 Nov 2017 14:38:23 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: how to code a timer loop in a sh script To: markham breitbach , "freebsd-questions@freebsd.org" References: <5A00A826.2000501@gmail.com> From: Tim Daneliuk Message-ID: Date: Mon, 6 Nov 2017 14:38:11 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Mon, 06 Nov 2017 14:38:23 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vA6KcL4r007567 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.964, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.04) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 20:38:28 -0000 On 11/06/2017 12:28 PM, markham breitbach wrote: > Any reason not to use cron for this? I don't know the OP's use case, but one reason to NOT use cron is that it's hard to maintain state information across iterations. In an infinite loop as a number of us have described, the script can keep track of state as each iteration executes, to be used by the next iteration. While that's possible across cron invocations, it's generally a lot uglier to to .... -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/ From owner-freebsd-questions@freebsd.org Mon Nov 6 21:43:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65A0EE67F88 for ; Mon, 6 Nov 2017 21:43:06 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EA78B2D54 for ; Mon, 6 Nov 2017 21:43:05 +0000 (UTC) (envelope-from rosettas@gmail.com) Received: by mail-wm0-x234.google.com with SMTP id z3so17125323wme.5 for ; Mon, 06 Nov 2017 13:43:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Z0/661u+ECXfMkWz90HtnzZgCQQ79OabOLtGD6fWR2A=; b=olWCSC4ya/Ftu7n8iGNArbq4Pps/qTUDZjw2137Ua8sEq5RBOraGkcUf3Lxc7s4Nrv zRg//x7t7Q8+UoIDp305N+qtsWd+zcRlK84BRqmnx1lLcCuKSeBwue2uof6JNGSIQGV7 wlDn2Pg4vBV++dYhMbGG1EIOjhsmMUAwFSXN7GgxMQvafgyjDEpUCPpwHm4gNnQLxJP+ 85/z2sbxFQT9SvEoBR8HG8xzj8N57Ry3LU+jc+wtPNeHZ+dG+P1gNmLWdjuQfd+6rfdt HFyK8KIEBmyMnhNCFQ2OR/eOzzGoji5PK4hIXimU45elipbkhmMiavp5QEvfohqB7xWl ITFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Z0/661u+ECXfMkWz90HtnzZgCQQ79OabOLtGD6fWR2A=; b=FpByAJp2PSWZYNAwEOIEfsJFwxHpxgUCKMBCM1Z2SVELue5sefFjdROPm/WFl3Xvz2 qrM2jTuDNpeaZgDPkJ3kCUQAxTw2PnieHHsku5uM5R2xnw9j37FNhimGhHOB6NiwhVeY 71ZuDZwW15A57jmNG1lSYQ8x1alo2EyDdnQCaeyeU9gx/FxzGt5RXXJfWRSXhG59uNNs tS8ebpAhada8Iga9fbrRoD0HixExVNi9cth0RH8rpXKJuCRdNFzljky1ANdWNhxRiG9F 1EfXr8va4Hh37c7WYtdVII8M4OeZgPHFcJ0wYBrgVV70syjzhym8yyklDzPJoIrdZYUU qGjg== X-Gm-Message-State: AJaThX4dgoAPbn5fq7wHf3NjtiDni5+pSCB6LSfpG08Gu9eWTB/X549q bXD0HWnSiOkQXaI5mEKc2BsbSP4KqO+T2Ush76zNtYSd9gI= X-Google-Smtp-Source: ABhQp+Sw2ISZpzuQCJwjxC+7AzxP9mvwDoKsP8N/xz0mbpvDFkir7Fxlgscnlv5KX01prtubdpCIAJLvbzv/mL+bbpc= X-Received: by 10.28.69.91 with SMTP id s88mr6201896wma.19.1510004583388; Mon, 06 Nov 2017 13:43:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.10.76 with HTTP; Mon, 6 Nov 2017 13:43:02 -0800 (PST) In-Reply-To: <20171107033226.M9710@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> From: Cos Chan Date: Mon, 6 Nov 2017 22:43:02 +0100 Message-ID: Subject: Re: How to setup IPFW working with blacklistd To: Ian Smith Cc: freebsd-questions , Carmel NY , Michael Ross Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 21:43:06 -0000 On Mon, Nov 6, 2017 at 5:50 PM, Ian Smith wrote: > On Mon, 6 Nov 2017 16:41:41 +0100, Cos Chan wrote: > > On Mon, Nov 6, 2017 at 3:09 PM, Ian Smith wrote: > > > > > In freebsd-questions Digest, Vol 701, Issue 1, Message: 10 > > > On Mon, 6 Nov 2017 09:38:40 +0100 Cos Chan > wrote: > > > > > > > Hi All > > > > > > > > I would run IPFW with blacklistd, my FreeBSD is 11.1-RELEASE-p1. > > > > > > > > my blacklistd is working fine to get sshd failed login attempts. > > > > The out put: > > > > > > > > $ sudo blacklistctl dump -b > > > > address/ma:port id nfail last access > > > > 1.1.1.1/32:22 3/-1 2017/11/05 01:05:34 > > > > 2.2.2.2/32:22 3/-1 2017/11/05 13:22:53 > > > > > > > > but I can't find information how to use the blacklistd database in > IPFW > > > > from IPFW manpage > > > > > > > > would anybody explain that to me? > > > > > > By all means work with Carmel's offer to look at parsing the database > > > output. All I know about blacklistd(8), blacklistd.conf(5) and > > > blacklistctl(8) is what I just now read skimming these manual pages. > > > > > > However I was surprised to see no mention of using tables rather than > > > add)ing or rem)oving individual firewall rules - and you can't use > > > 'flush' on individual rules in ipfw(8), only on whole sets of rules. > > > > > > Amother problem with adding/removing individual rules is you need to > > > allocate a large enough block of rules, then specify distinct rule > > > numbers to ipfw(8). Messy and error-prone, especially for deleting. > > > > > > So you might need to replace or modify /usr/libexec/blacklistd- > helper, > > > which I haven't seen but assume is a script, to use its parameters to > > > generate commands more like: > > > > > > /sbin/ipfw table $TABLENAME add addr[/masklen] [value] > > > and > > > /sbin/ipfw table $OTHERNAME delete addr[/masklen] > > > > > > as appropriate. This is immensely more efficient than adding and > > > deleting single rules on the fly, moreso if there are many entries. > > > > > > When adding entries, the optional [value] might be a latest timestamp, > > > or an expiry timestamp, or anything else you might find useful. > > > > > > Of course you may need a number of different tables, for blocking ssh, > > > webhosts, mailserver or other services, but then need just a few rules > > > dedicated to denying (or even specifically enabling) hosts or ports to > > > addr[/masklen/ entries in a particular table. > > > > > > ipfw add deny tcp from table \($SPAMMERS\) to any 25,587 setup > > > ipfw add deny tcp from table \($SSHBADGUYS\) to me 22 setup > > > ipfw add deny all from table \($REALLYNASTY\) to any in > > > > > > and such. Tables really are the way to go for this sort of thing. > > > > thanks, I studied the /usr/libexec/blacklistd-helper, looks like it is > good > > as you said but it needs ipfw-blacklist.rc for ipfw? > > > > if [ -f "/etc/ipfw-blacklist.rc" ]; then > > pf="ipfw" > > . /etc/ipfw-blacklist.rc > > ipfw_offset=${ipfw_offset:-2000} > > fi > > > > I could not find this file in /etc/ > > Yes, you need to create it. It's both a "using ipfw" flag and somewhere > to put settings, or at least the needed 'ipfw_offset=4000' one. > > Thanks to Michael Ross for posting the link to these instructions: > > https://people.freebsd.org/~lidl/blacklistd.html > > I downloaded the tarball from there and checked it out (no 11.x systems > here). I expect that article has enough info to get you going. > Thanks to Michael Ross too. I have followed the steps but seems not working, here is the ipfw list output: $ sudo ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 01100 check-state :default 01200 allow tcp from me to any established 01300 allow tcp from me to any setup keep-state :default 01400 allow udp from me to any keep-state :default 01500 allow icmp from me to any keep-state :default 01600 allow ipv6-icmp from me to any keep-state :default 01700 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out 01800 allow udp from any 67 to me dst-port 68 in 01900 allow udp from any 67 to 255.255.255.255 dst-port 68 in 02000 allow udp from fe80::/10 to me dst-port 546 in 02100 allow icmp from any to any icmptypes 8 02200 allow ipv6-icmp from any to any ip6 icmp6types 128,129 02300 allow icmp from any to any icmptypes 3,4,11 02400 allow ipv6-icmp from any to any ip6 icmp6types 3 02500 allow tcp from any to me dst-port 22 02600 allow tcp from any to me dst-port 25 02700 allow tcp from any to me dst-port 80 02800 allow tcp from any to me dst-port 443 02900 allow tcp from any to me dst-port 21 65000 count ip from any to any 65100 deny { tcp or udp } from any to any dst-port 135-139,445 in 65200 deny { tcp or udp } from any to any dst-port 1026,1027 in 65300 deny { tcp or udp } from any to any dst-port 1433,1434 in 65400 deny ip from any to 255.255.255.255 65500 deny ip from any to 224.0.0.0/24 in 65500 deny udp from any to any dst-port 520 in 65500 deny tcp from any 80,443 to any dst-port 1024-65535 in 65500 deny ip from any to any 65535 deny ip from any to any looks like the blacklist records are not added to ipfw. I have also tried to add -C option to rc.conf: blacklistd_enable="YES" blacklistd_flags="-r -C /usr/libexec/blacklistd-helper" But also not working. The ipfw list output is same as above. > > Also, despite no mentions in the manuals, the ipfw implementation does > indeed use tables, and in a sensible fashion, given it fits in with the > existing 'workstation' section in /etc/rc.firewall. Quite clever really. > > > the rc.conf file was modified to: > > > > blacklistd_enable="YES" > > blacklistd_flags="-C /usr/libexec/blacklistd-helper" > > > > and the blacklistd restarted but no luck yet. > > Let us know how it works out? > > cheers, Ian > -- with kind regards From owner-freebsd-questions@freebsd.org Mon Nov 6 23:32:20 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30D86E69AE4 for ; Mon, 6 Nov 2017 23:32:20 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EB24764ECD for ; Mon, 6 Nov 2017 23:32:19 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x231.google.com with SMTP id l196so221820itl.4 for ; Mon, 06 Nov 2017 15:32:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:subject :content-transfer-encoding; bh=ObOQvkZ8mtzQxU6tw//KgIusdh/RrV+lUWlVZibp00Q=; b=vgHRp7xPej7dTDsyCxzHJJ0de5P7G3yeHN6tRhSHCNFwdJ0HXkkZEXV15qLiXnWNZl PnbEv5mTtQM3Q2S6dQNIJ/5jAJg0dr2WuZ6rXBem3q9+/sogDt85RsGnZlZajKduBbLL Cl/9K0vqRgOEAIZ/0LKxvxxbLihzUb2+t7/yNVjIRvrfOgDOs69J+eZJF32qW4xr+g3e pMznrCBDeNjf9fiv+CV0d+EDDe5cZ/Ps25+sMDY3+v3QCTGUwgnf2v/Q4DltgmsjKmxq ya1icPu63/cmVhrNXt2blW7ccOtsYjZYgWnPl9IR0fknCIoByC4GBPb+KMsJ2VNbcVvs Kwqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:content-transfer-encoding; bh=ObOQvkZ8mtzQxU6tw//KgIusdh/RrV+lUWlVZibp00Q=; b=BqajyEShzBR3xvAxssfqsQ6iu7ymPX0TKaweCPDBYMfy8WHRtExUiCghx7+1yNrQvF HSQ/ncO4erE19eWEHxWJrO1UkXcp5qvLXTUUsVK79yCLgMdh5WRfzoABOXxpCR4i0TFr 74isRDTbRNjTmc+8nNTYLvKpcsM0Hh5v5EenUin+HuK1OmUTmEVTvHUhAte0g9UbpT7C 5k68szmR/wztS2oDatRhFatHQ4yLcDejQJ121QYA0oBwniQESVlOeM5fBMQuOW7kJ3YN iUewzm0/bRxqkiEvS03i7Uda9HAExU3h1Oh4hUx0yYaUSxt58618/U3+XJi0822PFFy7 GXrg== X-Gm-Message-State: AJaThX5lLTA3i0MIXw+RY15dT3cvw8Ln1M/3Poe5xd546cvB2Mh/uRqN y/FylFU1HCRTaiL7xCAL5kg2Uw== X-Google-Smtp-Source: ABhQp+SCLfMv0598EjHT5aCEo+DPqJ0uZLiTDkPfnufMl72ULFku7E0v804yBXSBjQYKli2nwHDQBA== X-Received: by 10.36.185.94 with SMTP id k30mr11475537iti.2.1510011139054; Mon, 06 Nov 2017 15:32:19 -0800 (PST) Received: from [10.0.10.7] (cpe-65-25-50-122.neo.res.rr.com. [65.25.50.122]) by smtp.googlemail.com with ESMTPSA id g26sm6032008iob.34.2017.11.06.15.32.18 for (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 06 Nov 2017 15:32:18 -0800 (PST) Message-ID: <5A00F101.8040708@gmail.com> Date: Mon, 06 Nov 2017 18:32:17 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Subject: Need help with rc.d script Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Nov 2017 23:32:20 -0000 I wrote this sh script today for dynamic dns ip updates. When I use service dynip start command it just hangs there. Need pointer to what I am doing wrong. Here are the 2 scripts in question: Script started on Mon Nov 6 18:19:18 2017 /root/bin >cat /usr/local/bin/dynip #!/bin/sh # # Script to update the dynamic DNS pointer at your dynamic DNS hosting site. # This script runs continually and on a user defined timed cycle will # check the dynamic ip address of the interface facing the public internet # to determin if it has changed. If it has changed the browser URL format # is used to update the DNS pointer IP address at the dynamic DNS hosting # site that is hosting your Fully qualified domain to the newly changed # ip address. # # The default browser URL format being used is for NameCheap (namecheap.com). # NOTE: Most DNS hosting sites that provide dynamic DNS services use a # variation of the default browser URL format used here. A simple user # substitution to the "wget" command for the browser URL format used by your # dynamic DNS hosting site will allow this script to work for you. prev_ip_file="/usr/local/etc/dynip" # Cycle time to wait between ip checks. #elapse_time="7200" # 7200 seconds = 2 hours #elapse_time="3600" # 3600 seconds = 1 hour #elapse_time="1800" # 1800 seconds = 30 minutes #elapse_time="900" # 1800 seconds = 15 minutes #elapse_time="600" # 600 seconds = 10 minutes #elapse_time="300" # 300 seconds = 5 minutes elapse_time="10" # Find the NIC device name of the NIC connected to the public internet. # The default interface obtained from route command is the one connected # to the public internet. # nic_devicename="$(route get -inet default 2> /dev/null | \ grep -o "interface.*" | cut -d ' ' -f 2)" ##echo "nic_devicename = ${nic_devicename}" # Get the IP address assigned to that NIC device name. # nic_ip="$(ifconfig $nic_devicename inet | \ grep -o "inet.*" | cut -d ' ' -f 2)" #echo "nic_ip1 = ${nic_ip}" # On start up get the last recorded ip address in use and populate variable # with its value. # if [ -f "${prev_ip_file}" ]; then prev_ip="$(cat ${prev_ip_file})" else prev_ip="0.0.0.0" echo "${prev_ip}" > ${prev_ip_file} fi #echo "prev_ip = $prev_ip" # This is the continuous loop checking the current ip address to # to determin if it changed. while [ 1 ]; do # Get the IP address assigned to that NIC device name. nic_ip="$(ifconfig $nic_devicename inet | \ grep -o "inet.*" | cut -d ' ' -f 2)" #echo "nic_ip2 = ${nic_ip}" if [ "${prev_ip}" != "${nic_ip}" ]; then # Update dynamic DNS hosting site with new ip address. website="https://dynamicdns.park-your-domain.com/update?" dyn_host="host=home-fbsd&domain=host.xxxxxxx.com" password="&password=a3e0ffc2274746b29ceaf126d59e51c1" url="$website$dyn_host$password" #echo "$url" /usr/local/bin/wget -O /var/log/namecheap.dynip.update.log -q "$url" #echo "rtn-code = $?" if [ $? -ne 0 ]; then echo "Error: /usr/local/bin/wget command failed." exit 3 fi #echo "${nic_ip}" > ${prev_ip_file} prev_ip="${nic_ip}" fi sleep ${elapse_time} done /root/bin cat /usr/local/etc/rc.d/dynip #!/bin/sh # # # PROVIDE: dynip # REQUIRE: LOGIN # KEYWORD: shutdown # # Add the following line to /etc/rc.conf to enable dynip: # # dynip_enable="YES" # . /etc/rc.subr name=dynip rcvar=dynip_enable command="/usr/local/bin/${name}" run_rc_command "$1" From owner-freebsd-questions@freebsd.org Tue Nov 7 00:38:30 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E4435E6AA56 for ; Tue, 7 Nov 2017 00:38:30 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: from mail-pf0-x236.google.com (mail-pf0-x236.google.com [IPv6:2607:f8b0:400e:c00::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A3B1968947 for ; Tue, 7 Nov 2017 00:38:30 +0000 (UTC) (envelope-from non.euc.geo.1854@gmail.com) Received: by mail-pf0-x236.google.com with SMTP id b85so8996486pfj.13 for ; Mon, 06 Nov 2017 16:38:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=wDiZ0DsEBOmluNKQ39kckynrAKS36MfgdPOPy3t3v9k=; b=ae6oDAZH09LtvdZjaBZnaRatFTTvywmBj4uO3ZUMXOLe9q7nNRusT8GdpevhEpOYmR rdFILMOKdAw9mlrVaXUpRlL8nywWZ9vjsCXtfN+Xr/hz4ClYCfMwd7NKzZGWLpcZwVH/ SY0tkrC7Os/LIOgZd8gZeWdhb8axcOZ6RUMidFd7RlPaz8+KkLIObLs4CyDmNMAfAU8G qKbtSOO7QIuZWtN/5acR/zcOcOP5/N0Lg/XE/YP/mgPJeypmrgqGGGNUe6KWmAhJ4tSV dYCvdNSMILM6V5TNB5/170wP87ksCS++MCcKqzUQnQsX6VIfQ39ZgmPaHHLPblvC5C08 vVvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id :disposition-notification-to:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=wDiZ0DsEBOmluNKQ39kckynrAKS36MfgdPOPy3t3v9k=; b=srn+9siGITU50W2f+q+wyi77gZYqVApnad9IB/AvdrcHPCEfS0LZ/yYFY8VEgkGxy8 TEAvrQX5VYGiHpUj8/K4S+IW8FeauvtNfOOwSkEtEGpnqVbH/k0MMn1PGMUltlztsAE1 FrcETTJGvkC1VMxDifF4TD7lL+BNbVx1cAMNlrNbkOdMFYyxGBYpVxm3C3uoNk8wBbDI QBvu/0WUqgYUo1QU3s2IMlHvUmAGARiPO2VtkDzCc2HA0GU1nAJ4QCwN8rJIRnZpMKbQ Du7x229//AlkYLLNN35+UJDe+NMn+OP1wm+poLwuziV3rsfYpweOQ2CC38JZhXY5DQg/ QNig== X-Gm-Message-State: AMCzsaXbxaoPLQ5zcnErBJghV0VO/ZYAmBN4vrJ0cVLgLJvEkg3KL1FQ cpiD5zbrtEDgysYFeUXb84G+cA== X-Google-Smtp-Source: ABhQp+R+jmmMeId3tS6w47MXuaEiwOfORYwvbfijyJAw5v3A7qTSepsVkdBvEYwNeNzeFLN/r2WRfQ== X-Received: by 10.99.7.70 with SMTP id 67mr17275380pgh.238.1510015109890; Mon, 06 Nov 2017 16:38:29 -0800 (PST) Received: from [192.168.1.7] (47-33-76-3.dhcp.rvsd.ca.charter.com. [47.33.76.3]) by smtp.googlemail.com with ESMTPSA id w9sm3696pfk.16.2017.11.06.16.38.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2017 16:38:29 -0800 (PST) Subject: Re: freebsd-questions Digest, Vol 700, Issue 6 To: Polytropon Cc: freebsd-questions@freebsd.org References: <977cc6e1-219b-8213-4790-1f28cbaebb67@gmail.com> <20171106025959.231c2772.freebsd@edvax.de> From: "J.B." Message-ID: Date: Mon, 6 Nov 2017 16:38:28 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171106025959.231c2772.freebsd@edvax.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 00:38:31 -0000 On 11/05/2017 05:59 PM, Polytropon wrote: > On Sun, 5 Nov 2017 17:16:38 -0800, J.B. wrote: >>> Message: 4 Date: Fri, 3 Nov 2017 10:44:04 -0700 From: "J.B." >>> To: freebsd-questions@freebsd.org >>> Subject: VT_ALT_TO_ESC_HACK for sc (syscons) Message-ID: >>> <184bbd63-e635-1d52-19a6-3e9c1a414e40@gmail.com> Content-Type: >>> text/plain; charset=utf-8; format=flowed FreeBSD 11.1-RELEASE is using >>> vt as the default console driver, and it contains a hack which maps an >>> ESC sequence to the Alt key on your keyboard. FreeBSD 10.3-RELEASE >>> uses sc as the default driver, and the Alt keys don't register a >>> keystroke for most cases. On vt, Alt-b, Alt-f, Alt-Backspace, etc., >>> behave as they do when logged in over SSH using a bash shell (with its >>> default emacs bindings): move the cursor backwards one word, forwards >>> one word, delete word to the right of the cursor, etc. How can that >>> effect be replicated on sc? I tried a new keymap using kbdcontrol, but >>> there's no way to map key combinations onto the alt-b, alt-f, alt-bs, >>> etc., sequences -- the mapfile only allows for single keystrokes. I >>> know I can set vt as the console driver on 10.3-RELEASE, but the font >>> in vt is so ugly I want to gouge other peoples' eyes out to save them >>> from the horrors of seeing it. Adjusting the screen resolution only >>> helped a tiny bit -- not enough to save peoples' eyes from my angry >>> fingers. Tried the sample fonts inside /usr/share/vt/fonts/ already. >> Nobody knows how to implement that hack or replicate its effect on sc? > As far as I know, sc does not support this kind of capturing key > events. A notable exception is Alt+PF1, Alt+PF2 and so on for > switching the virtual terminals which is "handled interally" (by > the console driver itself) and won't be available to text mode > programs. > > Maybe /usr/src/sys/dev/syscons/syscons.c reveals the magic, which > probably involves ioctl()... > > > >> Then what about getting vt's display to look like sc? > Not possible, as it seems. This has been discussed recently. There > are too many "moving parts" within vt and in the surrounding tools. > Essentially, text mode is dead. > I'm sad to hear that, P. -- text mode is my favorite mode :( Thanks for the info. From owner-freebsd-questions@freebsd.org Tue Nov 7 06:22:39 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AA9DE4FE65 for ; Tue, 7 Nov 2017 06:22:39 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D7EAB649E6; Tue, 7 Nov 2017 06:22:38 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id vA76HEYc048314; Tue, 7 Nov 2017 17:17:14 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 7 Nov 2017 17:17:14 +1100 (EST) From: Ian Smith To: Cos Chan cc: freebsd-questions , Michael Ross , Kurt Lidl Subject: Re: How to setup IPFW working with blacklistd In-Reply-To: Message-ID: <20171107162914.G9710@sola.nimnet.asn.au> References: <20171106235944.U9710@sola.nimnet.asn.au> <20171107033226.M9710@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 06:22:39 -0000 On Mon, 6 Nov 2017 22:43:02 +0100, Cos Chan wrote: > On Mon, Nov 6, 2017 at 5:50 PM, Ian Smith wrote: > > > On Mon, 6 Nov 2017 16:41:41 +0100, Cos Chan wrote: > > > On Mon, Nov 6, 2017 at 3:09 PM, Ian Smith wrote: [ time to cut mightily .. also cc'ing blacklistd maintainer Kurt Lidl for whom I'll point to the start of this thread at: https://lists.freebsd.org/pipermail/freebsd-questions/2017-November/279598.html ] > > > > and such. Tables really are the way to go for this sort of thing. > > > > > > thanks, I studied the /usr/libexec/blacklistd-helper, looks like it is > > good > > > as you said but it needs ipfw-blacklist.rc for ipfw? > > > > > > if [ -f "/etc/ipfw-blacklist.rc" ]; then > > > pf="ipfw" > > > . /etc/ipfw-blacklist.rc > > > ipfw_offset=${ipfw_offset:-2000} > > > fi > > > > > > I could not find this file in /etc/ > > > > Yes, you need to create it. It's both a "using ipfw" flag and somewhere > > to put settings, or at least the needed 'ipfw_offset=4000' one. > > > > Thanks to Michael Ross for posting the link to these instructions: > > > > https://people.freebsd.org/~lidl/blacklistd.html > > > > I downloaded the tarball from there and checked it out (no 11.x systems > > here). I expect that article has enough info to get you going. > Thanks to Michael Ross too. > > I have followed the steps but seems not working, here is the ipfw list > output: > > $ sudo ipfw list > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 00400 deny ip from any to ::1 > 00500 deny ip from ::1 to any > 00600 allow ipv6-icmp from :: to ff02::/16 > 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 > 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 > 00900 allow ipv6-icmp from any to any ip6 icmp6types 1 > 01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136 > 01100 check-state :default > 01200 allow tcp from me to any established > 01300 allow tcp from me to any setup keep-state :default > 01400 allow udp from me to any keep-state :default > 01500 allow icmp from me to any keep-state :default > 01600 allow ipv6-icmp from me to any keep-state :default > 01700 allow udp from 0.0.0.0 68 to 255.255.255.255 dst-port 67 out > 01800 allow udp from any 67 to me dst-port 68 in > 01900 allow udp from any 67 to 255.255.255.255 dst-port 68 in > 02000 allow udp from fe80::/10 to me dst-port 546 in > 02100 allow icmp from any to any icmptypes 8 > 02200 allow ipv6-icmp from any to any ip6 icmp6types 128,129 > 02300 allow icmp from any to any icmptypes 3,4,11 > 02400 allow ipv6-icmp from any to any ip6 icmp6types 3 > 02500 allow tcp from any to me dst-port 22 > 02600 allow tcp from any to me dst-port 25 > 02700 allow tcp from any to me dst-port 80 > 02800 allow tcp from any to me dst-port 443 > 02900 allow tcp from any to me dst-port 21 > 65000 count ip from any to any > 65100 deny { tcp or udp } from any to any dst-port 135-139,445 in > 65200 deny { tcp or udp } from any to any dst-port 1026,1027 in > 65300 deny { tcp or udp } from any to any dst-port 1433,1434 in > 65400 deny ip from any to 255.255.255.255 > 65500 deny ip from any to 224.0.0.0/24 in > 65500 deny udp from any to any dst-port 520 in > 65500 deny tcp from any 80,443 to any dst-port 1024-65535 in > 65500 deny ip from any to any > 65535 deny ip from any to any > > looks like the blacklist records are not added to ipfw. Indeed, that looks stock standard. > I have also tried to add -C option to rc.conf: > > blacklistd_enable="YES" > blacklistd_flags="-r -C /usr/libexec/blacklistd-helper" > > But also not working. The ipfw list output is same as above. As mentioned, no FreeBSD 11 system here, so I'm punting on the docs. I suppose you will have created the flagfile? # echo 'ipfw_offset=4000' > /etc/ipfw-blacklist.rc You could put that in /etc/rc.local to be sure it survives updates. Clearly ipfw needs to be running before blacklistd starts, as it's using /etc/rc.firewall, which begins by flushing all rules. You could check that's observed on startup - as I assume it must be - with: % rcorder /etc/rc.d/* | egrep 'ipfw|blacklist' Secondly, once ipfw's up, you could manually start blacklistd with the -d switch (maybe -dv) to run it in forground while it's getting going to see what it reports. -C seems to be default, but your use of -r seems smart as ipfw doesn't maintain tables across runs (without scripting). You could also try uncommenting the 'set -x' in blacklistd-helper to get a blow-by-blow list (to stderr) of its progress while doing its thing, which should provide some solid clues. Other than that, I'm flying blind :) > > Also, despite no mentions in the manuals, the ipfw implementation does > > indeed use tables, and in a sensible fashion, given it fits in with the > > existing 'workstation' section in /etc/rc.firewall. Quite clever really. > > > > > the rc.conf file was modified to: > > > > > > blacklistd_enable="YES" > > > blacklistd_flags="-C /usr/libexec/blacklistd-helper" > > > > > > and the blacklistd restarted but no luck yet. > > > > Let us know how it works out? And thanks for cc'ing me on these, as I take the daily questions-digest. cheers, Ian From owner-freebsd-questions@freebsd.org Tue Nov 7 07:31:17 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 046CEE512A7 for ; Tue, 7 Nov 2017 07:31:17 +0000 (UTC) (envelope-from lists@nerdbynature.de) Received: from trent.utfs.org (trent.utfs.org [IPv6:2a03:3680:0:3::67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C70C86927E for ; Tue, 7 Nov 2017 07:31:16 +0000 (UTC) (envelope-from lists@nerdbynature.de) Received: from localhost (localhost [IPv6:::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by trent.utfs.org (Postfix) with ESMTPS id 593AA5FC32; Tue, 7 Nov 2017 08:31:06 +0100 (CET) Date: Mon, 6 Nov 2017 23:31:06 -0800 (PST) From: Christian Kujau To: Ernie Luzar cc: "freebsd-questions@freebsd.org" Subject: Re: Need help with rc.d script In-Reply-To: <5A00F101.8040708@gmail.com> Message-ID: References: <5A00F101.8040708@gmail.com> User-Agent: Alpine 2.21.9 (DEB 223 2017-09-30) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 07:31:17 -0000 On Mon, 6 Nov 2017, Ernie Luzar wrote: > I wrote this sh script today for dynamic dns ip updates. Why not use the many scripts that already exist do do that? Since you're using namecheap: | Are there any alternate Dynamic DNS clients? | https://www.namecheap.com/support/knowledgebase/article.aspx/5/11/ > When I use service dynip start command it just hangs there. Try running it with "set -x" to see where it hangs. | https://en.wikibooks.org/wiki/Bourne_Shell_Scripting/Debugging_and_signal_handling C. -- BOFH excuse #273: The cord jumped over and hit the power switch. From owner-freebsd-questions@freebsd.org Tue Nov 7 08:49:57 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3C0A1E52C05 for ; Tue, 7 Nov 2017 08:49:57 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E357D7026B for ; Tue, 7 Nov 2017 08:49:56 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by mail-qk0-x233.google.com with SMTP id a142so5501051qkb.5 for ; Tue, 07 Nov 2017 00:49:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=g2Rc3s0iLKi1nPN/41PDiEA54hE3ctffd6xbBsepB38=; b=FoXZI6Feeq6VQ1FvS2W8oeFJ45hev1bcd2dD4toyW5qhongOmP3+ehRDkVnPlMM6Xy 1Yj1QUjQ4SfWU4NjRAqldfo9gIExlooekt5WVXiUHHQusVTMEZUSt0bzB3ZtY3/ZzDzh Bj/A9dI1vQ9jGuc0Ic01McU0u6Xx8+FaN9c0uFdaLmxfpCEVtu+dDTQvkdM1AsNTpcC+ wcmRgGoilS1M6Fl/Or/nqZy5kDdXHOidXRNmWpoY5ImPKGmAocF7ZA5glvOzhCCCvFwI dVJbbiMJ7b4jyIsjK5UExsOwe8oMqboqTB2IYJqrxzdIt4X5G7AnywgL7kE8N5FxGuyb Riyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=g2Rc3s0iLKi1nPN/41PDiEA54hE3ctffd6xbBsepB38=; b=Vz2VMzAFKQ/llO5DPgH/sJ6f5Zz1KQovvE1vkBQrzVrOxUimi6PBhumScqb6iWSst9 sN8avRPE7UFfgk6GIgiPifOx7mLgVzxryAbxkvdhB/wKC62LLunKy04mgW1rU6g7i/DP MIK7XYbrON8VpvF/c0Z7giWy8gAizI17RT2cyGix2KhyjwNIIK+v8BTQorMnHrDgC46G zcQV461qSvjv1Z2LODplx0xh6hnqlj2BIGNub+cPzX3y2vkHiPD3NXebzgtm+WqKll/l wIlLSDqalnAlMhHmwyD1vWI8UGJ4O50mRGndDOtHxBILtDwLKUElfWB6h7mFWtxwQv60 eAYQ== X-Gm-Message-State: AJaThX4sY5cP683MM3QmWZWT781+FBr6IsWsDhEwWhcAvU5eYyzgC1P+ x3dN0V9txBMXq81rnZ+Fn3KFpzmgD2S6vYHAmBI= X-Google-Smtp-Source: AGs4zMazwA9CtV0/n37iCvwqLgLKGGHZD316bWZ6fEAgMJunjOK3mT9DoENeL5hSTFNitJugLiADzx3yzUn9YGv54fY= X-Received: by 10.233.235.13 with SMTP id b13mr2615725qkg.288.1510044596001; Tue, 07 Nov 2017 00:49:56 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.20.65 with HTTP; Tue, 7 Nov 2017 00:49:55 -0800 (PST) In-Reply-To: References: <5A00F101.8040708@gmail.com> From: krad Date: Tue, 7 Nov 2017 08:49:55 +0000 Message-ID: Subject: Re: Need help with rc.d script To: Christian Kujau Cc: Ernie Luzar , "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Nov 2017 08:49:57 -0000 By the looks of it the while loop with never exit unless the wget fails, therefore the rc script calling the script will never exit. If this is intended have a look at calling the the script via the daemon command as that will handle back grounding it. its quicker to invoke with the following, then you dont have to edit the script sh -x