From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 10:41:22 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A5CD016A4CE for ; Tue, 7 Sep 2004 10:41:22 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8F38543D48 for ; Tue, 7 Sep 2004 10:41:22 +0000 (GMT) (envelope-from brisbanebsd@mac.com) Received: from mac.com (webmail07-en1 [10.13.11.149]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i87AfMao025108 for ; Tue, 7 Sep 2004 03:41:22 -0700 (PDT) Received: from webmail07 (localhost [127.0.0.1])i87AfL00013966 for ; Tue, 7 Sep 2004 03:41:21 -0700 (PDT) Message-ID: <615788.1094553681580.JavaMail.brisbanebsd@mac.com> Date: Tue, 07 Sep 2004 20:41:21 +1000 From: brisbanebsd@mac.com To: freebsd-security Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Originating-IP: 203.113.210.222, 202.45.107.1/instID=32 Subject: ipfw2 in 5.2.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 10:41:22 -0000 hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling capability. I was going to try and place a freebsd box between this external netowrk and my internal network and only allow traffic from know MAC addresses. I cannot find a lot of info on google on compiling the kernal for ipfw2, and their is no man page for ipfw2 only ipfw. If thisis the wrong list can someone please direct me to the right one. Ta. From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 10:51:29 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CA8D16A4CE for ; Tue, 7 Sep 2004 10:51:29 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-206-229-100.dyn.iinet.net.au [203.206.229.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8A4743D53 for ; Tue, 7 Sep 2004 10:51:27 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i87ApO5x039289; Tue, 7 Sep 2004 20:51:25 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Tue, 7 Sep 2004 20:51:24 +1000 (EST) From: Neo-Vortex To: brisbanebsd@mac.com In-Reply-To: <615788.1094553681580.JavaMail.brisbanebsd@mac.com> Message-ID: <20040907204931.C39262@Neo-Vortex.Ath.Cx> References: <615788.1094553681580.JavaMail.brisbanebsd@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security Subject: Re: ipfw2 in 5.2.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 10:51:29 -0000 On Tue, 7 Sep 2004 brisbanebsd@mac.com wrote: > hi - this is my first post to this list so go easy on me ! I am trying to find info on using ipfw2 with freebsd 5.2.1 as I have read that it supports MAC address based firewalling. Situation is, I have a small externally managed VPN network, about 12 different subnets all terminating in my office location, and all managed by a tier 1 telco. Problem is, their CPE routers do not have any firewalling capability. I was going to try and place a freebsd box between this external netowrk and my internal network and only allow traffic from know MAC addresses. > > I cannot find a lot of info on google on compiling the kernal for ipfw2, and their is no man page for ipfw2 only ipfw. he he, thats because 5.2.1 uses ipfw2 by default... so yeah, when you enable the firewall in the kernel, its ipfw2 :P easiest way is just run 'kldload ipfw', but yeah, make sure your at the console because it DEFAULTS TO CLOSED! (ie, all communication will stop), and incase you need to quickly unload it, 'kldunload ipfw', you can compile it in the kernel, but yeah, to get started you can just use kldload :P nice and quick :P > If thisis the wrong list can someone please direct me to the right one. Ta. ~Neo-Vortex From owner-freebsd-security@FreeBSD.ORG Tue Sep 7 15:15:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0E4216A4D1 for ; Tue, 7 Sep 2004 15:15:23 +0000 (GMT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 33FF043D58 for ; Tue, 7 Sep 2004 15:15:12 +0000 (GMT) (envelope-from roam@ringlet.net) Received: (qmail 19458 invoked from network); 7 Sep 2004 15:13:16 -0000 Received: from unknown (HELO straylight.m.ringlet.net) (217.75.134.254) by gandalf.online.bg with SMTP; 7 Sep 2004 15:13:16 -0000 Received: (qmail 5299 invoked by uid 1000); 7 Sep 2004 15:15:33 -0000 Resent-From: roam@ringlet.net Resent-Date: Tue, 7 Sep 2004 18:15:33 +0300 Resent-Message-ID: <20040907151533.GA4460@straylight.m.ringlet.net> Resent-To: freebsd-security@FreeBSD.org Date: Mon, 7 Sep 2004 17:39:32 +0300 From: Peter Pentchev To: freebsd-security@FreeBSD.org Message-ID: <20040907143932.GA3726@straylight.m.ringlet.net> Mail-Followup-To: freebsd-security@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline User-Agent: Mutt/1.5.6i Subject: ACS-38 SmartCard reader X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 15:15:23 -0000 --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, Has anybody tried to get an ACR-38 USB smart card reader working with the devel/pcsc-lite library under FreeBSD? The vendor, Advanced Card Systems, seems to provide a Linux driver with sources, which I could probably port without too much hassle (depending on the license and such) at http://www.acs.com.hk/downloads_drivers.asp#ACR38, but neither that page nor Google nor marc.theaimsgroup.com nor the FreeBSD mailing list archives seem to suggest anything being available for FreeBSD. The only thing I could find that seems to be somewhat close is the ccid project at http://pcsclite.alioth.debian.org/ - yet it says that ACR-38 support is not quite working and occassionally the communication will hang. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I had to translate this sentence into English because I could not read the = original Sanskrit. --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBOJ5E7Ri2jRYZRVMRAk+OAKCaaOKOpAf0K2Z421yUfLsi6WV0CwCgn+S9 u1KW6O//qJzUlv+X5n5yPMY= =pUiW -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR-- From owner-freebsd-security@FreeBSD.ORG Wed Sep 8 08:15:52 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21ED116A4CE for ; Wed, 8 Sep 2004 08:15:52 +0000 (GMT) Received: from Neo-Vortex.Ath.Cx (203-206-229-100.dyn.iinet.net.au [203.206.229.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15D3C43D49 for ; Wed, 8 Sep 2004 08:15:50 +0000 (GMT) (envelope-from root@Neo-Vortex.Ath.Cx) Received: from localhost.Neo-Vortex.got-root.cc (Neo-Vortex@localhost.Neo-Vortex.got-root.cc [127.0.0.1]) by Neo-Vortex.Ath.Cx (8.12.10/8.12.10) with ESMTP id i888Fj5x049855; Wed, 8 Sep 2004 18:15:47 +1000 (EST) (envelope-from root@Neo-Vortex.Ath.Cx) Date: Wed, 8 Sep 2004 18:15:45 +1000 (EST) From: Neo-Vortex To: Peter Pentchev In-Reply-To: <20040907143932.GA3726@straylight.m.ringlet.net> Message-ID: <20040908181320.C49833@Neo-Vortex.Ath.Cx> References: <20040907143932.GA3726@straylight.m.ringlet.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: ACS-38 SmartCard reader X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Sep 2004 08:15:52 -0000 errr, i dont really see much relevence between this and security, unless you are meaning the uses of it, but yeah, im guessing a differnt mailing list would be more suitable, anyway... Ports is used to port stuff over to freebsd without having the origional maker having to do it... so yeah, it isnt surprising that they havnt got anything about it on their site... and with the http://pcsclite.alioth.debian.org/ page, if its up-to-date and is reffering to the same piece of software as in devel/pcsc-lite (which i would assume it is), then its diagnosis would most likely be accurate... On Mon, 7 Sep 2004, Peter Pentchev wrote: > Hi, > > Has anybody tried to get an ACR-38 USB smart card reader working with > the devel/pcsc-lite library under FreeBSD? The vendor, Advanced Card > Systems, seems to provide a Linux driver with sources, which I could > probably port without too much hassle (depending on the license and > such) at http://www.acs.com.hk/downloads_drivers.asp#ACR38, but neither > that page nor Google nor marc.theaimsgroup.com nor the FreeBSD mailing > list archives seem to suggest anything being available for FreeBSD. > > The only thing I could find that seems to be somewhat close is the ccid > project at http://pcsclite.alioth.debian.org/ - yet it says that ACR-38 > support is not quite working and occassionally the communication will > hang. > > G'luck, > Peter > > -- > Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org > PGP key: http://people.FreeBSD.org/~roam/roam.key.asc > Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 > I had to translate this sentence into English because I could not read the original Sanskrit. >