[00:06] up_the_irons \o [00:12] Do some support now :D [01:03] *** LT has joined #arpnetworks [01:29] *** sentabi_co has joined #arpnetworks [01:30] *** jwfoxjr has quit IRC (Ping timeout: 258 seconds) [01:30] *** jwfoxjr has joined #arpnetworks [01:38] *** sentabi_co has quit IRC (Ping timeout: 264 seconds) [01:42] *** sentabi_co has joined #arpnetworks [01:45] *** schmir has joined #arpnetworks [02:01] *** visinin has quit IRC (Quit: sleep) [02:02] *** sentabi_co has quit IRC (Ping timeout: 272 seconds) [02:02] *** sentabi_co has joined #arpnetworks [02:30] *** sentabi_co has quit IRC (Ping timeout: 240 seconds) [02:30] *** sentabi_co has joined #arpnetworks [02:30] *** schmir has quit IRC (Read error: Connection reset by peer) [02:38] *** schmir has joined #arpnetworks [03:28] up_the_irons: thanks :) [03:29] *** schmir has quit IRC (Ping timeout: 240 seconds) [03:30] *** schmir has joined #arpnetworks [03:31] *** sentabi_co has quit IRC (Ping timeout: 272 seconds) [03:32] *** sentabi_co has joined #arpnetworks [03:44] *** infrared has quit IRC (Quit: leaving) [04:05] *** schmir has quit IRC (Remote host closed the connection) [04:08] *** schmir has joined #arpnetworks [04:27] *** sentabi_co has quit IRC () [04:37] *** schmir has quit IRC (Ping timeout: 260 seconds) [04:41] *** schmir has joined #arpnetworks [05:07] *** heavysixer has joined #arpnetworks [05:07] *** ChanServ sets mode: +o heavysixer [05:13] *** jwfoxjr has quit IRC (Remote host closed the connection) [05:36] *** ziyourenxiang has joined #arpnetworks [06:01] I have a pf question for those that are more experienced with pf than I (read: everyone). [06:03] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang) [06:16] We might have an answer. [06:19] I use BIND locally in a forward-only configuration. [06:19] my forwarders are 8.8.8.8 and 8.8.4.4 (Google). [06:20] The oddity that I'm trying to understand / resolve is this output in my daily logs: [06:20] http://pastebin.com/mxVDuNGG [06:21] if I'm initiating the connection I wouldn't think there would be problems getting back in. If they are initiating a connection, 1) why? 2) sholud that be something I let through? [06:24] and if so how to I allow randomized destination ports, or do I set a source port allow rule? [06:24] with udp there is no such thing as a connection or session [06:25] this seems so be the return traffic that contains the answer of your dns queries [06:28] http://www.openbsd.org/faq/pf/filter.html#udpstate describes this more detailed [06:28] the strange thing is that DNS is functioning as I would expect. [06:28] so I'm sure some/most requests are being answered and returned properly. [06:29] I just started noticing those lines in my logs though, so I thought it was worth looking into. [06:30] could also be that this is return dns traffic that arrives after the timeout is reached [06:32] in which case it's harmless [06:33] yes [06:33] you could increase the timeout in PF [06:33] default is 10 seconds [06:35] doesn't sound like it's too critical. I may just watch it and see if it keeps up. [06:37] I've found a few more pf related lines in my logs. I think I need to learn how to read this output better. [06:51] *** RandalSchwartz has quit IRC (Quit: updating OS) [07:06] *** RandalSchwartz has joined #arpnetworks [07:06] Yeay - upgraded to 8.0-release-p3 [07:06] Had troubles booting the box though... maybe I was just impatient [07:06] looked like it was sitting at the freebsd boot menu [07:07] so I hard-cycled it one more time, and everything worked the second time [07:14] *** vtoms has joined #arpnetworks [07:16] mine didn't seem to have any problems coming up, thankfully. [07:19] well - yeah, the smaller $20 VPS worked just fine [07:19] maybe the big 200GB disk took a bit to verify [07:37] anyway, I'm now at least protected against the latest OPIE potential attack [07:53] *** schmir has quit IRC (Ping timeout: 265 seconds) [08:10] *** schmir has joined #arpnetworks [08:17] *** schmir has quit IRC (Remote host closed the connection) [08:37] *** LT has quit IRC (Quit: Leaving) [09:32] *** cedwards has quit IRC (Quit: leaving) [09:35] *** cedwards has joined #arpnetworks [09:50] *** vtoms has quit IRC (Quit: Leaving.) [10:13] RandalSchwartz: haven't bothered rebooting yet. The kernel patch bit doesn't actually affect me. [10:13] you're not using anything with logins? [10:13] opie isn't a kernel patch [10:14] the kernel patch is for the nfs fix [10:14] have you restarted the services then? [10:14] so they link to the new shared lib? [10:15] my box just went crazy and I had to hard-boot it. strange. [10:15] it's already disabled for ossh, I don't use ftp [10:15] so I should be safe on that front too. [10:15] at least, that's my understanding. [10:16] gotta say though, I love how freebsd doesn't have a kernel patch every 30 seconds. [10:17] freebsd <3 [10:21] *** viq has quit IRC (Quit: Shin! Shin! Sei! Kyu! Sai!) [10:35] zfs ftw [10:36] I just did some major maintenance on my webserver, and the whole time I was thinking to myself "I did a snapshot yesterday. No need to worry" [11:01] cedwards: tell that to Joyent ;) [11:13] man it is _so_ dead at work today. [11:14] three day weekend [11:15] my boss started his on Wed. [11:16] quiet here too. [11:16] "a little TOO quiet...." [11:24] *** vinnyt has joined #arpnetworks [11:25] *** vinnyt has quit IRC (Client Quit) [11:27] *** vinnyt has joined #arpnetworks [11:29] *** vinnyt has quit IRC (Client Quit) [12:01] *** visinin has joined #arpnetworks [12:07] is it too early to say Gary Coleman died of some sort of different stroke? [12:09] Nah, we just said that at work. [12:11] heh [12:11] so I wasn't the only one thinking it [12:11] I wonder if the press is very careful not to call it a Stroke for that reason [12:13] I doubt it. Headlines are written for pagerank not to be clever, they're clearly trying to cash in on the highly desired "intercranial hemorrhage" search market... [12:15] "stroke 'em if you got 'em" [12:16] aw dude come on :( [12:16] we don't need to bring sexism into this [12:18] heh - looks like the tweet crowd beat me too it [12:28] "Gary Coleman used to be under 4 feet. Now he's four feet under!" [12:31] *** cedwards has quit IRC (Quit: leaving) [12:46] *** cedwards has joined #arpnetworks [13:05] *** cmeiklejohn has quit IRC (Ping timeout: 260 seconds) [13:17] wish me luck. doing a perl5.8 -> 5.10 port upgrade on one of my jails. [13:18] * RandalSchwartz cues the jailhouse blues music [13:56] *** visinin has quit IRC (Quit: leaving) [15:28] hrm... [15:34] *** bob^^ has quit IRC (Quit: Changing server) [15:35] *** bob^^ has joined #arpnetworks [15:38] *** AndrewBC has quit IRC (Ping timeout: 248 seconds) [15:38] *** AndrewBC_ has joined #arpnetworks [16:14] *** AndrewBC_ is now known as AndrewBC [16:37] *** heavysixer has quit IRC (Quit: heavysixer) [17:57] *** BarberRonny has quit IRC (Quit: leaving) [18:12] *** infrared has joined #arpnetworks [18:24] hi [18:52] hi [19:19] *** heavysixer has joined #arpnetworks [19:19] *** ChanServ sets mode: +o heavysixer [19:38] *** heavysixer has quit IRC (Quit: heavysixer) [20:01] whee. [20:02] whee! [20:31] hrm. [20:31] I thought File::Fetch was core... maybe only in 5.12 :/ [20:31] never [20:32] hrm [20:32] File::Fetch was new in 5.10 [20:32] ... so why doesn't my 5.10 install have it. [20:34] oh it does. [20:34] ... but my shebang is /usr/bin, not /opt/csw/bin [20:34] ... and /usr/bin is 5.8 [20:34] * jdoe very, very slowly connects the dots. [20:35] ugh. Speaking of very slowly, perl 5.8.4 was released April 23rd, 2004. [20:35] naturally, it's the default perl in the OpenSolaris dev builds... [20:51] *** cedwards has quit IRC (Quit: leaving)