DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd January 2018
ucharfli ucharfli is offline
Port Guard
 
Join Date: May 2017
Posts: 22
Default pf.conf help?

Hi guys;
I use wireless modem. How do I structure the security wall.
I want my IP address not to go out when I use a VPN. Can you write a PF rule for me?
The traffic will go through the VPN and the normal internet will not come out when the attack and the attacking VPN are disconnected.

I'm ignorant about security.
I do not know PF.
Can you help me please?
My pf.conf
Code:
#	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
wlan_if="ra0"

set skip on lo

block return	# block stateless traffic
pass		# establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

antispoof for { lo0 $wlan_if } inet

match in all scrub (no-df random-id)
Reply With Quote
  #2   (View Single Post)  
Old 22nd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by ucharfli View Post
...I'm ignorant about security.
I would rephrase that, and say that you are ignorant about network protocols, because this desire is implausible:
Quote:
...I want my IP address not to go out when I use a VPN...
There are two common VPN technologies that "tunnel" traffic between endpoints: IPSec and OpenVPN. In both cases, your IP address must be known by the remote endpoint, you cannot hide it. The remote endpoint needs it to communicate with your IP address in order to establish and maintain the tunnel, and to forward and receive traffic from "within the tunnel" -- whether that data is encrypted or plaintext.

PF filters traffic. It does not "hide" IP addresses that are required to send and receive traffic, and won't help you meet your desire.
The way that VPN services market "hiding" your address is by configuring their remote gateway to use Network Address Translation (NAT), which will translate your IP address to one that originates on the remote gateway.
But this only obfuscates your IP address -- it does not "hide" it from anyone with access to the remote gateway's logs, such as might occur during legal discovery or from a search conducted by law enforcement. And at all times, the third party VPN provider has access to your IP address, and to all data that transits the tunnel, and any data encrypted by the tunnel endpoints as they have the keys for any ciphers used between VPN endpoints. The company has to have all of this in order to establish and maintain the tunnel.

----

Edited to add: The Tor Project is designed to make endpoint IP address discovery more difficult, primarily for anonymous browsing.

https://en.wikipedia.org/wiki/Tor_(anonymity_network)

http://openports.se/meta/tor-browser

Last edited by jggimi; 22nd January 2018 at 07:36 PM. Reason: Added comments about the Tor Project, then corrected a link and clarified them
Reply With Quote
  #3   (View Single Post)  
Old 23rd January 2018
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 335
Default

"Let the Pro's due the work for you" ?

Like the Pro's at ---> "Equifax Tm"
Reply With Quote
  #4   (View Single Post)  
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
Originally Posted by frcc View Post
"Let the Pro's due the work for you" ?

Like the Pro's at ---> "Equifax Tm"
Obviously you don't want the "pros" from Equifax. lol

But seriously...

The poster said they want to use a VPN not Tor and know nothing about making PF work with VPN. They want someone to write the rules for them, so obviously they aren't interested in learning PF. They aren't going to get help here with that, so they have the following options:

1) Learn PF which is hard. No average user is going do that and lets be honest, most don't have the ability to get it right first time. So if they try it they will mess up and expose their IP to the people they do not want to see it. This could have legal consequences for them.

2) Go to a VPN that supports OpenBSD. I only know of one that says they support OpenBSD, but I have no idea if they are skilled or reputable.

3) Uninstall OpenBSD and return to Linux, or worse Windows/Apple as these OS are supported by one reputable VPN that I know of, while OpenBSD is too small for them to support.

OpenBSD + VPN + PF will get you doxxed if you don't have the skills to use it properly. If you don't have the determination or time to get those skills take option 2 or 3.
Reply With Quote
  #5   (View Single Post)  
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Prevet View Post
The poster said they want to use a VPN not Tor...
I interpreted the request quite differently. I saw this:
Quote:
Originally Posted by ucharfli View Post
I want my IP address not to go out when I use a VPN.
This showed a misunderstanding of the basics of the Internet Protocol used in TCP/IP, and perhaps may also show a misunderstanding of what VPNs are and do.
Quote:
... and know nothing about making PF work with VPN.
PF is very simple to use, but it requires knowledge of the underlying protocols being filtered. Without that knowledge, PF is merely a copy/paste guessing game.
Quote:
...They aren't going to get help here with that...
I'm happy to assist people with PF rules creation, analysis and testing. I'm also happy to help guide people to learn about networking and to learn about PF. But I cannot help them accomplish the impossible.
Quote:
1) Learn PF which is hard. No average user is going do that and lets be honest, most don't have the ability to get it right first time.
I disagree with this assertion. PF rule syntax is easy to learn. But as noted above, properly applying these rules requires a basic understanding the protocols that PF is to manage.
Quote:
So if they try it they will mess up and expose their IP to the people they do not want to see it. This could have legal consequences for them.
I'll rephrase what I wrote in my first reply in this thread:
  • PF can't "hide" an IP address. The Internet Protocol (IP) requires both a sending and receiving address. If the sender uses a false sending address, such as a bad actor might use during a packet injection attack, no reply can be received.
  • Network Address Translation is marketed by VPN service providers as "hiding" the source of communication, but it cannot truly do so. The source IP and any plaintext ciphered by a service provider is not hidden from litigation, not hidden from criminal investigation, and certainly not hidden from the service provider. The NAT they use to "hide" a customer's address is the same exact NAT used in any at-home NAT router.
Quote:
2) Go to a VPN that supports OpenBSD...
The OS is immaterial. Virtual Private Networks do not hide IP addresses. NAT merely obfuscates them.

Last edited by jggimi; 23rd January 2018 at 03:37 PM. Reason: clarity
Reply With Quote
  #6   (View Single Post)  
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

As follow-up:

The purpose of a VPN is to permit authentication, data assurance, and (optionally) privacy between nodes residing on an untrusted network. VPN technologies vary, but in all cases the member nodes of the VPN must be able to address communication to each other. IP ADDRESS MUST BE KNOWN.

The communication internal to a VPN includes authentication and other security mechanisms to provide assurance to the member nodes that the data is authentic and unchanged. It may also include encryption to provide a measure of privacy. External inspection of the VPN traffic WILL disclose the addresses of the member nodes, whether encryption is used or not.

Any data that transits the VPN and continues on to the Internet no longer has any expectation of authentication, data assurance, or privacy except as offered by the communication protocols deployed in the application (e.g: HTTPS over TCP).

In Network Address Translation (NAT), sending and receiving IP addresses are substituted by the router as packets are forwarded in each direction. This is commonly used in local networks where multiple devices share a single IP address on the Internet:

[local devices] - [NAT router] - the Internet

If a VPN network is used with a NAT router to transship data through the Internet, such as by a "VPN Service Provider", the connections are similar:

[VPN nodes] - [NAT router] - the Internet
Reply With Quote
  #7   (View Single Post)  
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

No one wants Tor if they are willing to pay $50-$100 per year for a VPN. Everyone already knows that Tor is free and easy to use.

Quote:
PF is very simple to use, but it requires knowledge of the underlying protocols being filtered. Without that knowledge, PF is merely a copy/paste guessing game.
Quote:
I disagree with this assertion. PF rule syntax is easy to learn. But as noted above, properly applying these rules requires a basic understanding the protocols that PF is to manage.
Might be easy for someone who is a sys or network admin, but for the average user it is not. I have read up on it and pass the leak tests on those test websites, but am still not 100% certain that what I did was right and I used to program. For the average user who cannot program, they have no chance. This is why programs with GUI front ends are made for normies. Its because normies can't do these things.


Quote:
'll rephrase what I wrote in my first reply in this thread:

PF can't "hide" an IP address. The Internet Protocol (IP) requires both a sending and receiving address. If the sender uses a false sending address, such as a bad actor might use during a packet injection attack, no reply can be received.

Network Address Translation is marketed by VPN service providers as "hiding" the source of communication, but it cannot truly do so. The source IP and any plaintext ciphered by a service provider is not hidden from litigation, not hidden from criminal investigation, and certainly not hidden from the service provider. The NAT they use to "hide" a customer's address is the same exact NAT used in any at-home NAT router.
If they don't keep logs as they advertise, there is no information to be taken. In some jurisdictions there is nothing that can be done to legally to force them to comply. The better VPNs have activist lawyers that fight cases to try to preserve privacy on the Internet. They donate to related privacy causes as well.

If you do something really bad they aren't going to jail for you, thats for sure and Tor isn't safe in that regard either. The secret services of all major countries have methods for identifying Tor users. They specifically target and infect Firefox and Tor browsers with programs that make tracking their users dead easy.
Reply With Quote
  #8   (View Single Post)  
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Prevet View Post
If they don't keep logs as they advertise, there is no information to be taken.
I'll disagree, because there are known cases of ALL packets transiting commercial service providers being logged by state actors.
Reply With Quote
  #9   (View Single Post)  
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
Originally Posted by jggimi View Post
As follow-up:

The purpose of a VPN is to permit authentication, data assurance, and (optionally) privacy between nodes residing on an untrusted network. VPN technologies vary, but in all cases the member nodes of the VPN must be able to address communication to each other. IP ADDRESS MUST BE KNOWN.

The communication internal to a VPN includes authentication and other security mechanisms to provide assurance to the member nodes that the data is authentic and unchanged. It may also include encryption to provide a measure of privacy. External inspection of the VPN traffic WILL disclose the addresses of the member nodes, whether encryption is used or not.

Any data that transits the VPN and continues on to the Internet no longer has any expectation of authentication, data assurance, or privacy except as offered by the communication protocols deployed in the application (e.g: HTTPS over TCP).

In Network Address Translation (NAT), sending and receiving IP addresses are substituted by the router as packets are forwarded in each direction. This is commonly used in local networks where multiple devices share a single IP address on the Internet:

[local devices] - [NAT router] - the Internet

If a VPN network is used with a NAT router to transship data through the Internet, such as by a "VPN Service Provider", the connections are similar:

[VPN nodes] - [NAT router] - the Internet

I understand it is encrypted when it goes from your computer to the VPN and when it leaves the VPN it becomes normal Internet traffic again.

I have read that VPN users are seen as a big political threat by governments like China and Russia, because they have free access to information, so they banned all VPN operators. I also understand there have been similar calls to ban them in the UK. So if a VPN doesn't prevent its users from identification, why don't they move in and arrest the political dissidents?


Quote:
Originally Posted by jggimi View Post
I'll disagree, because there are known cases of ALL packets transiting commercial service providers being logged by state actors.
Yes, they would vacuum them up like they do all Internet traffic, but how do they know who is who, unless the VPN user is silly enough to use their real name?


Seriously it is not meaningful for me to have this discussion with you, as I don't have your knowledge. But I do know one VPN provider who could discuss this with you meaningfully. Would you be willing to post in their forums? I would be interested to see how they respond..

They also offer Tor use with the VPN. You connect to them with Tor so not even they know who you are.

Last edited by Prevet; 23rd January 2018 at 04:58 PM.
Reply With Quote
Old 23rd January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
I'll disagree, because there are known cases of ALL packets transiting commercial service providers being logged by state actors.
But does this logging is from the outside of VPN service or from the inside of them?
If it is from the outside and many connecting people are using that I think it would be not enough to be seen as ultimate proof/evidence for doing something. Maybe a clue, but not as 100% incriminating evidence.

m users has m (can be more if one user has more devices) connections -> VPN service -> n TCP connections

let n = 2000
and
m = 700

Without logs from the inside we don't know which output connection maps to which input connection.
There may be other clue and evidence. These connections can be less and less likely to look random over time somebody is using VPN. There may be some patterns when connecting to services. But in many cases still it is better than connecting directly.
And state-actors should, theoretically, only use their spying capabilities when it comes to national security, not the regular criminal cases. There are some doubts about that - in some cases there are some strange things suggesting intelligence agencies gave "tip" to police. But let's say that somebody is just torrenting occasionally some pirated movie, because for some reasons geoblocking is preventing him from buying license legally - this is not a case where police is going to put significant resource to track somebody.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Prevet View Post
So if a VPN doesn't prevent its users from identification, why don't they move in and arrest the political dissidents?
Depending on the jurisdiction, VPNs can be regulated. In China, for example, they are tightly regulated and attempts to circumvent those regulations are considered illicit.
Quote:
...but how do they know who is who, unless the VPN user is silly enough to use their real name?
IP addresses are a form of identification. They may be used to identify small populations of users, even a population as small as one.

---

Let's assume the VPN traffic is encrypted, and use my example above, with a NAT router. Let us assume that the NAT router is a member node of the VPN

[VPN nodes including the NAT router] - the Internet

Let us also assume that packets are logged going into and out of the service provider, and that the investigator is only interested in packets going back and forth to a single public webserver, such as daemonforums.org.

The investigator filters for traffic between the VPN's router and this webserver (IP address 95.170.82.241). Each packet is logged to the millisecond. She then filters the VPN traffic logs for matching traffic over the VPN. How? By timestamp. Let us assume she looks within several milliseconds of any inbound webserver traffic for outbound VPN packets.

Since she will also know which VPN technology is being used, she may also be able to compare packet lengths to obtain very good clarity on what VPN traffic matches the public Internet traffic.

The same sort of analysis can be performed on packets heading to the webserver -- the VPN logs will just be some milliseconds ahead of the public traffic.

The protocols used for the public traffic can sometimes make this easy - such as TCP SYN/ACK packets.

She can now determine with a high degree of certainty the IP addresses using that VPN to communicate with this website.
Quote:
Would you be willing to post in their forums? I would be interested to see how they respond..
No, because I'm really not interested in continuing what I see as a losing battle. I began my VPN responses in this thread by trying to explain, just like Inigo Montoya, "You keep using that word. I don't think it means what you think it means." But that hasn't helped much, even in this small forum.
Reply With Quote
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Prevet View Post
They also offer Tor use with the VPN. You connect to them with Tor so not even they know who you are.
That *is* Interesting. Though up above you previously discredited Tor.
Quote:
Originally Posted by e1-531g View Post
...If it is from the outside and many connecting people are using that I think it would be not enough to be seen as ultimate proof/evidence for doing something. Maybe a clue, but not as 100% incriminating evidence.
I think it depends on the degree of certainty any investigator may have, and I agree that it might be considered a corroboration, but that consideration may depend on jurisdiction.
Quote:
Without logs from the inside we don't know which output connection maps to which input connection.
In my example above, I chose an investigator with logs of both public and VPN traffic. Easy enough to obtain for any state actor.
Quote:
...this is not a case where police is going to put significant resource to track somebody.
And that is the hammer on the nail's head. What is the investigating party's cost/benefit analysis?
Reply With Quote
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
Originally Posted by jggimi View Post
She then filters the VPN traffic logs for matching traffic over the VPN.
So they need the logs to do it.

In their sales pitch some VPNs go to great pains to say they do not log and have no data to give anyone that might demand it, while others say they do log. So if they are taking their customer's money while doing the exact opposite of what their sales pitch says, they are committing fraud and should be prosecuted.

I find it hard to believe they must all be crooks, but the way the world is turning so Orwellian, I wouldn't be surprised if it was true. Even if they are government controlled they still have their uses, like putting a protective barrier between ordinary citizens and other citizens, as well as corporate entities who want to collect everything they can on individuals and sell it.


Quote:
Originally Posted by jggimi View Post
That *is* Interesting. Though up above you previously discredited Tor.
I read that in an article. Could be true, could be FUD the government agencies are spreading. I also read cracking Tor was their top priority at one point - China, Russia, USA.

The VPN I mention also accept crypto currencies through Tor. They also give you 3 VPN connections so you can divide up your traffic. I assume that would make it even harder to track the ones that use it.
Reply With Quote
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
Originally Posted by jggimi View Post
That *is* Interesting. Though up above you previously discredited Tor.
Do you think the Guardian is an unreliable source?

https://www.theguardian.com/world/20...line-anonymity
Reply With Quote
Old 23rd January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by Prevet View Post
So they need the logs to do it.
Consider what a log is, and how one is created.

All the local networks I manage happen to log information about every packet that flows through every interface. It's easy to set up tools to do that, with no appreciable overhead on the collecting systems.[1]

I'm certain my upstream ISPs all log all this traffic as well, using the same technology.[1]

Like me, they probably don't store the data payloads. Lke me, they store only metadata about the packets, such as IP addresses. Protocols. Packet lengths. Timestamps. Connecting interfaces. Connecting systems.

Why? It's common to do this because it helps with performance management, helps with problem determination, and helps with capacity planning. It's simply part of managing a network and server infrastructure. It's normal. It's standard. It's best practice.

The service provider may or may not have logs. But their upstream ISPs almost certainly do, as otherwise they wouldn't be able to manage their network services very well. Even if they aren't currently logging data, a regulator or law enforcement agency may very well be able to compel the ISP to begin that collection.

Quote:
Originally Posted by Prevet View Post
Do you think the Guardian is an unreliable source?

https://www.theguardian.com/world/20...line-anonymity
I believe that changes to the browser bundle were instituted post-Snowden-revelations to help protect against these published exploits. I'm also certain that state actors have improved their abilities to obtain information since then. This is a never-ending arms race. The only certainty is that we don't know what we don't know.
---

[1] NetFlow statistics. On OpenBSD, this is easy to collect and record centrally from all my routers and servers. See the pflow(4) man page. I use the net/nfsen package to provide graphical analysis as well as drive detailed reporting through net/nfdump. Here are some NfSen screenshots.
Reply With Quote
Old 24th January 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
The service provider may or may not have logs. But their upstream ISPs almost certainly do, as otherwise they wouldn't be able to manage their network services very well. Even if they aren't currently logging data, a regulator or law enforcement agency may very well be able to compel the ISP to begin that collection.
Well I'm glad we had this conversation. I will certainly think about what I use them for in future, if at all.

I have to say that I'd just got OpenBSD set up the way I liked it, then the Intel bug is exposed, so my main machine is now off line. Then I learned about the Intel Management Engine and also learned that AMD has started doing the same shady things. I agree with Stallman that it is ME, not Meltdown that is the real scandal that no one is talking about, so now I'm thinking my machine can never be used for anything important online again.

As long as this kind of thing is tolerated on our computers, all talk of security is just LARPing IMO. We may as well be using Windows and Apple spyware. What do we have left at this point? Open source is still free? For how much longer will our Intel overlords allow that situation to continue on their CPUs? lol
Reply With Quote
Old 24th January 2018
ucharfli ucharfli is offline
Port Guard
 
Join Date: May 2017
Posts: 22
Default

@jggimi
I Sorry, I could not explain.
When the VPN connection is disconnected, I do not want to go online with the Web browser.
Is not PF needed?
If you do not have a VPN, I do not want your Internet..!



@Prevet
It will be nice to get Books and Notes.
I checked the address you gave me. He helped me.
I use "Riseup and ProtonVPN". It's good with OpenBSD for the moment.



Thank you for the other writings.
I read it and understood it a little better. I will be researching and reading books to learn more about this subject.
Reply With Quote
Old 24th January 2018
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by ucharfli View Post
When the VPN connection is disconnected, I do not want to go online with the Web browser.
Is not PF needed?
If you do not have a VPN, I do not want your Internet..!
This is a different requirement from your original post.

It is my understanding that the VPN technology used by ProtonVPN is OpenVPN. OpenVPN uses UDP or TCP connections, the standard port number is 1194 with either protocol.

Yes, PF can limit all inbound and outbound traffic on the physical interface to TCP or UDP that connects with that port number. It can then permit all "internet" destined traffic to use the tap(4) tunnel device created by OpenVPN on OpenBSD.

However, you may need some open connectivity to the Internet in order to establish the OpenVPN connection to your service provider, such as domain name services. Is your connection to your service provider by domain name, or by IP address?

You may also need some open connectivity to establish your system's IP address. DHCP is the most common protocol used to obtain dynamic IP address and routing information.

Last edited by jggimi; 24th January 2018 at 04:01 PM.
Reply With Quote
Old 24th January 2018
ucharfli ucharfli is offline
Port Guard
 
Join Date: May 2017
Posts: 22
Default

@jggimi;
No domain services. I'm a normal internet user.
I have use "Dnscrypt + Unbound"! I do not know if this information is necessary, but I have to write.
I do not want to visit sites when my VPN connection is broken.!
If the VPN connection is lost, I do not want to go to the internet with the Web browser. Until VPN connection is restored.
I do not want your web sites to see the real IP address.
Reply With Quote
Old 24th January 2018
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by jggimi View Post
However, you may need some open connectivity to the Internet in order to establish the OpenVPN connection to your service provider, such as domain name services. Is your connection to your service provider by domain name, or by IP address?
Quote:
Originally Posted by ucharfli View Post
@jggimi;
No domain services. I'm a normal internet user.
I think @ucharfli that you doesn't understand the question. Your VPN service provider sent you some information about how to connect to VPN. One of the information is address - either IP address or domain name. Which one?
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Where should I put my config? "rc.conf" or "rc.conf.local"? fender0107401 OpenBSD General 2 2nd April 2012 02:53 AM
Help with pf.conf A_Sorenby OpenBSD Security 14 21st June 2011 09:52 PM
Pf.conf erict35 OpenBSD Security 1 30th January 2010 10:19 PM
pf.conf lumiwa FreeBSD Security 11 20th September 2008 01:01 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM


All times are GMT. The time now is 10:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick