Archive for 'OpenBSD Security'

Debugging OpenBSD passwd problems

I recently had to manually add a few users to /etc/passwd and /etc/master.passwd on an OpenBSD 3.9 server. After I added the entries, the accounts were still unable to login. I started poking around with ktrace, and noticed that during a normal account creation session the files /etc/pwd.db and /etc/spwd.db were modified: $ ls -la […]

Accessing services behind a NAT

I use the OpenBSD PF (packet filter) firewall at home to protect the systems I run, and to provide access to a few services over the Internet. The services I make accessible to the Internet run on servers in RFC 1918 address space, which requires my OpenBSD gateway to perform translate IP addresses and apply […]

Visualizing IP Filter and PF state tables

IP Filter is a stateful packet inspecting firewall that ships with FreeBSD and Solaris 10. Stateful packet inspecting firewalls use a state table to maintain established connections, which allows packets to traverse the firewall if they are part of an existing established connection. IP filter comes with the ipfstat(1m) utility, which can be used to […]

Managing PF logfiles with Hatchet!

I came across Hatchet while reading through my daily news. Hatchet is a program to summarize PF logfiles, and it looks like an extremely useful piece of software!!

PF’s skip on interface directive

The OpenBSD packet filter (PF) received several enhancements in OpenBSD 3.7. One of the coolest things is the ability to tell PF not to filter traffic on specific interfaces, such as the loopback interface. This behavior is defined in the pf.conf configuration file with the “set skip on” statement: set skip on lo0 Prior to […]

Reading OpenBSD PF log entries in realtime

When the OpenBSD packet filter (PF) is configured to log traffic, each packet is logged to the OpenBSD “pflog” pseudo-device. This device can be queried with several tools, including tcpdump: oscar# tcpdump -i pflog0 -ttt -e -o tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: listening on pflog0 Jan 23 21:27:33.361173 rule 4/0(match): block in […]

« Older Entries