Network Management with the OpenBSD Packet Filter Toolset https://www.bsdcan.org/2025/timetable/timetable-Network-Management-with.html at #bsdcan now concluded, new slides up at https://nxdomain.no/~peter/pf_fullday.pdf -- now with during-session updates (labs available for attendees only, sorry)
After 20 years of using #pf on #BSD and only dabbling in iptables when I absolutely had to in #Linux, nftables looks like an unreadable, incomprehensible shitshow; A crayon scrawl by a toddler of weird nat and mangle chains that make no sense.
The Linux developers would have been much better off porting pf to Linux.
That Grumpy BSD Guy: A Short Reading List https://nxdomain.no/~peter/the_short_reading_list.html A collection of pointers to things I have written and that I think may be of value to you too (with conference teasers) #openbsd #packetfilter #pf #cybercrime #antispam #security #networking #freesoftware #libresoftware #eurobsdcon #bsdcan
As previously announced, there will be a PF tutorial at BSDCan 2025 -
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
Registration: https://www.bsdcan.org/2025/registration.html
#BSDCan #EuroBSDcon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
Polêmica na Política: Agente da PF Ataca Moraes! 
Um agente da Polícia Federal gerou agitação no governo com críticas contundentes ao ministro Alexandre de Moraes. As declarações acenderam debates sobre a atuação da PF e o papel da Justiça no Brasil. Quer entender o que está por trás dessa controvérsia? Clique aqui e fique por dentro!
.
.
.#Política #Justiça #PF
https://inkdesign.com.br/agente-da-pf-critica-moraes-e-gera-reacao-no-governo/?fsp_sid=24506
With #bsdcan now less than a month away https://www.bsdcan.org/2025/index.html we invite your questions and input on the upcoming PF tutorials, see
"For Upcoming PF Tutorials, We Welcome Your Questions" https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
For Upcoming PF Tutorials, We Welcome Your Questions
https://nxdomain.no/~peter/pf_tutorial_upcoming_questions_welcome.html
"A good tutorial should sound to passersby much like an intense but amicable discussion between colleagues"
#EuroBSDCon #OpenBSD #PF #tutorial, #packetfilter #Ottawa #BookofPF #BSDCan #conferences #networking #security
(Now with actual EuroBSDcon submissions deadline)
"I have yet to meet an admin who plausibly claims to never have been tripped up by their overload rules at some point."
More, and a walk down memory lane, in "The Hail Mary Cloud And The Lessons Learned" https://nxdomain.no/~peter/hailmary_lessons_learned.html
#ssh #passwords #bruteforce #passwordgroping #cybercrime #openbsd #pf #packetfilter #security #guessablepasswords #hailmary #hailmarycloud
Fresh out of the Oven.
I was searching for the best replacement of my Lenovo X1 Carbon 8th Gen's Wirreless Card (...not found yet - anyone?), and found this instead, which may be my 2morrows read:
A #beginners Guide To #Firewalling with #pf #pfsense
Maybe also interesting site for @vermaden s BSD-News? §8-)
What do the clever OpenBSD firewall folks use to put up a reasonable defence against known bad actors?
I have an SSH bastion host that gest spammed with connection attempts (it only accepts key authentication but even so...) as well as web server for my blog that gets requests for dot files, PHP, cpanel, etc...
On both I'm currently running a shell script that greps the logs for keywords and feeds those IP's into a temporary blocklist but I'm sure there must be a better way, plus some way to feed in a reputable source of bad IP's before they become a problem would be nice.
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too) https://nxdomain.no/~peter/blogposts/recent-and-not-so-recent_changes_in_openbsd_that_make_life_better.html from 2021 but has aged surprisingly well #openbsd #freesoftware #libresoftware #libressl #ssh #pf #laptops
Very useful cheat sheet on #pf 
Finally run debian12 with gui thanks to vm-bhyve on freebsd14 after several month of tweaking and learning. Really big thank to @vermaden and his article https://vermaden.wordpress.com/2023/08/18/freebsd-bhyve-virtualization/ 
But one thing I still dont get it. I have a problem with resolving a DNS on the VM. IP addreses works well but domain names like google.com not at all. I solved it by adding "nameserver 8.8.8.8" in /etc/resolv.conf in VM, but I am not sure if I solve it well and dont understabd why I have to solve it anyway, I do not remeber that I would have to set it.
I se vm-bhyve with host wifi wlan interface so I had to set NAT in PF, in article it is a section laptop wifi nat. Is it normal to set resolv.conf file in VM?
For some reason I just looked up my now just over 2 year old piece "The Things Spammers Believe - A Tale of 300,000 Imaginary Friends" https://nxdomain.no/~peter/spammers_believe_in_300k_imaginary_friends.html (prettified, tracked https://bsdly.blogspot.com/2022/09/the-things-spammers-believe-tale-of.html) and realized that number will soon roll past the next big round marker. #spamtraps #traplist #spam #antispam #openbsd #pf #spamd #cybercrime #bottomfeeders #imaginaryfriends
It continues in my article series: #FreeBSD as a server. I went through all the previous articles again and made minor adjustments here and there. Network settings and preparations and #pf Firewall added.
https://bsdbox.de/en/blog/2024-12-01-freebsd-server-teil3
Part 4 offers finally Bastille. Stay tuned.
Es geht weiter in meiner Artikelreihe: #FreeBSD als Server. Alle bisherigen Artikel wurden nochmal an einer frischen Installation durchgespielt und hier und da kleinere Anpassungen vorgenommen. Netzwerk Einstellungen und #pf Firewall hinzugefügt.
https://bsdbox.de/blog/2024-12-01-freebsd-server-teil3
Mit Teil 4 kommt dann offiziell Bastille dazu. Bleibt dran.
on the sunny terrace. 
