DOCSLIB.ORG

Hotmobile 2006

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hotmobile 2006 After lunch (at a pub), John- Dan Langille ended the confer- find that the paper summaries Mark Garner ([email protected]) ence by giving away books and contained in this overview are gave a presentation about writ- T-shirts. Some books were given extremely brief and are intended ing device drivers in FreeBSD. Of to people chosen randomly [by only to help you identify those course, you can’t learn how to using random() to assign num- papers you would like to read in write device drivers in an hour, bers to all attendees, then sort- full. Those readers interested in a but Garner did a good job of pro- ing] and for various feats. Some- longer summary should refer to viding an overview of the frame- one won a book by spending the Digest of Proceedings that work available. I finally learned over six hours trying to get appears at the end of the work- what has happened to minor de- through Canadian customs. shop proceedings. This digest in- vices (made unnecessary because (There was actually someone cludes a summary of the discus- of devfs). Garner also talked who had spent longer, but he sions that followed each of the about softc, a newer, more effi- had already won a book.) presentations. cient framework for writing de- This overview is based on the vice drivers, about how re- HotMobile 2006: 7th IEEE written notes taken by two stu- sources (memory, IRQs, and Workshop on Mobile Comput- dent volunteers, Tapan Parikh ports) should be handled, and ing Systems and Applications and Alex Varshavsky. They took about bus probing and DMA. excellent notes, although they Chris Buescher and Scott Ullrich Summarized by Maria R. Ebling, did not always know who was discussed the various firewalls Program Chair speaking and my notes were not available in the BSD environ- Like the first WMCSA, the goal always complete. If anything has ment. BSD suffers from an em- of this workshop was to foster been reported in error or omit- barrassment of riches here, and interaction among practitioners ted, the responsibility lies the presenters created a large of mobile computing. In keeping squarely on my shoulders and chart, which you can find in with this goal, we decided to re- not theirs. their slides at pfsense.org/bsdcan/, turn with a small, informal to compare the features of the workshop, one with few papers OPENING DISCUSSION three firewall families, ipfw, ipfil- but significant discussions. We ter, and pf. They went on to ex- accepted just nine papers, but we The workshop’s initial discus- plain the m0n0wall project, a had two significant group discus- sion revolved around the follow- version of FreeBSD stripped sions, two exciting panels, and ing statement: “Resolved: The down for use in firewall appli- an insightful keynote address. mobile phone is the only device ances and controlled completely Approximately 40 people attend- people will carry in the future.” through the use of PHP over a ed the two-day event on April We started by taking a quick Web interface (m0n0wall.ch). 6–7, 2006, at the Semiahmoo Re- straw poll in which only six at- They then described their own sort, Washington, USA. tendees voted in favor of the res- project, pfSense (pfsense.org), To reflect these changes, during olution. After the straw poll, at- where they forked their own ver- the opening remarks the organiz- tendees began discussing the res- sion from m0n0wall because ers announced a name change olution. Each attendee had been they wanted to create a firewall for this workshop. They reported randomly assigned to argue the install that was much more fea- that the workshop will now be Pro position or the Con position. tureful. Whereas m0n0wall is known as HotMobile 2006: The The discussion period started based on FreeBSD 4.1 for its 7th IEEE Workshop on Mobile with small groups of people from faster network performance, Computing Systems and Appli- each position. After about 20 pfSense uses FreeBSD 6.1, which cations. USENIX is an in-cooper- minutes, we then switched to has wireless networking support ation sponsor of this workshop. having all the Pros gather their that FreeBSD 4.1 lacks. PfSense arguments and all the Cons gath- includes networking tools, What follows is an overview of the workshop’s proceedings er their arguments. Again, after such as tcpdump and HSFC traf- about 20 minutes, we opened the fic-shaping, borrowed from summarizing the formal presen- tations, but omitting the discus- floor to debate. Each side had OpenBSD, and uses pf for fire- about 5 minutes to present its wall support, giving it the ability sions that followed. The vast ma- jority of this overview focuses on case and then open discussion to do OS fingerprint–based ensued. It should be noted that, blocking. the presentations that are not represented by papers. You will at times, certain members of the ;LOGIN: AUGUST 2006 HOTMOBI LE 2006 SUMMARI ES 95 groups argued in favor of the op- included nine votes for the Pro which localizes the user by posing side. position. Although one attendee matching the current picture to jokingly noted that this was not the database of preloaded pic- Pro Position a scientifically valid approach, tures. The discussion following Cell phones are already ubiqui- the discussion was interesting this paper focused on a few is- tously deployed. Gartner be- and set the proper tone for the sues: training costs, accuracy, lieves that in 2005 the number workshop: one of interaction and whether the entire system of cell phones sold will have and discussion. can run on the phone. reached 780 million units and Alex Varshavsky then presented that the number will hit 2.6 bil- MOBILE PHONES AS APPLIANCES a paper entitled “Are GSM lion by 2009. Also, in India and Phones the Solution for Localiza- China, cell phones are believed The theme of the first paper ses- tion?” He argued that localiza- to be the primary computing de- sion, chaired by Gaetano Borriel- tion using GSM-based mobile vice. Given such a high penetra- lo, was considering mobile phones may be adequate and tion of mobile phones, applica- phones as appliances. John Bar- sufficient for many interesting tion developers will concentrate ton presented the first paper, en- location-aware applications. The on developing applications for titled “Mobile Phones Will Be- authors show that, with GSM- the phones, especially since come the Primary Personal Com- based fingerprinting, it is possi- computing power and storage puting Devices.” He argued that ble to achieve 2–5m median er- are not an issue. because of increasing storage ror indoors, perform room-level and computing power, mobile localization indoors and achieve Con Position phones will eventually replace 70–200m median error out- Today, people use a variety of PCs. Users will utilize large dis- doors. Moreover, by tracking sig- different devices, including cell plays and input devices available nal stability, it is possible to de- phones, watches, PDAs, MP3 at public places for easier inter- tect places people visit with very players, and laptops. Combining action with their mobile phone. high accuracy. the functionality of all these de- After the talk, John took ques- vices into a single cell phone de- tions from the audience. IS LOCALIZATION A SOLVED PROBLEM? vice, resembling a Swiss army John Davis then presented the knife approach, may result in a second talk, on “Supporting Mo- Following our paper session on device that may do many things, bile Business Workflow with localization, Gaetano Borriello but none of them well. For ex- Commune.” The paper proposes (University of Washington) ample, it is unclear what a user a workflow management system moderated a panel session ex- interface of such a device would for a mobile workforce that uti- ploring the question of whether look like. Because the price of lizes “mini-workflows,” net- localization is a solved problem. single-use devices will go down work-isolated components that Three people sat on the panel: significantly, it may be more ap- can be offloaded onto mobile Dieter Fox (University of Wash- propriate for users to carry spe- clients by leveraging Web ser- ington), Mike Hazas (Lancaster cialized devices that have the vices. University), and Jeff Hightower right form factor and the right (Intel Research Seattle). Gaetano user interface for the task at opened the panel by presenting LOCALIZATION hand (e.g., an iPod). Also, fash- four questions to each of the ion has a say in what devices Natalia Marmasse chaired our panelists and giving them each a people carry with them. For in- chance to respond. stances, some people wear second paper session, on local- watches for reasons that have ization. Nishkam Ravi presented Prefacing his first question with nothing to do with time (e.g., the first paper, entitled “Indoor “Cell phones are the location- esthetics). Localization Using Camera aware platform of choice. We Phones.” He proposed an indoor should focus all our attention on After a lively and interactive dis- localization scheme based on improving location systems on cussion, with various attendees camera phones worn as a pen- phones (accuracy, privacy, per- taking up their assigned position dant by the user. The camera formance, etc.). There are no as well as occasionally arguing phone automatically takes pic- other viable platforms.” Gaetano for the other side, we took an- tures and transmits them over asked, “If it doesn’t work on a other vote. This time the result GPRS to the centralized server, cell phone, why bother?” Dieter 96 ;LO GIN: V OL. 31, NO. 4 responded that it does not matter need to be published on the is- tions are often provided by third because everything can be inte- sue,” asking “Shouldn’t research parties.
Load more

Recommended publications
  • Active-Active Firewall Cluster Support in Openbsd
    Active-Active Firewall Cluster Support in OpenBSD David Gwynne School of Information Technology and Electrical Engineering, University of Queensland Submitted for the degree of Bachelor of Information Technology COMP4000 Special Topics Industry Project February 2009 to leese, who puts up with this stuff ii Acknowledgements I would like to thank Peter Sutton for allowing me the opportunity to do this work as part of my studies at the University of Queensland. A huge thanks must go to Ryan McBride for answering all my questions about pf and pfsync in general, and for the many hours working with me on this problem and helping me test and debug the code. Thanks also go to Theo de Raadt, Claudio Jeker, Henning Brauer, and everyone else at the OpenBSD network hackathons who helped me through this. iii Abstract The OpenBSD UNIX-like operating system has developed several technologies that make it useful in the role of an IP router and packet filtering firewall. These technologies include support for several standard routing protocols such as BGP and OSPF, a high performance stateful IP packet filter called pf, shared IP address and fail-over support with CARP (Common Address Redundancy Protocol), and a protocol called pfsync for synchronisation of the firewalls state with firewalls over a network link. These technologies together allow the deployment of two or more computers to provide redundant and highly available routers on a network. However, when performing stateful filtering of the TCP protocol with pf, the routers must be configured in an active-passive configuration due to the current semantics of pfsync.
    [Show full text]
  • David Gwynne <[email protected]>
    firewalling with OpenBSD's pf and pfsync David Gwynne <[email protected]> Thursday, 17 January 13 introduction ‣ who am i? ‣ what is openbsd? ‣ what are pf and pfsync? ‣ how do i use them? ‣ ask questions whenever you want Thursday, 17 January 13 who am i? ‣ infrastructure architect in EAIT at UQ ‣ i do stuff, including run the firewalls ‣ a core developer in openbsd ‣ i generally play with storage ‣ but i play with the network stack sometimes Thursday, 17 January 13 what is openbsd? ‣ open source general purpose unix-like operating system ‣ descended from the original UNIX by way of berkeley and netbsd ‣ aims for “portability, standardization, correctness, proactive security and integrated cryptography.” ‣ supports various architectures/platforms Thursday, 17 January 13 what is openbsd? ‣ one source tree for everything ‣ kernel, userland, doco ‣ bsd/isc/mit style licenses on all code (with some historical exceptions) ‣ 6 month dev cycle resulting in a release ‣ 3rd party software via a ports tree ‣ emergent focus on network services Thursday, 17 January 13 what is openbsd? ‣ it is very aggressive ‣ changes up and down the stack (compiler to kernel) to make a harsher, stricter, and less predictable runtime environment ‣ minimal or no backward compatibility as things move forward ‣ whole tree is checked for new bugs ‣ randomise as much as possible all over Thursday, 17 January 13 what is openbsd? ‣ it is extremely conservative ‣ tree must compile and work at all times ‣ big changes go in at the start of the cycle ‣ we’re not afraid to back stuff out ‣ peer review is necessary ‣ we do back away from some tweaks for the sake of usability Thursday, 17 January 13 what is pf? ‣ short for packet filter ‣ the successor to IP Filter (ipf) ‣ ipf was removed due to license issues ‣ the exec summary is that it is a stateful filter for IP (v4 and v6) traffic ‣ does a little bit more than that though..
    [Show full text]
  • Freebsd Handbook
    FreeBSD Handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/han... FreeBSD Handbook The FreeBSD Documentation Project Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 The FreeBSD Documentation Project Welcome to FreeBSD! This handbook covers the installation and day to day use of FreeBSD 8.3-RELEASE and FreeBSD 9.1-RELEASE. This manual is a work in progress and is the work of many individuals. As such, some sections may become dated and require updating. If you are interested in helping out with this project, send email to the FreeBSD documentation project mailing list. The latest version of this document is always available from the FreeBSD web site (previous versions of this handbook can be obtained from http://docs.FreeBSD.org/doc/). It may also be downloaded in a variety of formats and compression options from the FreeBSD FTP server or one of the numerous mirror sites. If you would prefer to have a hard copy of the handbook, you can purchase one at the FreeBSD Mall. You may also want to search the handbook. REDISTRIBUTION AND USE IN SOURCE (XML DOCBOOK) AND 'COMPILED' FORMS (XML, HTML, PDF, POSTSCRIPT, RTF AND SO FORTH) WITH OR WITHOUT MODIFICATION, ARE PERMITTED PROVIDED THAT THE FOLLOWING CONDITIONS ARE MET: 1. REDISTRIBUTIONS OF SOURCE CODE (XML DOCBOOK) MUST RETAIN THE ABOVE COPYRIGHT NOTICE, THIS LIST OF CONDITIONS AND THE FOLLOWING DISCLAIMER AS THE FIRST LINES OF THIS FILE UNMODIFIED. 2. REDISTRIBUTIONS IN COMPILED FORM (TRANSFORMED TO OTHER DTDS, CONVERTED TO PDF, POSTSCRIPT, RTF AND OTHER FORMATS) MUST REPRODUCE THE ABOVE COPYRIGHT NOTICE, THIS LIST OF CONDITIONS AND THE FOLLOWING DISCLAIMER IN THE DOCUMENTATION AND/OR OTHER MATERIALS PROVIDED WITH THE DISTRIBUTION.
    [Show full text]
  • Contents in Detail
    CONTENTS IN DETAIL FOREWORD by Bob Beck (from the first edition) xv ACKNOWLEDGMENTS xvii INTRODUCTION xix This Is Not a HOWTO ............................................... xx What This Book Covers .............................................. xx 1 BUILDING THE NETWORK YOU NEED 1 Your Network: High Performance, Low Maintenance, and Secure ................. 1 Where the Packet Filter Fits In .......................................... 3 The Rise of PF ..................................................... 3 If You Came from Elsewhere ........................................... 6 Pointers for Linux Users ........................................ 6 Frequently Answered Questions About PF............................ 7 A Little Encouragement: A PF Haiku ...................................... 9 2 PF CONFIGURATION BASICS 11 The First Step: Enabling PF ........................................... 12 Setting Up PF on OpenBSD .................................... 12 Setting Up PF on FreeBSD ..................................... 13 Setting Up PF on NetBSD ...................................... 15 A Simple PF Rule Set: A Single, Stand-Alone Machine ........................ 16 A Minimal Rule Set .......................................... 16 Testing the Rule Set . 18 Slightly Stricter: Using Lists and Macros for Readability........................ 18 A Stricter Baseline Rule Set..................................... 19 Reloading the Rule Set and Looking for Errors........................ 20 Checking Your Rules ......................................... 21
    [Show full text]
  • The Book of PF Covers the Most • Stay in Control of Your Traffic with Monitoring and Up-To-Date Developments in PF, Including New Content PETER N.M
    EDITION3RD BUILD A Covers OpenBSD 5.6, MORE SECURE FreeBSD 10.x, and NETWORK EDITION NETWORK 3RD NetBSD 6.x WITH PF THETHE BOOKBOOK THE BOOK OF PF OF THE BOOK THE BOOK OF PF OF THE BOOK OFOF PFPF OpenBSD’s stateful packet filter, PF, is the heart of • Build adaptive firewalls to proactively defend against A GUIDE TO THE the OpenBSD firewall. With more and more services attackers and spammers NO-NONSENSE placing high demands on bandwidth and an increas- OPENBSD FIREWALL • Harness OpenBSD’s latest traffic-shaping system ingly hostile Internet environment, no sysadmin can to keep your network responsive, and convert your afford to be without PF expertise. existing ALTQ configurations to the new system The third edition of The Book of PF covers the most • Stay in control of your traffic with monitoring and up-to-date developments in PF, including new content PETER N.M. HANSTEEN visualization tools (including NetFlow) on IPv6, dual stack configurations, the “queues and priorities” traffic-shaping system, NAT and redirection, The Book of PF is the essential guide to building a secure wireless networking, spam fighting, failover provision- network with PF. With a little effort and this book, you’ll ing, logging, and more. be well prepared to unlock PF’s full potential. You’ll also learn how to: ABOUT THE AUTHOR • Create rule sets for all kinds of network traffic, whether Peter N.M. Hansteen is a consultant, writer, and crossing a simple LAN, hiding behind NAT, traversing sysadmin based in Bergen, Norway. A longtime DMZs, or spanning bridges or wider networks Freenix advocate, Hansteen is a frequent lecturer on OpenBSD and FreeBSD topics, an occasional • Set up wireless networks with access points, and contributor to BSD Magazine, and the author of an lock them down using authpf and special access often-slashdotted blog (http://bsdly.blogspot.com/ ).
    [Show full text]
  • Limits and the Practical Usability of Bsds, a Big Data Prospective
    Limits and the Practical Usability of BSDs, a Big Data Prospective Predrag Punosevacˇ [email protected] The Auton Lab Carnegie Mellon University June 11, 2016 1 / 22 Thanks Thanks to organizers for this great meeting and for giving me the op- portunity to speak. note 1 of slide 1 Intro ❖ Intro ● Who am I? ❖ Chronology ❖ Chronology II ❖ Genealogy Tree ❖ General Limitations ❖ Scientific Computing ❖ Continuation ❖ misc issues ❖ NetBSD ❖ OpenBSD ❖ pf.conf and pfctl ❖ OpenBSD cons ❖ FreeBSD ❖ TrueOS ❖ TurnKey Appliance ❖ FreeNAS ❖ pfSense ❖ DragonFly BSD ❖ HAMMER ❖ Dark Clouds ❖ References 2 / 22 Intro ❖ Intro ● Who am I? ❖ Chronology ❖ Chronology II ❖ Genealogy Tree ● What is the Auton Lab? ❖ General Limitations ❖ Scientific Computing ❖ Continuation ❖ misc issues ❖ NetBSD ❖ OpenBSD ❖ pf.conf and pfctl ❖ OpenBSD cons ❖ FreeBSD ❖ TrueOS ❖ TurnKey Appliance ❖ FreeNAS ❖ pfSense ❖ DragonFly BSD ❖ HAMMER ❖ Dark Clouds ❖ References 2 / 22 Intro ❖ Intro ● Who am I? ❖ Chronology ❖ Chronology II ❖ Genealogy Tree ● What is the Auton Lab? ❖ General Limitations ❖ Scientific ● Why don’t we just use SCS computing facilities? Computing ❖ Continuation ❖ misc issues ❖ NetBSD ❖ OpenBSD ❖ pf.conf and pfctl ❖ OpenBSD cons ❖ FreeBSD ❖ TrueOS ❖ TurnKey Appliance ❖ FreeNAS ❖ pfSense ❖ DragonFly BSD ❖ HAMMER ❖ Dark Clouds ❖ References 2 / 22 Intro ❖ Intro ● Who am I? ❖ Chronology ❖ Chronology II ❖ Genealogy Tree ● What is the Auton Lab? ❖ General Limitations ❖ Scientific ● Why don’t we just use SCS computing facilities? Computing ❖ Continuation ❖ misc issues ● How did
    [Show full text]
  • Using the Lion Pf Firewall with the Emerging Threats List 18/08/2012 14:46
    Using the Lion pf firewall with the Emerging Threats list 18/08/2012 14:46 Using the Lion pf firewall with the Emerging Threats list Mac OS X has multiple firewall options. Most users are familiar with the application level firewall. Each application that opens a network socket needs explicit user permission and is managed through the System Preferences Firewall panel. There is also another less well known firewall tool available. It a kernel-level packet filter. Since parts of Mac OS X are derived from FreeBSD, the packet filter has been ipfw, the default packet filter in FreeBSD. With the release of Mac OS X Lion (10.7), there is another packet filter tool available: pf. In fact, ipfw is deprecated and pf is the new packet filter hotness. pf is the OpenBSD packet filter. It is a robust software package with many impressive and useful features. FreeBSD also has pf, and now Lion does too. I have built several transparent bridge packet filters on FreeBSD and pf. The performance has been met our needs and that includes several tables with over 4000 entries that we block. One those tables includes the Emerging Threats Block IP list. Emerging Threats is an open source community project that collects IP addresses of the “bad guys” and then shares that collection in the form of routers access control lists (ACLs), firewall rules, intrusion detection/prevention rules, and just a plain old list. The project collects IP addresses and network ranges of known attackers, spammers, malware sites, botnet control systems, and other unpleasantness on the internet.
    [Show full text]
  • The Open Source Firewall in Practice
    OPNsense The open source fi rewall in practice Table of contents 1. How companies can benefit from OPNsense 3| 2. What makes OPNsense unique? 4| 2.1 The OPNsense Business Edition 3. A closer look at OPNsense 5| 3.1 Intrusion and malware detection 6| 3.2 Virtual Private Networking (VPN) 3.3 High availability 7| 3.4 Traffic analysis and traffic shaping 3.5 Further features in the core system 3.6 Plugins 8| 4. Hardware for OPNsense 8| 5. Using OPNsense 8| 5.1 Example customer A: 9| An SME specializing in the production of technical ropes 5.2 Example customer B: An SME consulting firm in the social sector 6. Plugins for OPNsense 9| 7. Transparent development model 10| 8. Plugins in an example scenario 10| 8.1 Centralized WLAN protection with the FreeRADIUS plugin 10| 8.2 Securing an Exchange Server with the Postfix plugin 14| 8.3 Monitoring with the Telegraf plugin 18| 8.4 NUT plugin for UPS integration 21| Summary 22| thomas-krenn.com | 3 OPNsense The open source fi rewall in practice Comprehensive IT security and fl exibly expandable plugins. IT managers regularly see the IT they manage intrusion detection & prevention, VPN, two- exposed to new threats. Having the latest fi rewall factor authentication and high availability. In this is no longer suffi cient. It is much more important e-book, we present OPNsense as an alternative to be able to react fl exibly to security risks. The to commercial fi rewall solutions. Our focus is on open source fi rewall OPNsense is a digital platform practical use cases in the SME context and on how that offers many additional features such as functionality can be expanded via plugins.
    [Show full text]
  • Pfsense Tutorial Slides (Application/Pdf
    pfSense Tutorial BSDCan 2008 From zero to hero with pfSense May 13, 2008 Chris Buechler <[email protected]> Scott Ullrich <[email protected]> History of pfSense Started as a work project 13 years ago when we needed a internal firewall Originally Linux, switched to FreeBSD 2.2 Evolution of this path shrunk the firewall down to a Soekris size Moatware was started Met Chris Buechler during this time Sell a number of products Sales guy moves to Florida Moatware fails Chris and myself debate starting over fresh pfSense is forked from m0n0wall roughly 4 years ago Still going strong today pfSense Overview Customized FreeBSD distribution tailored for use as a firewall and router. pfSense has many base features and can be extended with the package system including one touch installations of popular 3rd party packages such as SpamD (spam filter) and Squid (web caching). Includes many features found in commercial products such as Cisco PIX, Sonicwall, Watchguard, etc. Many support avenues available, mailing lists, forum and commercial support. Has the best price on the planet.... Free! pfSense Platforms Live CD Full Install Embedded Developers pfSense Stable Versions 1.0 - October 4, 2006 * 1.0.1 - October 20, 2006 * 1.2 - RELENG_1_2 - February 25, 2008 Downloaded more than 500,000 times to date * Not branched in CVS pfSense Development Versions Current Development Versions 1.3-ALPHA - RELENG_1 2.0-ALPHA-ALPHA-ALPHA - HEAD Snapshots are built every two hours available at http://snapshots.pfsense.org Bonus for attendees - 1.3 snapshots
    [Show full text]
  • Securing Your Network with Pfsense
    Securing Your Network with pfSense ILTA-U Dale Qualls Pattishall, McAuliffe, Newbury, Hilliard & Geraldson LLP [email protected] Housekeeping • Please turn off cell phones or put them on silent • We’ re recording this session to share with those that were unable to attend… If you have a question please wait for the microphone to make it to you. • Please fill out the survey after the session Housekeeping • 2 Hyper-V virtual machines – To release the mouse the right ALT, CTRL and Left Arrow simultaneously • Helpers are here for you What is pfSense •Firewall •Router • Load balancer (bi-directional) • VPN solution • ItInternet filter • Usage monitor • Provides a Captive portal capabilities • Based on FreeBSD PF (Packet Filter) project, ported from OpenBSD to FreeBSD in 2004 • Forked from the m0n0wall project in 2004 by Chris Buechler and Scott Ullrich • Focus is not running on embedded systems but an embedded offering is Beastie the Daemon availa ble. What’s in a name? •pfSense – pf (from the original project name) – Sense, as in making sense of pf • Domain name availability, or lack thereof, helped dictate the name. – was though by some to stand for “Plain F…… Sense”. $35 at Amazon I will be giving one away today! FreeBSD is used as a platform for devices and products from many of the world' s largest IT companies, including: FreeBSD runs some of the busiest sites on the Internet! How do I get started? What do I need • Properly sized hardware: – 100MHz Pentium CPU – 128 MB of RAM • Requirements specific to individual platforms follow. – Live CD CD-ROM drive USB flash drive or floppy drive to hold configuration file – HdHard ddirive ins tlltitallation CD-ROM for initial installation 1 GB hard drive – Embedded 128 MB Compact Flash card Serial port for console Lt’Let’s GGtet StSttd!arted! Open Hyper-V ifconfig de0 down ifconfig de0 up ifconfig de1 down ifconfig de1 up Hardware Sizing • When sizing hardware for use with pfSense, two main factors need to be considered.
    [Show full text]
  • Firewalling with Openbsd's PF Packet Filter
    Firewalling with OpenBSD’s PF packet filter Peter N. M. Hansteen [email protected] Copyright © 2005 - 2012 Peter N. M. Hansteen This document is © Copyright 2005 - 2012, Peter N. M. Hansteen. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The document is a ’work in progress’, based on a manuscript prepared for a lecture at the BLUG (see http://www.blug.linux.no/) meeting of January 27th, 2005. Along the way it has spawned several conference tutorials as well as The Book of PF (http://nostarch.com/pf2.htm) (second edition, No Starch Press November 2010), which expands on all topics mentioned in this document presents several topics that are only hinted at here.
    [Show full text]
  • Linux Loadable Kernel Module HOWTO
    Linux Loadable Kernel Module HOWTO Bryan Henderson 2006−09−24 Revision History Revision v1.09 2006−09−24 Revised by: bjh Fix typos. Revision v1.08 2006−03−03 Revised by: bjh Add copyright information. Revision v1.07 2005−07−20 Revised by: bjh Add some 2.6 info and disclaimers. Update references to Linux Device Drivers book, Linux Kernel Module Programming Guide. Revision v1.06 2005−01−12 Revised by: bjh Cover Linux 2.6 briefly. Update hello.c and reference to Lkmpg. Add information about perils of unloading. Mention dmesg as way to see kernel messages. Revision v1.05 2004−01−05 Revised by: bjh Add information on module.h and −DMODULE. Fix tldb.org to tldp.org. Add information on kallsyms. Revision v1.04 2003−10−10 Revised by: bjh Fix typo: AHA154x should be AHA152x Add information on what module names the kernel module loader calls for. Add information on what an LKM does when you first load it. Add information on loop module. Change linuxdoc.org to tldp.org. Revision v1.03 2003−07−03 Revised by: bjh Update on kernels that don't load into vmalloc space. Add explanation of "deleted" state of an LKM. Explain GPLONLY. Revision v1.02 2002−05−21 Revised by: bjh Correct explanation of symbol versioning. Correct author of Linux Device Drivers. Add info about memory allocation penalty of LKM vs bound−in. Add LKM−to−LKM symbol matching requirement. Add open source licensing issue in LKM symbol resolution. Add SMP symbol versioning info. Revision v1.01 2001−08−18 Revised by: bjh Add material on various features created in the last few years: kernel module loader, ksymoops symbols, kernel−version−dependent LKM file location.
    [Show full text]