OpenBSD
From Nerdica Wiki
Revision as of 22:04, 23 January 2012 by Travis (Talk | contribs) (→Tables: Adjusted location of tables files.)
Packet Filter
Logs
Real-time display of Packet Filter Logs:
sudo tcpdump -n -e -ttt -i pflog0 src host not 174.0.204.1
Tables
Update/replace a table:
sudo pfctl -t retards -T replace -f /etc/pf.d/tables/blacklist.txt
Display a table called 'retards':
pfctl -t retards -T show
Show the current state table:
sudo pfctl -s state sudo pfctl -ss
Configuration Files
Load a Packet Filter configuration file:
pfctl -f /etc/pf.conf
Parse a configuration file but do not load it:
pfctl -nf /etc/pf.conf
Load only the NAT rules from the file:
pfctl -Nf /etc/pf.conf
Load only the filter rules from the file:
pfctl -Rf /etc/pf.conf
Show states
Show the current NAT rules:
pfctl -sn
Show current filter rules:
pfctl -sr
Show filter stats and counters:
pfctl -si
Show everything it can show:
pfctl -sa
Updating OpenBSD Via Source
Grab source from CVS
First Time
For -current:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P src
For -stable:
cd /usr cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P src
Updating
For -current:
cd /usr/src cvs -q up -Pd
For -stable:
cd /usr/src cvs -q up -rOPENBSD_4_5 -Pd
Rebuilding the Kernel
# cd /usr/src/sys/arch/i386/conf # /usr/sbin/config GENERIC # cd /usr/src/sys/arch/i386/compile/GENERIC # make clean && make depend && make
Rebooting with the new kernel
# cd /usr/src/sys/arch/i386/compile/GENERIC # make install (Safely install new kernel) # reboot
Rebuilding the userland binaries
# rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs # cd /usr/src # make build
Updating Ports Via CVS
First Time
For -current:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -P ports
For -stable:
# cd /usr # cvs -qd anoncvs@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_4_5 -P ports
Updating
For -current:
# cd /usr/ports # cvs -q up -Pd
For -stable:
# cd /usr/ports # cvs -q up -rOPENBSD_4_5 -Pd
Hardware Sensors
Check hardware sensors
# sysctl -a | grep "hw.sensors"