[Tor-BSD] OpenBSD pf rules...

Seth list at sysfu.com
Fri Dec 12 16:57:20 EST 2014


On Fri, 12 Dec 2014 13:52:06 -0800, Libertas <libertas at mykolab.com> wrote:
> Do you know what caused the kernel panic?

It's hard to say for sure, but I had hunch it had to do with the ulimit  
being set too high.

So I dialed it back down to 4Xs the default of 1024, instead of 8xs.

> I'm pretty sure that the Fast flag is granted based on advertised
> bandwidth, not consensus bandwidth:
>
> https://trac.torproject.org/projects/tor/ticket/1854
>
> This is most apparent in the fact that a new relay will often get the
> Fast flag hours after being started, while its consensus bandwidth is
> still 20 KB/s.

Ah, thanks for pointing out the difference, I was not aware of that.

Earlier you were asking about what benefits OpenBSD egress filtering  
provides.

Is it possible that the OpenBSD PF would help guard against malformed  
packet attacks like the ones discussed here?  
https://news.ycombinator.com/item?id=8579280


More information about the Tor-BSD mailing list