How do I view log of dropped IP from default /var/log/pflog file?

Use tcpdump command to read a log file:
# tcpdump -n -e -ttt -r /var/log/pflog
# tcpdump -n -e -ttt -r /var/log/pflog port 80
# tcpdump -n -e -ttt -r /var/log/pflog and host 202.33.1.2
You can also view log in real time, enter:
# tcpdump -n -e -ttt -i pflog0
# tcpdump -n -e -ttt -i pflog0 port 80
# tcpdump -n -e -ttt -i pflog0 host 202.33.1.2

“How to”Patching OpenBSD 4.2 kernel and packages

cd /usr/src
wget ftp://ftp3.usa.openbsd.org/pub/OpenBSD/4.2/sys.tar.gz
wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/004_pf.patch
wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/005_ifrtlabel.patch
wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/007_tcprespond.patch
wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/008_ip6rthdr.patch
tar zxvf sys.tar.gz
patch -p0 < 004_pf.patch
patch -p0 < 005_ifrtlabel.patch
patch -p0 < 007_tcprespond.patch
patch -p0 < 008_ip6rthdr.patch
cd /usr/src/sys/arch/`arch -s`/conf
config GENERIC && cd ../compile/GENERIC
make depend && make && sudo make install
reboot

pf.conf specified by using these operators

Ports and ranges of ports are specified by using these operators:

= (equal)
!= (unequal)
< (less than)
<= (less than or equal)
> (greater than)
>= (greater than or equal)
: (range including boundaries)
>< (range excluding boundaries)
<> (except range)

><, <> and : are binary operators (they take two arguments). For instance:

port 2000:2004
means `all ports >= 2000 and <= 2004′, hence ports
2000, 2001, 2002, 2003 and 2004.

port 2000 __ 2004
means `all ports > 2000 and < 2004′, hence ports 2001,
2002 and 2003.

port 2000 __ 2004
means `all ports < 2000 or > 2004′, hence ports 1-1999
and 2005-65535.

Color ls on OpenBSD

1. cd /usr/ports/sysutils/colorls
2. make install
3. set your TERM to wsvt25
4. /usr/local/bin/colorls -G should now display similar to the GNU ls with the color option
5. Set the appropriate alias for your shell.

vi .profile

export PS1=’\u@\h \w # ‘
export TERM=wsvt25
alias ls=’/usr/local/bin/colorls -G’
:wq!

done now with ls color

Useful geology commands

# To update the pf.conf-test file, copy the ruleset to the clipboard
# then use the following command then insert the new ruleset and save: rm /etc/pf.conf-test ; vi /etc/pf.conf-test

# To check syntax of the new pf.conf-test file. type:

pfctl -n -f /etc/pf.conf-test

# To load the updated pf.conf-test file into pf. type:

pfctl -F all ; pfctl -f /etc/pf.conf-test

# To clear the /var/log/pflog file and restart logging. type:

cat /dev/null > /var/log/pflog ; kill -HUP `cat /var/run/pflogd.pid`

# To view the current contents of the ssh bruteforce memory table, type:

pfctl -t bruteforce -T show

# To view the current contents of the badhosts memory table, type:

pfctl -t badhosts -T show

# To view the current contents of the badhosts memory table, with statistics, type:

pfctl -t badhosts -T show -v

# To reload the /etc/badhosts file into pf after updating the file, type:

pfctl -t badhosts -T replace -f /etc/badhosts

# To view addresses in the spamd-white table, type:

pfctl -t spamd-white -T show

# To load a new IP address into the spamd-white table, type:

pfctl -t spamd-white -T add ip-address

# To view blocked egress packets, assuming you default block out rule is “Rule 3″ and logging is enabled, type:

tcpdump -n -e -ttt -r /var/log/pflog > /tmp/blockout ; grep rule\ 3/ /tmp/blockout

pfctl -g -s rules| grep ‘^@’pfctl -sn
pfctl -sr
pfctl -ss
pfctl -si
pfctl -sa
pfctl -s rules -vv
pfctl -s queue -v
pfctl -s queue -v
netstat -s -ppfsync
pfctl -vsq
pfctl -vs Tables

Load Balancer
pftop -w 150 -a -b
pftop -w 150 -a -b -v long
pftop -w 150 -a -b -v queue
pftop -w 150 -a -b -v rules
pftop -w 150 -a -b -v size
pftop -w 150 -a -b -v speed

Create cd installer OpenBSD 4.2

IMPORTANT NOTE: Starting in OpenBSD v4.2 you can now just download the bootable iso “install42.iso” if you DO NOT want to customize your cd image. The “install42.iso” image has all of the files you need to install OpenBSD.

Make a bootable OpenBSD ISO image.

Note: Make sure that you have mkisofs and ncftpget installed before starting.

First we need to make a directory structure that will hold the files that we will be downloading from the OpenBSD mirror closest to you.

Read more »

Remote Upgrade of OpenBSD 4.1 to 4.2

The first assumption is that you have a remote OpenBSD server running 4.1 with a serial port console.

Before you start, read the OpenBSD 4.2 upgrade faq here . For the most part, you will be following that faq. This is simply a supplemental guide to get things rolling…

I’m upgrading a i386 system. bsd.rd is the install/upgrade kernel. If we already have a remote system running, we can upgrade bsd.rd first, then boot from it and upgrade the rest of the system.

Read more »

Building A OpenBSD-4.2-current (patched) CD

I have to update several OpenBSD systems so I find it easiest to make a 4.2-current (patched) distribution. This can also be burned to a cd so new installs or upgrades via cd are also patched.

So, I have just upgraded to 4.2 OpenBSD. I am now going to build a patched distribution, patching the system in the process.

Let’s do it:

Read more »

How to build a STABLE OpenBSD Install CD from source

Ever needed a personal STABLE OpenBSD install CD? Sure, we all have especially those tranny loving grannies.

It’s important to note that there are no official full CD install ISO’s of OpenBSD available for download, which is on purpose. Please respect Theo’s wishes and his copyright to the filesystem layout and be sure to order your official install CDs and support the project.

This howto assumes that you already have OpenBSD Installed with the needed development tools. It also assumes that all of the commands below are run as root. Not all commands need to be run as root, but in the interest of simplifying this howto I assume you either know when to use sudo or you’ve su’ed to root before any of the steps below.

Read more »